Re: [Samba] Samba Active Directory Domain Controller
- Date: Thu, 4 May 2017 08:22:35 -0400
- From: lingpanda101 via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba Active Directory Domain Controller
On 5/4/2017 3:37 AM, Anantha Raghava wrote:
Real quick before I get around to looking at your attachments. I will
advise you that password complexity requirements are handled by
samba-tool and not GPO's. Issue the following command on your DC's to
view them. They are also changed here as well.
Thanks for your quick response.
Find attached smb.conf file from DC1 and DC2. Also attached the screen
shot of the event viewer from the workstation.
At the moment, we have brought down the DC3 and DC4 in another
location and observed that DC2 is unable to replicate get the
information from DC1 or send the information to DC1. It appears
replication is working in background but it is taking a long time.
When try to use samba-tool drs command, it throws errors.
Also, randomly, users are not allowed to change their password. It
throws error like "either your password does not meet complexity,
length or history requirement". "Workstation relationship with Domain
is not trusted" is another error message that occasionally throws up.
Another observation is even though PDC emulator and all FSMO roles are
with DC1, users are logged into DC2. Any change made to user
credential, above error is thrown. Output of FSMO role display from
DC1 is attached for your information.
In our group policy, we have disabled complexity requirements, length
is set to 7 characters.
There is no clear pattern to its behavior, making it difficult to
analyse the issue and fix them.
Look forward for your assistance in figuring out what is happening and
7000 People from nearly 700 location use these domain controllers.
This is turning out be very critical issue.
Thanks & Regards,
eXzaTech Consulting And Services Pvt. Ltd.
This e-mail communication and any attachments may be privileged and
confidential to eXza Technology Consulting & Services, and are
intended only for the use of the recipients named above If you are not
the addressee you may not copy, forward, disclose or use any part of
it. If you have received this message in error, please delete it and
all copies from your system and notify the sender immediately by
return e-mail. Internet communications cannot be guaranteed to be
timely, secure, error or virus-free. The sender does not accept
liability for any errors or omissions.
Do not print this e-mail unless required. Save Paper & trees.
On Thursday 04 May 2017 01:27 AM, lingpanda101 via samba wrote:
On 5/3/2017 2:00 PM, Anantha Raghava via samba wrote:
I have implemented Samba as Active Directory Domain Controller with
Version 4.6.3 on CentOS 7.3, el-514. We have 4 domain controllers
named as DC1, DC2, DC3 and DC4. DC1 & 2 are in one location and DC3
& 4 are in a different location. DNS is SAMBA INTERNAL. All 4
servers are properly synchronizing and even GPO updates are working
properly with rsync process.
However, off late we have been noticing that on some Windows XP with
Service Pack 3 and Windows 7 with Service Pack 1, after joining
domain, when user is logging in for the first time, as per policy,
the DC will force the user to change their password. When user
changes password, PC reports, cannot reach domain or your
relationship with DC is not trusted and it happens randomly for some
We are unable to figure out what's happenning.
Can some one guide us in figuring out and fixing this issue?
Thanks in advance.
Can you provide your smb.conf on one of your DC's? Are you able to
look through event viewer on the workstation exhibiting the issue and
see anything relevant?
'samba-tool domain passwordsettinsg show'
To unsubscribe from this list go to the following URL and read the