Setting up a new AD DC on Ubuntu 18.04, samba 4.7 from ubuntu's repos and BIND_DLZ. Did a samba-tool domain classicupgrade from an old NT3.x domain, imported users and groups ok.

I am able to join windows workstations, can login with a domain user, etc.

Problem is my user A1\mmerlone, member of 'domain admins' group, cannot open ADUC with the error RPC server is unavailable. If I login with A1\Administrator it works fine.

root@araucaria:/etc/samba# cat smb.conf
    netbios name = ARAUCARIA
    realm = AD.A1.IND.BR
    server role = active directory domain controller
    workgroup = A1
    server services = -dns
    dns forwarder =

    log file = /var/log/samba/%m.log
    log level = 1 auth_audit:3 auth_json_audit:3
    include = /etc/samba/smb.conf.client-%I
    username map = /etc/samba/user.map

    idmap_ldb:use rfc2307 = yes
    idmap config * : backend = tdb

    path = /var/lib/samba/sysvol/ad.a1.ind.br/scripts
    read only = No

    path = /var/lib/samba/sysvol
    read only = No

root@araucaria:/etc/samba#  cat /etc/hosts       localhost.localdomain   localhost araucaria.ad.a1.ind.br araucaria

root@araucaria:/etc/samba# cat /etc/krb5.conf
        default_realm = AD.A1.IND.BR
        dns_lookup_realm = false
        dns_lookup_kdc = true

root@araucaria:/etc/samba# cat /etc/nsswitch.conf | grep -v "^\s*#\|^\s*$"
passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

root@araucaria:/etc/samba# dpkg -l | grep winbind
ii  libnss-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2     amd64        Samba nameservice integration plugins ii  libpam-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2     amd64        Windows domain authentication integration plugin ii  libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.2     amd64        Samba winbind client library ii  winbind 2:4.7.6+dfsg~ubuntu-0ubuntu2.2     amd64        service to resolve user and group information from Windows NT servers

Thanks in advance, let me know if you need further info.

Best regards,

*Marcio Merlone*
