[Samba] Windows XP cannot join Samba 4AD but win 7 can.

[Gaiseric Vandal]

NTLM  is related to authentication (The NT Lan Manager password hashing.)
SMB is the "Server Messaging Blocks" -   aka CIFS -     which is the 
network file and print sharing protocol.

So your NTLM and SMB settings are not related to each other.



If I understand correctly - and maybe I don't -   if you are using AD 
then kerberos is used for authentication instead of NTLM.   I don't know 
if Samba 4 AD can fall back to NTLM for backward compatibility.

You can check wikipedia to quickly determine with versions of NTLM and 
SMB work with which clients.



On 07/21/14 05:58, Sébastien Degouzon wrote:
> Hello everybody,
>
> I've got some troubles making Win XP join may samba4 AD, and, well, 
> i'm kind of stuck !
>
> I use the binary distribution of Samba 4 for Ubuntu Trusty Server 
> (4.1.6), with bind9 DLZ as a DNS backend.
>
> Everything works fine with Win7 workstations, but I get a message 
> "Internal Error" on Win XP workstation during the domain join.
> The machine account is created on the server, but stated "disabled", 
> and the DNS entry is missing...
>
> I've already checked time sync (works fine), and all the typical 
> pitfalls, and again, it works just fine with a Win 7 box...
>
> FYI, my server is running on a KVM/Libvirt virtual machine, but I 
> don't think this is the issue. Also, I already ran tests with previous 
> relesases of samba4 witch worked well.
>
> The log files show me that the Win 7 boxes use SMB2 protocol, and XP 
> uses NTLM : is this normal ? (I thought XP could use SMB1, but maybe 
> i'm wrong)...
>
> Any idea ? Or course I can show every piece of information you might 
> need to resolve my issue...
>
> Thank you very much for your help...
>
>