Need help to get Samba working

The story so far:

I have a domain and I want to have 2-way communication between Windows Users and Linux users. After many attempts I got this far

I removed sssd and realmd, installed winbind made this smb.conf:

[global]
workgroup = NETBIOSDOMAIN
security = ADS
realm = XXXX.MYDOMAIN.COM
server string = Samba Client %h

winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
dns proxy = no

idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NETBIOSDOMAIN : backend = rid
idmap config NETBIOSDOMAIN : range = 10000-999999
template shell = /bin/bash

# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map

vfs objects = acl_xattr
map acl inherit = Yes

# Comment the following 4 lines to act as a print server
printcap name = /dev/null
load printers = no
disable spoolss = yes
printing = bsd

# logging
log level = 1
log file = /var/log/samba/%m.log
logging = file

min domain uid = 0

[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S

I created /etc/samba/user.map containing this:

!root = NETBIOSDOMAIN\Administrator

net ads join -UAdministrator

I ran this but used my own login in place of Administrator because I am the Domain Manager We don’t use Adminstrator. (This MAY be a problem) It joined the domain no hassles.

I changed the ‘passwd’ and ‘group’ lines in /etc/nsswitch.conf by adding ‘winbind’ to them.

# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#	nisplus			Use NIS+ (NIS version 3)
#	nis			Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	[NOTFOUND=return]	Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files 
group:       files winbind
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files 

netgroup:   files 

publickey:  nisplus

automount:  files 
aliases:    files nisplus

So far so good.

From a Windows 10 PC, I can connect to root (makes sense as my login name is the Domain Admin). I may have to change this.

From Rocky, I can’t access any machine in the Domain. I cat an empty sheet. Weird because it’s a member of the domain.

Any suggestions musch appreciated.

I have no experience with domains and have no windows machines on my network but I see this issue come up on other forums. I think that it may have to do with the allowed protocols in the Rocky config. I think googiling in this topic area should get some useful results. My server has these lines:

    server min protocol = SMB2_10
    client min protocol = SMB3
    client max protocol = SMB3

They may not be correct for your use case.

I tried that, no success.