I wonder if I need to go back to a unique hostname, in my smb.conf or something, that isn't used anywhere else. But I really wanted, since it's a dual boot machine, to use the same hostname as the Windows 10 OS on the same machine. But if I can't, oh well! Please let me know.

WARNING: I'm not home right now. I'll be back home tommorrow. Feel free to tell me what you think I should do, but I can't do it until tommorrow. I'm not packing a domain controller and the machine.

Last, this problem, is first priority, if you have to choose what to help with first. In a bit, I'm going to go looking for more I can help solve again.

This is all getting a mess and hard to follow, so try and see if you can understand these notes I made after reading your numerous posts.

Also can you please stop posting those pretty pictures, they are useless from the point of trying to debug things (I cannot copy the code), please use cut & paste instead.

if you are using DHCP, then /etc/hosts only needs to look like this:
AD doesn't use 'shadow'

I thought it wouldn't really be possible to change your TLD and even Microsoft used to say that it was okay to use '.local', though they have now admitted it was a bad idea. There has been (since 2018) a TLD that you should have used instead: home.arpa

You do not want your AD on the internet and I do not really understand why you need a real domain name to access the internet. I live in the UK and my ISP provides me with an external ipaddress that changes on a regular basis and I have no problem connecting to the internet.

I think you may be mixing up SSH and logging into a computer, SSH does use a format like <username@domainname>, but AD uses either the sAMAccountName or the userPrincipalName. The former will be something lke 'rowland' and the latter 'rowland@samdom.example.com' where 'samdom.example.com' is the dns domain name. Samba though alters this by prefixing the username with the NetBIOS domain and you get 'SAMDOM\rowland' (and Unix being ever so helpful, removes the '\' because it is the Unix escape character, so you need to either wrap the entire thing in quotes or double up the '\' i.e. SAMDOM\\rowland), Unix doesn't like this, so there is a smb.conf parameter 'winbind use default domain' and when this is set to 'yes', it removes the NetBIOS domain name from the username, which means you get 'rowland', which Unix does like. You cannot do this with the autorid idmap backend.

You only run one DNS server and that should be on the the AD DC. If one of your clients tries to find a dns record it uses the DC first, if it is one of the local lan records, it will return that record, anything outside the internal dns domain (such as Google), it forwards to an external dns server and then returns the reply from the external server to the client.
Active directory is heavily reliant on DNS and this means that it must control DNS on the network. If there are problems in AD, there are two places to look first, DNS and time, in that order.

Best practice is to give immutable things like an AD DC, Fileservers etc, a fixed ipaddress, this can be by setting the server with a fixed IP or by ensuring that DHCP always gives the same IP.

The 'ad' idmap backend doesn't work like that. Yes, the 'ad' idmap backend does get its ID's from AD, but only after you have added uidNumber and/or gidNumber attributes (amongst others) to AD
I suggest you use the 'rid' backend, this calculates the ID's from the AD RID's and they are immutable.

You need some Samba magic (which I haven't told you about yet) to make Administrator become the Unix user root.

Add these lines to your smb.conf:
Create the file /etc/samba/smb.conf, containing this:
Where 'YOUR_NETBIOS_NAME' is your NetBIOS name (aka workgroup)

It isn't a good idea to have two computers with the same name, I know that they can never be running at the same time, but it still isn't a good idea, for a multitude of reasons.

OK. By flipping a GUI switch, and some tweaks, I got logon working from the GUI. That's half of the battle. However, if I try to log on from the console, it resets the logon prompt. If I fix that, and know how I did it, the problem is solved and I just need to go back and document it.

Except i think because of the tty terminal logon loop, in the gui, theres a lot broken.

I can repeat what i did, if needed. Its once again joined. It logs on to GUI, but not terminal. I cant use GUI terminals or update managers, except from local admin.

I wonder if i broke pam?

Im happy with most files, i think. Just need to get the rest fixed.

OK, I now have (in a VM) a fully working Samba domain member running on LM21.1 and I now sure that I HATE UBUNTU!!

My main problem with it is, I could not not get DHCP to work, the route was a minefield, it just wouldn't work, changed to a fixed IP and it went easy from there.

I don't hate either that or Linux Mint (the latest versions). HOWEVER! I hate THIS part of it! While I can understand why it is so hard, because it allows more choices, I inherentlly hate it's concept of only using domain specific languages to configure settings, as opposed to Windows concept of a registry. I'm taking not of this, for the OS I intend to create, at some point, when my language is ready for it.

