[Samba] Windows 8 Pro no domain logon possible
Roland Schwingel
roland.schwingel at onevision.com
Fri Sep 21 04:04:46 MDT 2012
Hi ...
So here are my current findings...
samba-bounces at lists.samba.org wrote on 20.09.2012 11:30:23:
> From: Roland Schwingel <roland.schwingel at onevision.com>
> [...]
> I got a serious problem with it. I cannot logon as domain user.
> [...]
> Does anyone have the same problems?
> Has anyone already got a working windows 8 pro in a domain?
After some more tests and changes I can give a small report on domain
logon using windows 8 together with samba 3:
Logon is possible after some changes, but there remains some logout trouble.
I am using samba 3.6.6 on my PDCs and my fileservers with enabled smb2.
My PDCs are solely responsible for keeping the windows profiles and for
managing the domain itself. No printing or file services.
To join a samba domain you need the same registry settings as for
windows 7. When they are applied and you have rebooted you can join a
samba 3 domain with windows 8 but can't login.
The problem with win8 seems to be the smb2 implementation. I assume at
least since the release preview of win8 it is using smb2.2/3.0
extensions unknown to samba.
So I switched off smb2 in windows 8 using regedit.
Under "HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation" one can
find a key "DependOnService". Open it. Remove "MRxSmb20" and reboot.
Now I can login... Hooray...
Instead of disabling smb2 in win8 I tried disabling it on my PDC
(smb.conf: "max protocol = nt1"). This also worked.
Login is possible. I can even read/write to my fileservers which do have
smb2 still enabled and fully saturate my GBit connection. Nice. :-)
So the problem lies in the login process. Something has changed here
with win8. Once you pass login the implementations appear to be
compatible - as long as you don't log out.
Logout trouble:
As long as I stay logged in everything is fine. I can work as usual.
Enumerate users/groups from the domain. Really fine. But there are
problems when I logout.
Logout takes sometimes ages (even with a user who has a nearly empty
profile). Often windows 8 writes on logout that it can't sync all data
from the local profile on the disk to the server. There are some
messages in windows eventlog listing certain pathes which are not
synced. There is nothing in the logs on the PDC (which hosts my profiles).
Roland
More information about the samba
mailing list