Windows 8 – How to Join and Use Windows 8/8.1 with Samba 4

active-directorysambawindows 8

It seems that Samba doesn't like me at all. I've followed various tutorials and I can't get Windows 8 to work properly with a Ubuntu Server as domain controller. This week i've downloaded ubuntu 14.04 lts and set a fast domain configuration. As usual all other Windows version (XP and 7) work but the newest M$ nightmare doesn't. In this try it doesn't even join the domain, keeps saying the my username or password are wrong.

My /etc/samba/smb.conf

# Global parameters
        workgroup = DOMAIN
        realm = DOMAIN.LAN
        netbios name = DOM
        server role = active directory domain controller
        dns forwarder =
        idmap_ldb:use rfc2307 = yes

        path = /var/lib/samba/sysvol/domain.lan/scripts
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

        path = /SHARES/test
        read only = no

Does anyone have a tutorial that really works? Because I've tried many, each one with different configurations that works only with the people that made them.

And is there a way to import my old AD users, computers and ID in a way that I won't need to rejoin all computers?


Now I've tested various versions since 4.0.0 (final version) to 4.1.9, all working with Windows 8.1.

Make sure that acl and attr are installed and are set in the /etc/fstab file:

# / was on /dev/sda1 during installation
/dev/sda1 /               ext4    user_xattr,acl,barrier=1,errors=remount-ro 0       1

Remount using:

mount -o remount,rw /

I also add the wins option to the /etc/nsswitch.conf file:

hosts:          files wins dns

Provisioning a domain with:

$ samba-tool domain provision --domain=domain --adminpass=Abc12345 --server-role=dc --realm=domain.lan --dns-backend=SAMBA_INTERNAL

The /etc/samba/smb.conf:


# Global parameters
    workgroup = DOMAIN
    realm = DOMAIN.LAN
    netbios name = DOM
    server role = active directory domain controller
    dns forwarder =

    path = /var/lib/samba/sysvol/domain.lan/scripts
    read only = No

    path = /var/lib/samba/sysvol
    read only = No

Setting the complete name in /etc/hosts: dom dom.domain.lan dom

and /etc/hostname:


Setting the static IP address:

auto eth0
 iface eth0 inet static
 dns-search domain.lan

and copying the generated /var/lib/samba/private/krb5.conf to /etc

Best Answer

Assuming there is no version issue with Samba, ensure that your clocks are within the allowable threshold. Time has caused me this exact same issue a number of times. With 4.1.7 my 8 and now 8.1 machine was able to join and login.

looking deeper at your config, the realm could be the issue.

There is a problem with Windows 8, where Microsoft raises new domain name policy. When a domain contain a dot (".") in its name (ie., Windows 8 treat this name as a Active Directory name and is trying to contact Kerberos/LDAP server even there is none. So this is impossible to join this domain and there is no known fix or workaround yet.


Related Question