Samba version: 4.15.0 Windows client version: Windows 10 Pro 21H1 With considerable help from this list I got my Samba AD-DC up and running and added some users: -------------------------- root at samba-dc:/etc# samba-tool user show patrickgoetz dn: CN=patrickgoetz,CN=Users,DC=ea,DC=linuxcs,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: patrickgoetz instanceType: 4 whenCreated: 20211022132810.0Z uSNCreated: 4082 name: patrickgoetz objectGUID: 4804c5ec-b06c-4fca-a89a-636c55a34645 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 primaryGroupID: 513 objectSid: S-1-5-21-119141497-3680845326-3410742159-1104 sAMAccountName: patrickgoetz sAMAccountType: 805306368 userPrincipalName: patrickgoetz at ea.linuxcs.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com userAccountControl: 66048 accountExpires: 0 lastLogonTimestamp: 132793878419244250 pwdLastSet: 132793913687487360 whenChanged: 20211022154928.0Z uSNChanged: 4100 lastLogon: 132793941436045700 logonCount: 9 distinguishedName: CN=patrickgoetz,CN=Users,DC=ea,DC=linuxcs,DC=com -------------------------- And was able to bind my Windows 10 client to the domain (which for some reason took a long time; well over an hour): -------------------------- root at samba-dc:/etc# samba-tool computer show ibs100$ dn: CN=IBS100,CN=Computers,DC=ea,DC=linuxcs,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: IBS100 instanceType: 4 whenCreated: 20211022133340.0Z uSNCreated: 4087 name: IBS100 objectGUID: ece89aa4-3a09-4d17-9924-e1e078e1398c userAccountControl: 4096 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 pwdLastSet: 132793832203610020 primaryGroupID: 515 objectSid: S-1-5-21-119141497-3680845326-3410742159-1105 accountExpires: 9223372036854775807 sAMAccountName: IBS100$ sAMAccountType: 805306369 dNSHostName: ibs100.ea.linuxcs.com servicePrincipalName: HOST/ibs100.ea.linuxcs.com servicePrincipalName: RestrictedKrbHost/ibs100.ea.linuxcs.com servicePrincipalName: HOST/IBS100 servicePrincipalName: RestrictedKrbHost/IBS100 objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com isCriticalSystemObject: FALSE lastLogonTimestamp: 132793854775159630 whenChanged: 20211022141117.0Z operatingSystem: Windows 10 Pro operatingSystemVersion: 10.0 (19043) msDS-SupportedEncryptionTypes: 28 uSNChanged: 4090 lastLogon: 132793935819108290 logonCount: 7 distinguishedName: CN=IBS100,CN=Computers,DC=ea,DC=linuxcs,DC=com -------------------------- However I am unable to do a domain login with this user account using either patrickgoetz or EA\patrickgoetz The response is "The user name or password is incorrect. Try again." As a reality check I used `samba-tool user setpassword patrickgoetz` to reset the password. I ran all the tests suggested on the Samba Wiki to make sure DNS/Kerberos are working correctly on the DC. When I look in the Event log on the Windows 10 client, I see User Device Registration Errors that look like this: -------------------------- Automatic registration failed at join phase. Exit code: Unknown HResult Error code: 0x801c001d Server error: Tenant type: undefined Registration type: undefined Debug Output: joinMode: Join drsInstance: undefined registrationType: undefined tenantType: undefined tenantId: undefined configLocation: undefined errorPhase: discover adalCorrelationId: 36846c7a-1563-414b-bbc3-e84fda33ac37 adalLog: undefined adalResponseCode: 0x0 -------------------------- followed by: -------------------------- Automatic registration failed. Failed to lookup the registration service information from Active Directory. Exit code: Unknown HResult Error code: 0x801c001d. See http://go.microsoft.com/fwlink/?LinkId=623042 -------------------------- The usual helpful Windows error logs. <:) The Windows host has the IP address of the Samba AD-DC set as its primary DNS server. I haven't configured any kind of file sharing service yet, nor install GPO templates, or anything like this. Trying to take it one step at a time. Anyone have any idea why I can't log in?
On Fri, 2021-10-22 at 12:00 -0500, Patrick Goetz via samba wrote:> Samba version: 4.15.0 > Windows client version: Windows 10 Pro 21H1 > > With considerable help from this list I got my Samba AD-DC up and > running and added some users: > > -------------------------- > root at samba-dc:/etc# samba-tool user show patrickgoetz > dn: CN=patrickgoetz,CN=Users,DC=ea,DC=linuxcs,DC=com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: patrickgoetz > instanceType: 4 > whenCreated: 20211022132810.0Z > uSNCreated: 4082 > name: patrickgoetz > objectGUID: 4804c5ec-b06c-4fca-a89a-636c55a34645 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 0 > lastLogoff: 0 > primaryGroupID: 513 > objectSid: S-1-5-21-119141497-3680845326-3410742159-1104 > sAMAccountName: patrickgoetz > sAMAccountType: 805306368 > userPrincipalName: patrickgoetz at ea.linuxcs.com > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com > userAccountControl: 66048 > accountExpires: 0 > lastLogonTimestamp: 132793878419244250 > pwdLastSet: 132793913687487360 > whenChanged: 20211022154928.0Z > uSNChanged: 4100 > lastLogon: 132793941436045700 > logonCount: 9 > distinguishedName: CN=patrickgoetz,CN=Users,DC=ea,DC=linuxcs,DC=com > -------------------------- > > And was able to bind my Windows 10 client to the domain (which for > some > reason took a long time; well over an hour): > > -------------------------- > root at samba-dc:/etc# samba-tool computer show ibs100$ > dn: CN=IBS100,CN=Computers,DC=ea,DC=linuxcs,DC=com > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > objectClass: computer > cn: IBS100 > instanceType: 4 > whenCreated: 20211022133340.0Z > uSNCreated: 4087 > name: IBS100 > objectGUID: ece89aa4-3a09-4d17-9924-e1e078e1398c > userAccountControl: 4096 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 0 > lastLogoff: 0 > pwdLastSet: 132793832203610020 > primaryGroupID: 515 > objectSid: S-1-5-21-119141497-3680845326-3410742159-1105 > accountExpires: 9223372036854775807 > sAMAccountName: IBS100$ > sAMAccountType: 805306369 > dNSHostName: ibs100.ea.linuxcs.com > servicePrincipalName: HOST/ibs100.ea.linuxcs.com > servicePrincipalName: RestrictedKrbHost/ibs100.ea.linuxcs.com > servicePrincipalName: HOST/IBS100 > servicePrincipalName: RestrictedKrbHost/IBS100 > objectCategory: > CN=Computer,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com > isCriticalSystemObject: FALSE > lastLogonTimestamp: 132793854775159630 > whenChanged: 20211022141117.0Z > operatingSystem: Windows 10 Pro > operatingSystemVersion: 10.0 (19043) > msDS-SupportedEncryptionTypes: 28 > uSNChanged: 4090 > lastLogon: 132793935819108290 > logonCount: 7 > distinguishedName: CN=IBS100,CN=Computers,DC=ea,DC=linuxcs,DC=com > -------------------------- > > However I am unable to do a domain login with this user account > using > either patrickgoetz or EA\patrickgoetz > > The response is "The user name or password is incorrect. Try again." > >Sorry, but this is a known problem, a regression was added to 4.15.0, downgrade to 4.14.x until 4.15.1 is released. Rowland