[Samba] Fwd: Not able to join windows 10 clients to samba 3.6.23 NT4 Style PDC
Ram Prasad Bikkina
parvathiprasadb at gmail.com
Fri May 27 06:18:01 UTC 2016
Hi Good Morning,
Thank you for everyone and supported me, I struggled a lot to resolve
the problem. However I got a solution for joining windows 10 clients
to Samba PDC (Samba Version 3.6.23) .
I changed workgroup name is from "example.com" to "example" ( I
removed "." from workgroup name), then i can able to join windows 10
clients to Samba PDC without any other settings.
May I know the reason why it is working without "." in workgroup name,
Is there any specific reason?
I tried several settings in smb.conf as well as registry settings in
windows 10 PC but it was not worked.
Regards,
Ram Prasad Bikkina
On Wed, May 18, 2016 at 8:28 PM, David Whitney <soonerdew at gmail.com> wrote:
> A couple of other issues to keep in mind...
>
> Aside from the fact that the errors suggest your W10 box is trying to join
> an AD domain, W10 also defaults to a protocol of SMB 3.3 which Samba 3.x
> does not support. If you resolve the issue wherein W10 thinks it is joining
> an AD domain, there's a strong possibility (if not certainty) you will then
> see errors in the log of the W10 box indicating Windows could not log onto
> the domain because it could not find a netlogon server. That, in turn, would
> be because it could not negotiate a sufficiently secure communication with
> the server.
>
> When I encountered this problem, the only solution I found was to disable
> SMB 3.3 on the W10 box as noted in
> https://support.microsoft.com/en-us/kb/2696547. I re-enabled it when the
> version of Samba in the 4.x series that supported SMB 3.3 was released, and
> my W10 box has been a content member of my old-style domain since.
>
> Regards,
> David
>
>
> On Wed, May 18, 2016 at 9:00 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
> wrote:
>>
>> Just to verify, did you configure the Win 10 machine as a WINS client ?
>> The PDC will not necessarily be the master browser (showing what resources
>> are available on the network) - browser elections are weighted towards
>> machines with newer OS's. You can adjust the "os level" parameter in
>> smb.conf to bias the election in favor of the PDC but if WINS is being used
>> none of this should really matter.
>>
>>
>>
>> Does the machine account exist in samba ? You may need to precreate it
>> with "smbpasswd -a -m machinename" and then verify that the "machinename$"
>> account was created. I have an LDAP backend. The unix machine accounts
>> exist. When samba creates a samba machine account (either when I use
>> smbpasswd or a computer joins the domain) , samba updates/adds ldap
>> attributes to the machine account. All the Win 10 machines I have
>> added "recycled" preexisting Windows 7 machine accounts. With some
>> versions of samba with an ldap backend I had to manually precreate the samba
>> account and then verify the ldap attributes were set correctly.
>>
>> Can you copy and paste the results of the net join command (sanitized of
>> course to remove any company info.)
>>
>> What OS is the PDC ? (mine is solaris 11.) Is this from package or
>> precompiled? Any recent backported patches to fix badblock vulnerability?
>>
>>
>> On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?
>>
>> Some of the "testparm -v" output from my PDC (mostly I disabled lanman for
>> security and limited SMB versions to CORE and NT1 for file sharing issues)
>>
>>
>> Server role: ROLE_DOMAIN_PDC
>> ...
>> interfaces =
>> bind interfaces only = No
>> security = USER
>> auth methods =
>> encrypt passwords = Yes
>> client schannel = Auto
>> server schannel = Auto
>> allow trusted domains = Yes
>>
>> ...
>> lanman auth = No
>> ntlm auth = Yes
>> client NTLMv2 auth = Yes
>> client lanman auth = No
>> client plaintext auth = No
>> client use spnego principal = No
>> send spnego principal = No
>> ...
>> smb ports = 445 139
>> large readwrite = Yes
>> max protocol = NT1
>> min protocol = CORE
>> ...
>> announce version = 4.9
>> announce as = NT
>> ...
>> os level = 20
>> ...
>> preferred master = Yes
>> local master = Yes
>> domain master = Yes
>> browse list = Yes
>> enhanced browsing = Yes
>> dns proxy = No
>> wins proxy = No
>> wins server =
>> wins support = Yes
>> ...
>> [netlogon]
>> comment = Network Logon Service
>> path = /export/samba/netlogon
>> write list = @Administrators, @sysadmin
>> guest ok = Yes
>> share modes = No
>>
>> ...
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 05/18/16 00:07, Ram Prasad Bikkina wrote:
>>>
>>> Hi,
>>>
>>> I resolved NMBD errors, but still same error in windows 10 pro, Could
>>> please suggest any changes in windows 10 PC. Applied registry changes
>>> suggested by samba wiki but no improvement.
