[Samba] SMBx differences re Win10 in Samba4 NT4 DC
soonerdew at gmail.com
Mon Aug 31 23:30:29 UTC 2015
I wasn't trying to blame or suggest SAMBA should or shouldn't be able to do
it, I was just trying to understand more about the gap in SMB versions
between Windows 10 and Samba 4.
That said, your response got me to thinking, Rowland, and I came up with an
alternate if not ideal way of getting a Windows 10 Pro box to authenticate
to an NT4 SAMBA domain *without* changing the SERVER MAX PROTOCOL = NT1.
In fact, I think this method would work for a "real" Windows NT4-style
domain as well.
Now, I will preface this by saying it is a stop-gap solution until I can
properly plan a full AD migration, and I wouldn't recommend this for a
regular configuration, but I've verified that it will work against a Samba4
Since I couldn't change the *server* SMB configuration without breaking
other devices that don't implement NT1, I did the reverse; I disabled SMB2
on the Windows 10 *client*. As described in
https://support.microsoft.com/en-us/kb/2696547, it's a matter of two
commands in an elevated command prompt:
sc config lanmanworkstation depend=bowser/mrxsmb10/nsi
sc config mrxsmb20 start=disabled
I then rebooted the Windows 10 box, logged in, and voila, the NETLOGON
share issue was gone, my domain logon script had run, my [HOMES] share had
processed, and I confirmed that I had authenticated to the Samba 4 DC.
Given that this was a client change, I strongly suspect this would work
against a "real" Windows NT4-style domain controller, but I don't have one
of those to validate the theory.
On Mon, Aug 31, 2015 at 12:57 PM, Rowland Penny-6 [via Samba] <
ml-node+s2283325n4690578h62 at n4.nabble.com> wrote:
> On 31/08/15 18:12, soonerdave wrote:
> > Given an existing NT4 Samba 4 DC, a recently upgraded Win10 machine can
> > longer access NETLOGON to authenticate to the network. This lead to the
> > research revealing that my Samba4 PDC SMB.CONF must be changed to limit
> > PROTOCOL = NT1 to avoid negotiating a version of SMB2 from Win10 that
> > can't resolve.
> > Doing this broke authentication via other resources that no longer
> > NT1, so am I correct in inferring that the only option at this point to
> > Win10 domain logins with a later version of SMB (greater than NT1) is by
> > upgrading the domain to a full Samba AD DC?
> > Lastly, could someone help me understand the subtlety between the
> dialect of
> > SMB2/SMB3 Samba supports versus the variety Win10 is trying to
> > and why there is the disconnect? Put a different way, I don't understand
> > exactly why Win10/Samba can't negotiate down to an SMB level both can
> > (well, one greater than NT1, I guess)
> I think you are asking the wrong people, Samba came up with a way to use
> a windows 10 machine with an NT4-style domain, if I understand it right,
> you cannot do this with a windows NT4 domain.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> If you reply to this email, your message will be added to the discussion
> To unsubscribe from SMBx differences re Win10 in Samba4 NT4 DC, click here
View this message in context: http://samba.2283325.n4.nabble.com/SMBx-differences-re-Win10-in-Samba4-NT4-DC-tp4690575p4690594.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba