Collected config  --- 2019-07-03-22:48 -----------

Hostname: DC3
DNS Domain: lthddom.lthd.com
FQDN: DC3.lthddom.lthd.com
ipaddress: 172.16.0.101

-----------

Samba is running as an AD DC

-----------
       Checking file: /etc/os-release

NAME="Ubuntu"
VERSION="19.04 (Disco Dingo)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 19.04"
VERSION_ID="19.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=disco
UBUNTU_CODENAME=disco

-----------


This computer is running Ubuntu 19.04 x86_64

-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
958: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:10:00:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.16.0.101/16 brd 172.16.255.255 scope global eth0

-----------
       Checking file: /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

172.16.0.1      router.domain.lthd.com          router
172.16.0.71     DC1.lthddom.lthd.com                    DC1
172.16.0.72     DC2.lthddom.lthd.com                    DC2
172.16.0.101    DC3.lthddom.lthd.com                    DC3

-----------

       Checking file: /etc/resolv.conf

# Generated by NetworkManager
search lthddom.lthd.com domain.lthd.com dev.lthddom.lthd.com dev.domain.lthd.com lthd.com

nameserver 172.16.0.101
nameserver 172.16.0.71

-----------

       Checking file: /etc/krb5.conf

[libdefaults]
        default_realm = LTHDDOM.LTHD.COM
        dns_lookup_realm = false
        dns_lookup_kdc = true

-----------

       Checking file: /etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:      files winbind systemd
shadow:     files
group:       files winbind systemd

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus

-----------

       Checking file: /etc/samba/smb.conf

# Global parameters
[global]
        workgroup = LTHDDOM
        realm = LTHDDOM.LTHD.COM
        netbios name = DC3
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = Yes

        tls enabled = Yes
        tls keyfile = tls/key.pem
        tls certfile = tls/cert.pem
        tls cafile = tls/ca.pem

        winbind enum users = Yes
        winbind enum groups = Yes

        invalid users = +"smb denyed users"

        vfs objects = acl_xattr dfs_samba4
        map acl inherit = Yes
        store dos attributes = Yes


        hide dot files = No

        host msdfs = Yes

        csc policy = disable

;       ntlm auth = mschapv2-and-ntlmv2-only
        ntlm auth = yes


[netlogon]
        path = /var/lib/samba/sysvol/lthddom.lthd.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[dfs]
        read only = No
        msdfs root = Yes
        msdfs proxy = \dc1.lthddom.lthd.com\shares,\dc2.lthddom.lthd.com\shares

[shares]
        path = /var/lib/samba/shares
        read only = No
        msdfs root = Yes
        browsable = No

-----------

BIND_DLZ not detected in smb.conf

-----------

Installed packages:
ii  attr                          1:2.4.48-4                        amd64        utilities for manipulating filesystem extended attributes
ii  krb5-config                   2.6build1                         all          Configuration files for Kerberos Version 5
ii  krb5-locales                  1.17-1                            all          internationalization support for MIT Kerberos
ii  krb5-user                     1.17-1                            amd64        basic programs to authenticate using MIT Kerberos
ii  libacl1:amd64                 2.2.53-4                          amd64        access control list - shared library
ii  libattr1:amd64                1:2.4.48-4                        amd64        extended attribute handling - shared library
ii  libgssapi-krb5-2:amd64        1.17-1                            amd64        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-26-heimdal:amd64      7.5.0+dfsg-2.1                    amd64        Heimdal Kerberos - libraries
ii  libkrb5-3:amd64               1.17-1                            amd64        MIT Kerberos runtime libraries
ii  libkrb5support0:amd64         1.17-1                            amd64        MIT Kerberos runtime libraries - Support library
ii  libnss-winbind:amd64          2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba nameservice integration plugins
ii  libpam-winbind:amd64          2:4.10.0+dfsg-0ubuntu2.2          amd64        Windows domain authentication integration plugin
ii  libwbclient0:amd64            2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba winbind client library
ii  python-attr                   18.2.0-1                          all          Attributes without boilerplate (Python 2)
ii  python3-samba                 2:4.10.0+dfsg-0ubuntu2.2          amd64        Python 3 bindings for Samba
ii  samba                         2:4.10.0+dfsg-0ubuntu2.2          amd64        SMB/CIFS file, print, and login server for Unix
ii  samba-common                  2:4.10.0+dfsg-0ubuntu2.2          all          common files used by both the Samba server and client
ii  samba-common-bin              2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba common files used by both the server and the client
ii  samba-dsdb-modules:amd64      2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba Directory Services Database
ii  samba-libs:amd64              2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba core libraries
ii  samba-vfs-modules:amd64       2:4.10.0+dfsg-0ubuntu2.2          amd64        Samba Virtual FileSystem plugins
ii  winbind                       2:4.10.0+dfsg-0ubuntu2.2          amd64        service to resolve user and group information from Windows NT servers

-----------