I looked into Windows EventViewer and I found 'Invalid Credentials'.
But I do not know how to deal with it. I have authenticated with
Domain Controller, why is it saying 'Invalid Credentials'?
- System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}
EventID 1006
Version 0
Level 2
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2019-04-29T20:16:23.376718300Z
EventRecordID 2164
- Correlation
[ ActivityID] {c01dfdd1-5771-42cc-913e-251a86edcb5e}
- Execution
[ ProcessID] 1020
[ ThreadID] 228
Channel System
Computer wks0.msi.company.com
- Security
[ UserID] S-1-5-21-3407800973-3157138678-394113442-1106
- EventData
SupportInfo1 1
SupportInfo2 6191
ProcessingMode 2
ProcessingTimeInMilliseconds 3063
ErrorCode 49
ErrorDescription Invalid Credentials
DCName
> From: Durwin De La Rue/Mgtsciences/US
> To: samba at lists.samba.org
> Date: 04/29/2019 01:39 PM
> Subject: Group policies are not applied
>
> I have hollowed these instructions.
> https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-
> samba-AD_DC.txt
>
> My normal domain is company.com. For the Samba domain it is
msi.company.com.>
> DNS is working. I ran these commands.
> host -t SRV _ldap._tcp.msi.company.com.
> _ldap._tcp.msi.company.com has SRV record 0 100 389 dc0.msi.company.com.
>
> host -t SRV _kerberos._udp.msi.company.com.
> _kerberos._udp.msi.company.com has SRV record 0 100 88
dc0.msi.company.com.>
> host -t A dc0.msi.company.com.
> dc0.msi.company.com has address 172.23.93.25
>
> host -t A msi.company.com
> msi.company.com has address 172.23.93.25
>
> host -t A dc0.msi.company.com
> dc0.msi.company.com has address 172.23.93.25
>
> host -t SRV _kerberos._udp.msi.company.com
> _kerberos._udp.msi.company.com has SRV record 0 100 88
dc0.msi.company.com.>
> host -t SRV _ldap._tcp.msi.company.com
> _ldap._tcp.msi.company.com has SRV record 0 100 389 dc0.msi.company.com.
>
> I can even resolve machines on company.com
>
> I can join msi domain, add and modify users, but Group Policies are
> not applied. I can even logon with created user.
>
> These are Group Policies I added.
> Add a Group Policy for adding Domain Users to local Admin group.
> https://wiki.samba.org/index.php/
> Managing_local_groups_on_domain_members_via_GPO_restricted_groups
>
> And this one to display logon message. Scroll down to 'Step 3:
> Domain Group Policy Management'
> https://www.tecmint.com/manage-samba4-dns-group-policy-from-windows/
>
> Here is my smb.conf file to start with. I don't know what else to
> send at this time.
>
> Ub18.04> less /etc/samba/smb.conf
> # Global parameters
> [global]
> netbios name = DC0
> realm = MSI.COMPANY.COM
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = MSI
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/msi.company.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> Thank you,
>
> Durwin
>
>
> This email message and any attachments are for the sole use of the
> intended recipient(s) and may contain proprietary and/or
> confidential information which may be privileged or otherwise
> protected from disclosure. Any unauthorized review, use, disclosure
> or distribution is prohibited. If you are not the intended recipient
> (s), please contact the sender by reply email and destroy the
> original message and any copies of the message as well as any
> attachments to the original message.
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.
