I'm trying to setup a Samba4 Active Directory server.
I've gotten the server running, the IP addresses resolve
properly. The Windows10 client can join the domain.
I've run the basic checks that seem to be listed
on the samba wiki and get the expected results.
I've modified nsswitch.conf to include winbind on the
passwd and group lines.
I've made sure all machines are pointing to the same
NTP server so that time is synched
I've created a user using -> samba-tool user create jdoe
I've added the computer using -> samba-tool computer create MACHINE01
I've created a "test-share" with ownership set to the
group "Domain Users":
[Test-Share]
path = /home/test-share
writable = yes
create mode = 0770
directory mode = 0770
guest ok = no
When I run Server Manager in Win10 I get an error that
states: "Kerberos authentication error"
When I try to login with the user, Windows gives me this:
"We can't sign you in with this credential because your
domain isn't available. Make sure your device is connected
to your organization's network and try again."
Login authentication didn't seem to work before I
added the test-share either.
What did I miss?
On Wed, 5 Dec 2018 09:41:13 -0500 Marco Shmerykowsky via samba <samba at lists.samba.org> wrote:> I'm trying to setup a Samba4 Active Directory server. > > I've gotten the server running, the IP addresses resolve > properly. The Windows10 client can join the domain. > I've run the basic checks that seem to be listed > on the samba wiki and get the expected results. > > I've modified nsswitch.conf to include winbind on the > passwd and group lines. > > I've made sure all machines are pointing to the same > NTP server so that time is synched > > I've created a user using -> samba-tool user create jdoe > > I've added the computer using -> samba-tool computer create MACHINE01 > > I've created a "test-share" with ownership set to the > group "Domain Users": > > [Test-Share] > path = /home/test-share > writable = yes > create mode = 0770 > directory mode = 0770 > guest ok = no > > When I run Server Manager in Win10 I get an error that > states: "Kerberos authentication error" > > When I try to login with the user, Windows gives me this: > > "We can't sign you in with this credential because your > domain isn't available. Make sure your device is connected > to your organization's network and try again." > > Login authentication didn't seem to work before I > added the test-share either. > > What did I miss? >You missed posting your smb.conf for a start ;-) Did you actually join the Win10 machine to the domain ? Creating it with samba-tool isn't enough. Rowland
On Wed, December 5, 2018 9:52 am, Rowland Penny via samba wrote:> On Wed, 5 Dec 2018 09:41:13 -0500 > Marco Shmerykowsky via samba <samba at lists.samba.org> wrote: > >> I'm trying to setup a Samba4 Active Directory server. >> >> I've gotten the server running, the IP addresses resolve >> properly. The Windows10 client can join the domain. >> I've run the basic checks that seem to be listed >> on the samba wiki and get the expected results. >> >> I've modified nsswitch.conf to include winbind on the >> passwd and group lines. >> >> I've made sure all machines are pointing to the same >> NTP server so that time is synched >> >> I've created a user using -> samba-tool user create jdoe >> >> I've added the computer using -> samba-tool computer create MACHINE01 >> >> I've created a "test-share" with ownership set to the >> group "Domain Users": >> >> [Test-Share] >> path = /home/test-share >> writable = yes >> create mode = 0770 >> directory mode = 0770 >> guest ok = no >> >> When I run Server Manager in Win10 I get an error that >> states: "Kerberos authentication error" >> >> When I try to login with the user, Windows gives me this: >> >> "We can't sign you in with this credential because your >> domain isn't available. Make sure your device is connected >> to your organization's network and try again." >> >> Login authentication didn't seem to work before I >> added the test-share either. >> >> What did I miss? >> > > You missed posting your smb.conf for a start ;-) > > Did you actually join the Win10 machine to the domain ? > Creating it with samba-tool isn't enough. > > RowlandSmb.conf (domain names made 'generic'): # Global parameters [global] dns forwarder = 4.2.2.2 netbios name = MACHINE254 realm = INTERNAL.COMPANY.COM server role = active directory domain controller workgroup = INTERNAL idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/internal.company.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [Test-Share] path = /home/test-share writable = yes create mode = 0770 directory mode = 0770 guest ok = no Windows reported that the machine joined the domain when I used the windows interface at System Properties -> Computer Name.