Windows 10 + Samba as a Domain Controller

If you are running a Samba server as a Domain Controller for your network and a new Windows 10 client workstation prevents you from logging in via the following error:

We can't sign you in with this credential because your domain isn't available.  Make sure your device is 
connected to your organization's network and try again.  If you previously signed in on this device with 
another credential, you can sign in with that credential.

The fix is rather simple and a result of using an older configuration file (likely from years of upgrading) without applying the much needed configuration enhancements that come with the later releases.  Add the following to your /etc/samba/smb.conf file and restart both smb and nmb processes:

server max protocol = NT1

Until the RedHat based distributions, including Fedora, are able to support the new Samba-DC implementation the NT4-style is still around for the near term.

The client workstation may need the following as well:



Re-gain permission to a Windows volume

Ever lost Windows access to an entire partition?  It’s not a common issue, but it does creep up with USB drives as they move from one system to another.  If you find yourself in this situation you can take ownership of the entire volume and reset all of the permissions either via the command line (as administrator) as shown below (drive letter in this example is E):


This can also be done via the GUI:

  • Right click on the drive letter in Windows Explorer
  • Select “Properties”
  • Click on the “Security” tab
  • At the bottom of the window that pops up, select “Advanced”
  • In the new window that pops up, click on “Owner”
  • Select “edit”
  • Choose your account name.
  • Clock the checkbox to “Replace owner on subcontainers and objects”
  • Hit Apply.