[Samba] samba 3 domain and win10 logon scripts

lejeczek peljasz at yahoo.co.uk
Thu Apr 28 09:45:08 UTC 2016 

that is it;
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider
\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,Req
uirePrivacy=0"

does the trick
many thanks!
L.
On Mon, 2016-04-18 at 17:17 +0200, Thomas Bork wrote:
> Am 14.04.2016 um 11:33 schrieb lejeczek:
> 
> > I'm guessing I'm missing some specifics needed for win10 - what are
> > those I wonder.
> 
> Is your Samba a NT4-style PDC? You are using Samba 3, I'm using Samba
> 4. 
> Anyway:
> 
> In my experiments I also had to set an additional regpatch for Win10
> and 
> a Samba 4.3.x NT4-style domain for logon scripts - otherwise the
> logon 
> scripts are not running:
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvid
> er\HardenedPaths]
> "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,R
> equirePrivacy=0"
> 
> Complete regpatch:
> 
> #####################################################################
> #######
> Windows Registry Editor Version 5.00
> 
> ;
> ; windows10_join_enable.reg
> ;
> ; This registry keys are needed for a Windows 10 Client to join
> ; and logon to a Samba 4.3.x domain.
> ;
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstati
> on\Parameters]
> ; Enable NT-Domain compatibility mode
> ; Default:
> ; [value not present]
> ; "DomainCompatibilityMode"=-
> "DomainCompatibilityMode"=dword:00000001
> 
> ; Disable required DNS name resolution
> ; Default:
> ; [value not present]
> ; "DNSNameResolutionRequired"=-
> "DNSNameResolutionRequired"=dword:00000000
> 
> ; Disable Mutual authentication, no Kerberos, can fall back to NTLMv2
> ; Disable Integrity, SMB signing is not required
> ; Disable Privacy, no SMBv3 must be used
> ; Default:
> ; [value not present]
> ; "\\\\*\\netlogon"=-
> 
> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvid
> er\HardenedPaths]
> "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,R
> equirePrivacy=0"
> #####################################################################
> #######
> 
> -- 
> der tom
>

More information about the samba mailing list