[Samba] Windows 10 in Samba 3 domain: netlogon share access denied

L.P.H. van Belle belle at bazuin.nl
Thu Jul 9 09:14:59 UTC 2015 

what if you try to change .

msdfs:dc1\netlogon  
to 
msdfs:dc1.your.domain.tld\netlogon 

or use 
Accessing \\dc1.your.domain.tld\netlogon 


greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>Marcel Ebbrecht
>Verzonden: donderdag 9 juli 2015 10:42
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Windows 10 in Samba 3 domain: netlogon 
>share access denied
>
>Hi,
>
>I got the same problem with Build 10162. I dont think it's an Samba
>issue. It seems that Windows 10 dont like "\\....\netlogon". Our Samba
>3.5.6 PDC works like a charm for win 7. From my Win10 PC i can access
>everything except \\dc1\netlogon
>
>Symptoms:
>Accessing \\dc1\netlogon -> Auth fail
>Accessing \\dc1\netlogon2 -> Works (same config!!!)
>Accessing \\dc1\s1\netlogon -> Works (links to \\dc1\netlogon)
>
>Everything works except accessing \\dc1\netlogon directly and joining
>domain (no AD DC found) ... must be something special with windows 10
>and I bet its:
> - a reg key
> - not solvable, because MS dont want us to access netlogon shares ...
>
>Config:
>
>[netlogon2]
>   comment = Network Logon Service
>#   browseable = no
>   path = /opt/netlogon
>   guest ok = yes
>   read only = no
>   force group = "Domain Admins"
>   create mode = 0665
>   directory mask = 0775
>   write list = @"Domain Admins"
>#   valid users = @"Domain Users" @"Domain Admins"
>   force user = nobody
>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>   delete veto files = no
>
>[netlogon]
>   comment = Network Logon Service
>#   browseable = no
>   path = /opt/netlogon
>   guest ok = yes
>   read only = no
>   force group = "Domain Admins"
>   create mode = 0665
>   directory mask = 0775
>   write list = @"Domain Admins"
>#   valid users = @"Domain Users" @"Domain Admins"
>   force user = nobody
>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>   delete veto files = no
>
>### DFS Config ###
>
>[s1]
>   comment = DFS Share s1
>   path = /opt/s1
>   msdfs root = yes
>   browseable = yes
>   read only = yes
>   force group = "Domain Admins"
>   create mode = 0660
>   directory mask = 0770
>   valid users = @"Domain Users" @"Domain Admins"
>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>   delete veto files = no
>
>### Link in DFS path ###
>lrwxrwxrwx 1 root   root          18  1. Okt 2013  Netlogon ->
>msdfs:dc1\netlogon
>
>Greetings
>
>-- 
>Marcel Ebbrecht <m.ebbrecht at dortmundit.de>
>e2 consulting UG (haftungsbeschraenkt)
>
>Geschaeftssitz:
>Rheinlanddamm 201
>D-44139 Dortmund
>
>Telefon: +49 231 / 39982051
>Telefax: +49 231 / 44677897
>Mobil: +49 160 / 90345852
>Jabber: m.ebbrecht at dortmundit.de
>Internet: https://www.dortmundit.de
>
>Handelsregister Dortmund HRB 24666
>Geschaeftsfuehrer: Marcel Ebbrecht
>Steuernummer: 314/5723/1889
>USTID: DE283203942
>
>PKI: https://ssl.dortmundit.de:18016
>
>AGB: http://agb.dortmundit.de
>
>Diese E-Mail und moegliche Anhaenge enthalten vertrauliche 
>Informationen, die rechtlich besonders geschuetzt sein 
>koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. 
>Adressat dieser E-mail sind und diese E-Mail etwa aufgrund 
>eines technischen Fehlers oder eines Versehens erhalten haben, 
>informieren Sie uns bitte sofort und loeschen Sie 
>anschliessend die E-Mail. Das unbefugte Kopieren dieser 
>E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der 
>enthaltenen Informationen an Dritte ist nicht gestattet.
>
>This e-mail message together with its attachments, if any, is 
>confidential and may contain information subject to legal 
>privilege (e.g. attorney-client-privilege). If you are not the 
>intended recipient or have received this e-mail in error, 
>please inform us immediately and delete this message. Any 
>unauthorised copying of this message (and attachments) or 
>unauthorised distribution of the information contained herein 
>is prohibited.
>
>Go Green! Print this email only when necessary.
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list