Domain don't work after fresh install

From fresh install of UCS 5
after building a PDC with the right DNS on my client (Windows 10) I’m unable join the domain or access any share, but when I build a samba-dc on ubuntu 20.04LTS my windows 10 client join it without any issue.

smbclient from the server itself
after a reboot, from the server, it tried

smbclient -L
smbclient -L
smbclient -L IP
smbclient -LH IP
smbclient -LH IP -U Administrator
but always have : NT_STATUS_ACCESS_DENIED

  • but if I install xfce on the server I’m able to connect with a LDAP user.
  • I build another univention, and he was able to join the domain as BDC (Backup) and the database is synching.
  • I scanned the server (PDC) with nmap and all ports seams open

  • did you see that behaviour before ?
  • which other test I could do

You need to install samba through the univention app center per “Active Directory komapatibler Domainkontroller”



1 Like

I installed UCS5 (on PVE7), with Samba4 (Active Directory Domainkontroller) and DHCP-Server. Configured DNS, DHCP, NTP. I set up a Linux Mint 20.2 mate client with samba, nfs, univention-domain-join, configured ntp. I switched off the other DHCP and DNS. Then I set up a share on UCS. Then I logged in into the linux client with a user from the domain, but I can not see the share, nor smb nor nfs. I tried everything, read the manual, searched the forum and the internet … now for more than a week… I am about to resign.
Anyway: is it possible somehow to use a UCS-smb-nfs-share without domain-join on a linux client?

there is no smb browsing anymore with actual smb versions (was only with the insecure smb1)
you must enter the smb path in nemo smb://fqdn-of-ucs-server/

then you should see the shares

for automount the shares on login you may use pam-mount (this has to be installed with apt) then you may edit /etc/security/pam_mount.conf.xml and add the mountpoint like:

<volume fstype="cifs" server="" path="DATEN" mountpoint="~/daten"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>

where ~/daten mounts the share into the home folder of the current login user as daten folder


@externa1 thanks Christian for your advice, I’ll try that today :wink: