22.04 Samba 与 AD 用户 - 无法从 Windows 访问

全新安装 22.04。其他配置只有 NFS（可运行）。目录为 777。配置文件：

sssd.conf

[sssd]
domains = home.net
config_file_version = 2
services = nss, pam

[domain/home.net]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = home.net
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = home.net
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad

smb配置文件

[global]
   kerberos method = secrets and keytab
   realm = HOME.NET
   workgroup = HOME
   security = ads
   template shell = /bin/bash
   winbind enum groups = Yes
   winbind enum users = Yes
   winbind separator = +
   idmap config * : rangesize = 1000000
   idmap config * : range = 1000000-19999999
   idmap config * : backend = autorid
   unix charset = UTF-8
   server string = %h Naples File Server (Samba, Ubuntu)
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   server role = member server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
#======================= Share Definitions =======================

[test]
    comment = Test share
    path = /mnt/test
    read only = no
    force group = +video-access
    directory mask = 0775
    force directory mode = 0775
    create mask = 0775
    force create mode = 0775

krb5配置文件

[logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log

[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = HOME.NET
    default_ccache_name = KEYRING:persistent:%{uid}
    pkinit_anchors = FILE:/etc/ssl/certs/ca-certificates.crt

[realms]
        HOME.NET = {
                kdc = 192.168.102.253
                admin_server = 192.168.102.253
        }

[domain_realm]
          .home.net = HOME.NET
          home.net = HOME.NET

[plugins]
          localauth = {
                   module = winbind:/usr/lib/x86_64-linux-gnu/samba/krb5/winbind_krb5_locator.so
                   enable_only = winbind
          }

ID[电子邮件保护] - 成功列出 AD 组和本地组成员身份 wbinfo-u- 成功列出所有使用静态主机名的 AD DNS 的 AD 用户。服务器已成功添加到 AD。Realm 报告其已加入目录权限设置为 777

一切看起来都很好，但是当我尝试访问共享时，我无法通过 Win10 客户端上的登录提示。我甚至打开了 SMBv1。

我已经为此工作了太久，无法承认。我原地踏步。有人能帮忙吗？这个配置在 20.04 上运行了好几年。

谢谢