[Samba] Failing to join NT 4.0 Server to a Samba 3.4.0 Domain

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed Mar 17 08:12:57 MDT 2010

On 03/17/2010 04:04 AM, Jochen Eggemann wrote:
> Am 16.03.2010 17:51, schrieb Gaiseric Vandal:
>> On 03/16/2010 10:09 AM, Jochen Eggemann wrote:
>>> HI,
>>> we had a server crash and luckily no backup. So our samba domain is
>>> gone, so I had to set up a new server with a new domain. Except for one
>>> NT 4.0 Server all XP clients where able to join this new domain.
>>> When trying to put NT4 into the domain I get following error:
>>> make_connection: refusing to connect with no session setup. What changes
>>> in samba could be the reason for this message? This NT Server had no
>>> problem joining the former domain.
>>> Jochen
>> What version of samba was the previous DC running?    I would run
>> "testparm -v" and see which versions of NTLM are enabled. I am pretty
>> sure you need "ntlm auth = Yes."   Also, NT4 might not support some of
>> the signing options.  By default "server signing = No" is set - at
>> least on my machines.   However I don't have an NT4 server so I can't
>> say for sure if this helps.   Presumably you have at least SP4
>> installed on your NT4 machine?
>> I would also guess that Samba 3.4 was not heavily tested against with
>> NT4 clients.
> I believe it was samba 2.x.x, but I'm not sure since I had nothing to do
> with it before and nobody else remembers.
> My settings:
> ntml auth = yes
> server signing = no
> NT4 has SP6a installed
> Any other ideas?
> Jochen

I would say good bye to the NT server unless you have some apps that 
won't work on Windows 200x or XP.   Or possibly move to Samba 3.0.x line 
(which you then just cause problems for your self if you want to add Win 
7 machines.)   I did have NT4sp6a working with Samba 3.0.x.

Replacing the NT machine may be a management/funding challenge-  but I 
would point out to whomever needs convincing that Microsoft stopped 
providing security patches for it a long time ago and that from a 
corporate liability perspective it should be replaced.

More information about the samba mailing list