I want to, even before I get to that point, possibly add a GUI tool to Linux Mint for configuring the joining of a domain. Or maybe, at least suggest they do! However, the more I see how to join a domain, the more I actually appreciate the reasons behind this choice, if you want to do it from the command line. I just don't appreciate the lack of GUI options for joining it, if you don't want to mess with that!

Maybe the end of this will help you too. You could easily take my situation, and generalize it, if you know how.

For you to see, what I've been working on the most:

join-smiley000.local-domain_linux-mint_21.1.sh

The reason I was using the pictures before, is I was working from an unstable system. With all my changes, it was unstable. Not inherently, but...

Now, as I've reinstalled my VM several times, it's stable enough to do all work on same system. There's that file. What you have to do, is store all configuration in the same directory (I'm currently using my flash drive for simplicity). Then, you install it all to /usr/bin, with sudo cp -f * /usr/bin, using the terminal. When it's all installed, give the script execute permissions, then run it.

I'll show it all together later, especially, when I have a solution that's complete, for me. Best practice with my current way of posting on forums, is although you should read it all, read the last post for the solution end, in most cases. Just telling, for those that think it gets a bit messy, which it sort of, is.

Now, I will try my script, after making a few tweaks here and there, if needed. I see why using samba is better. Like windows, I may need to share files, even if it's at a later date. If there's one service I know a lot about, it's that one. However, since I can't know it all, often, that it's so big, I've learned some new options now. Samba, was probably the first server I created in Linux, and I used the machine as a server. I was stunted a bit, by not having my own servers all as much ready as now, in the past. When I finish them, I will be less stunted. And yes, I may change my domain, like to use a different setup, later. For now, I won't, unless required.

As far as I can tell, I have sucessfully reproduced the logon loop. At least that's progress!

The problem I had with Ubuntu was that when using dhcp to set the IP etc, it insisted on setting the first nameserver as the gateway and it wasn't, net result was that I couldn't connect to the internet. There was nothing that I could do to stop this, I tried to find documentation but this is very fragmented and mostly useless. I spent 4 hours trying to fix a simple problem and couldn't. Once I gave up and set a fixed IP via the network manager GUI, within half an hour, I had a Unix domain member.

This has never happened before with any distro and believe me, I have set up Unix domain members on most distros.

I personally think that Canonical is committing suicide with the direction they are taking, what with enforcing the use of snapd etc.

If you want to know how to use your Ubuntu as a Unix domain member, I will tell you, but only after you admit your DNS system is terminally borked.

OK. I admit that my network as a whole is not set up perfectly. No matter what aspect you look at, it has some problems. I'd like it to be perfect, but only when I stopped trying to be that good, was I able to get any real work done.

When I used to re-install Windows XP over and over and over, and never use it, because it wasn't perfect, that is when I had my first injury. I don't have to do that anymore. Yes, DNS is one of those things that's not working the way I'd like it to yet. But I didn't even know that part about it, when I set it up.

If you insist I change it first, unless nothing will work at all if I don't, I CAN change it, but for that change, to change it to .home.arpa, it would take me about a week to accomplish that change, if I do it very, very safely. Do you want me to not post back here for an estimated time of a week, change it and do that? Or would you rather help me get this done without that, and now that I know about it, I WILL change it, but I'd really like to more of in the future, rather than now.

I would get my routers more under control, and fix my wiring for the network. Then, I would fix my network diagrams. And THEN, I would fix that! Not for this forum, but this last paragraph is what I'd like to do. And then, I would fix the rest of my servers.

Fixing problems with my network, is what I'm doing. However, I don't want to have to not be able to do anything, while I fix it. Tell me whether you insist on me fixing my domain name now, or whether I can do what I planned, and then fix it If you insist, I will fix it. I will certainly fix it.

But I will just not insist on perection I can't achieve yet. So I will not jump to the routers right away, and do that planned work, until I get far enough on some of the more important things. Then, I can go gracefully, and have as few problems and downtime, as possible.

Another thing, that's not perfect, but we didn't even touch on, is I'm using at least 3, very old server software cases. The plan was to fix those too, but later too.

https://youtu.be/3TPgxpjgYsU

I think THIS, was what i did before. What im doing now is better. Just have to finish...