I discovered this amazing tool 2 days ago.
Then I installed the version: UCS 4.2 by following the YouTube tutorial below:
DNS server, SSH and Web Management console, among others, works properly (checked).
I also installed the following applications/plugins:
Active Directory Connection
Active Directory Takeover
Active Directory-compatible Domain Controller
DHCP server
as you can see on the following image:
I have the following Linux distribution:
root@ucs:~# cat /etc/*-release
DISTRIB_ID=Univention
DISTRIB_RELEASE="4.2-2 errata159"
DISTRIB_CODENAME=Lesum
DISTRIB_DESCRIPTION="Univention Corporate Server 4.2-2 errata159 (Lesum)"
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
and the following Samba version:
root@ucs:~# samba -V
Version 4.6.1-Debian
As I said above, on this Linux machine I have configured the package:
Active Directory-compatible Domain Controller
I configured one user there: myuser which is under the group: Domain Users.
My problem is, when trying to connect from Windows 7 or Windows 10 to the local domain defined there: mydomain.intranet
I get the error:
The join operation was not successful. This could be because an existing computer account having name "MYUSER-PC" was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any stale conflicting account. The error was:
Access is denied
as you can see on the following image:
I think one other interesting detail is that if I set a wrong password for the above existing user, I get the following message, so the system is able to know if the password is right or not.
Below you have a fragment of the samba error log file on the UCS 4.2 server:
[2017/09/11 19:28:10.549384, 3, pid=13368] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088297
[2017/09/11 19:28:10.551776, 3, pid=13368] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[myuser] domain=[mydomain.intranet] workstation=[DELL-INSPIRON] len1=24 len2=326
[2017/09/11 19:28:10.551800, 3, pid=13368] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user [mydomain.intranet]\[myuser]@[DELL-INSPIRON]
auth_check_password_send: mapped user is: [MYDOMAIN]\[myuser]@[DELL-INSPIRON]
[2017/09/11 19:28:10.552319, 3, pid=13368] ../libcli/auth/ntlm_check.c:397(ntlm_password_check)
ntlm_password_check: NTLMv2 password check failed
[2017/09/11 19:28:10.552331, 3, pid=13368] ../libcli/auth/ntlm_check.c:442(ntlm_password_check)
ntlm_password_check: Lanman passwords NOT PERMITTED for user myuser
[2017/09/11 19:28:10.552360, 3, pid=13368] ../libcli/auth/ntlm_check.c:586(ntlm_password_check)
ntlm_password_check: LM password, NT MD4 password in LM field and LMv2 failed for user myuser
[2017/09/11 19:28:10.552481, 2, pid=13368] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv)
auth_check_password_recv: sam_ignoredomain authentication for user [MYDOMAIN\myuser] FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/09/11 19:28:10.552503, 2, pid=13368] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
[2017/09/11 19:28:10.552532, 3, pid=13368] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/09/11 19:28:10.555454, 3, pid=13368] ../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
I have repeated the installation process of UCS 4.2 from the begining 3 different times in 2 different computers getting the same problem.
Any idea on how to troubleshoot this?
Thanks.