>>>
>>> I am able to join windows 7 clients without error.
>>>
>>> Regards,
>>> Ram
>>>
>>>
>>>
>>>
>>>
>>> On Mon, May 16, 2016 at 8:11 PM, Ram Prasad Bikkina
>>> <parvathiprasadb at gmail.com> wrote:
>>>>
>>>> Hi Gaiseric,
>>>>
>>>> Thank you for quick reply. I configured my PDC as WINS server and
>>>> specified "IP of PDC".
>>>>
>>>> I observed some errors in NMBD log, "become_domain_master_query
>>>> failed". I am googling these errors.
>>>>
>>>>
>>>>
>>>> On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
>>>> <gaiseric.vandal at gmail.com> wrote:
>>>>>
>>>>> If this is an NT4-style domain, then DNS is not essential. Things
>>>>> like
>>>>> SRV records aren't relevant since a lot of the NT4 is back from the
>>>>> NetBios
>>>>> days. It looks like your Win 10 machine thinks it is trying to
>>>>> join
>>>>> an AD domain. Windows clients machines typically are using DNS to
>>>>> resolve server names to IP addresses. However DNS does not provide
>>>>> info on
>>>>> locating PDC's and BDC's. That is better handled with the use of a
>>>>> WINS
>>>>> server (Windows Internet Naming) which is basically name looking up for
>>>>> "netbios" names and services.
>>>>>
>>>>> I have configured my PDC to be the WINS server.
>>>>>
>>>>>
>>>>> In my smb.conf on member server
>>>>>
>>>>> security = domain
>>>>> domain master = no
>>>>> domain logons = no
>>>>> name resolve order = host wins bcast
>>>>> workgroup = MYDOMAIN
>>>>> wins server = IP_OF_PDC
>>>>>
>>>>>
>>>>>
>>>>> For a classic domain, make sure you have NOT disable NBT (netbios over
>>>>> tcp/ip) on the client machines. By default it is left enabled.
>>>>>
>>>>>
>>>>> On 05/14/16 00:10, Ram Prasad Bikkina wrote:
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: Ram Prasad Bikkina <parvathiprasadb at gmail.com>
>>>>>> Date: Sat, May 14, 2016 at 9:39 AM
>>>>>> Subject: Re: [Samba] Not able to join windows 10 clients to samba
>>>>>> 3.6.23
>>>>>> NT4 Style PDC
>>>>>> To: gaiseric.vandal at gmail.com
>>>>>>
>>>>>>
>>>>>> Hi Gaiseric Vandal,
>>>>>>
>>>>>> I applied these registry settings in my windows 10 PC but not able to
>>>>>> join.
>>>>>> It is getting below error.
>>>>>>
>>>>>> Note: This information is intended for a network administrator. If
>>>>>> you are not your network's administrator, notify the administrator
>>>>>> that you received this information, which has been recorded in the
>>>>>> file C:\Windows\debug\dcdiag.txt.
>>>>>>
>>>>>> The following error occurred when DNS was queried for the service
>>>>>> location (SRV) resource record used to locate an Active Directory
>>>>>> Domain Controller (AD DC) for domain "samba.local":
>>>>>>
>>>>>> The error was: "DNS name does not exist."
>>>>>> (error code 0x0000232B RCODE_NAME_ERROR)
>>>>>>
>>>>>> The query was for the SRV record for
>>>>>> _ldap._tcp.dc._msdcs.samba.local
>>>>>>
>>>>>> Common causes of this error include the following:>
>>>>>>
>>>>>> - The DNS SRV records required to locate a AD DC for the domain are
>>>>>> not registered in DNS. These records are registered with a DNS server
>>>>>> automatically when a AD DC is added to a domain. They are updated by
>>>>>> the AD DC at set intervals. This computer is configured to use DNS
>>>>>> servers with the following IP addresses:
>>>>>>
>>>>>> 192.168.1.2
>>>>>>
>>>>>> - One or more of the following zones do not include delegation to
>>>>>> its
>>>>>> child zone:
>>>>>>
>>>>>> samba.local
>>>>>> local
>>>>>> . (the root zone)
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal
>>>>>> <gaiseric.vandal at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> The registry changes for Windows 7 also apply to Windows 10
>>>>>>>
>>>>>>>
>>>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 05/13/16 08:17, Ram Prasad Bikkina wrote:
>>>>>>>
>>>>>>>> I prepared samba PDC and not able to join windows 10 clients. Please
>>>>>>>> suggest any windows 10 registry settings.
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list