samba - Feb 2016 - Windows 10 - samba domain

Hi
I have set up a domain using samba-tool on debian jessie. It seems to work,
i cant administrate from terminal whit samba-tool and from winxp, but if i
join whit win10 i have much trouble.
I cant change password, i cant add users....
Someone knows whats the problem?

/etc/samba/smb.conf
[global]
        workgroup = LAN
        realm = lan.local
        netbios name = C3PO
        server role = active directory domain controller
        dns forwarder = 192.168.1.1

[netlogon]
        path = /var/lib/samba/sysvol/lan.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[shared]
        comment = Shared Folder
        path = /media/shared
        read only = No
        directory mask = 0770
        create mask = 0770

[Users]
        directory_mode : parameter = 0700
        read only = no
        path = /media/users
        csc policy = documents

/etc/hosts:
127.0.0.1       localhost
127.0.1.1       c3po.lan        c3po
192.168.1.10    c3po.lan.local  c3po

/etc/krb5.conf:
[libdefaults]
        default_realm = LAN.LOCAL
        dns_lookup_realm = true
        dns_lookup_kdc = true

On 22/02/16 08:58, Oskar Perger wrote:
> Hi
> I have set up a domain using samba-tool on debian jessie. It seems to work,
> i cant administrate from terminal whit samba-tool and from winxp, but if i
> join whit win10 i have much trouble.
> I cant change password, i cant add users....
> Someone knows whats the problem?
>
> /etc/samba/smb.conf
> [global]
>          workgroup = LAN
>          realm = lan.local
>          netbios name = C3PO
>          server role = active directory domain controller
>          dns forwarder = 192.168.1.1
>
> [netlogon]
>          path = /var/lib/samba/sysvol/lan.local/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> [shared]
>          comment = Shared Folder
>          path = /media/shared
>          read only = No
>          directory mask = 0770
>          create mask = 0770
>
> [Users]
>          directory_mode : parameter = 0700
>          read only = no
>          path = /media/users
>          csc policy = documents
>
> /etc/hosts:
> 127.0.0.1       localhost
> 127.0.1.1       c3po.lan        c3po
> 192.168.1.10    c3po.lan.local  c3po
>
> /etc/krb5.conf:
> [libdefaults]
>          default_realm = LAN.LOCAL
>          dns_lookup_realm = true
>          dns_lookup_kdc = true
Is this Ubuntu ?
Is your dns domain really 'lan.local' ?
If so, did you miss that it is a bad idea to use .local ?
If you are really using a .local dns name, turn off Avihi.
Next, stop Network-Manager using dnsmasq (open up its conf file and 
comment out 'dnsmasq', then restart network-manager)
Now remove the '127.0.1.1' line from /etc/hosts
Change (in /etc/krb5.conf) 'dns_lookup_realm = true' to 
'dns_lookup_realm = false'

See if that helps for a start.

Rowland

On 22/02/16 10:49, Oskar Perger wrote:
> No it is debian jessie...
> I have no dnsmasq installed..
Then why have you got 127.0.1.1 in /etc/hosts ?
dnsmasq won't be running but network manager may be running as a cache 
dns server.
> If it works whitout .local some things probably are easier..
If you can change from .local, this is very recommended
> I have a openwrt router on 192.168.1.1 whitch handles dns requests...
I hope you mean dns request outside the AD domain, your DC should be 
responding to these.

Rowland