Problem:

The user login to a Windows system doesn’t work.

Solution:

Problems during Windows login can have different causes:

1. Incorrect DNS configuration / DNS entries

The Windows client should use a UCS domain controller as its DNS server. No servers which no longer exist or which are currently shut down should be defined in the DNS record of the domain and in the DNS SRV records. This can be checked as follows

host $(dnsdomainname)
host -al $(dnsdomainname) | grep " SRV "

The Windows client has to use the UCS system as DNS server for IPv4 and IPv6. It is recommended to use tools like wireshark to ensure that.

2. Incorrect time setting on Windows client

The Windows client should display the same time as is set on the UCS domain controllers. Attention should also be paid to the time zone. (When they join an AD-compatible domain Windows clients configure their local time service (w32time) as standard in such a way that the time is procured from one of the domain controllers via NTP). The output can be checked on a Windows client as a local Windows administrator with the following command:

w32tm /resync /rediscover

If this is not the case, the following four commands can be used to configure the time service on the Windows client:

w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
w32tm /resync /rediscover

3. Samba at logon server

Is the used samba logon server responding? Can shared files be accessed?

root@master:~# smbclient -UAdministrator //$(ucr get hostname)/sysvol -c quit
Domain=[MEMBER] OS=[Unix] Server=[Samba 4.1.0-Debian]
root@master:~#  

In addition to these steps a local windows logon should be checked to verifiy that the issue is domain related.

Should these points not be successful, the debug level of the Samba service can be increased and the log output checked for further errors:

ucr set samba/debug/level=4
/etc/init.d/samba4 restart
less /var/log/samba/log.samba