[Samba] Windows 10 in Samba 3 domain: netlogon share access denied

Marcel Ebbrecht m.ebbrecht at dortmundit.de
Thu Jul 9 11:02:24 UTC 2015 

lets ignore the dfs and concentrate on the the direct access:

domain is foo.lan

tried:


\\dc1\netlogon
\\ip\netlogon
\\dc1.foo.lan\netlogon
\\foo.lan\netlogon 

doesnt work with foo.lan\username and just username

\\dc1\netlogon2
\\ip\netlogon2
\\dc1.foo.lan\netlogon2
\\foo.lan\netlogon2

works with foo.lan\username and just username - same directory, same config, just another sharename (see config). 

Tried also with guest ok ... netlogon2 works, netlogon not. Everything works except the netlogon share and joining domain :(

Can someone confirm, that Build 10162 doesnt want to connect to netlogon shares ? 

I also created a netlogon share on one of our windows servers (old 2003 testing machine) ... doesnt work, so this is obviously no samba problem :( 

BUT: Samba people are often more competent than microsoft people on Windows ;) So is anyone here who can confirm this problem and, perhaps, submit a solution ? 

ty


Am 09.07.2015 um 11:14 schrieb L.P.H. van Belle:
> what if you try to change .
>
> msdfs:dc1\netlogon  
> to 
> msdfs:dc1.your.domain.tld\netlogon 
>
> or use 
> Accessing \\dc1.your.domain.tld\netlogon 
>
>
> greetz, 
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> Marcel Ebbrecht
>> Verzonden: donderdag 9 juli 2015 10:42
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Windows 10 in Samba 3 domain: netlogon 
>> share access denied
>>
>> Hi,
>>
>> I got the same problem with Build 10162. I dont think it's an Samba
>> issue. It seems that Windows 10 dont like "\\....\netlogon". Our Samba
>> 3.5.6 PDC works like a charm for win 7. From my Win10 PC i can access
>> everything except \\dc1\netlogon
>>
>> Symptoms:
>> Accessing \\dc1\netlogon -> Auth fail
>> Accessing \\dc1\netlogon2 -> Works (same config!!!)
>> Accessing \\dc1\s1\netlogon -> Works (links to \\dc1\netlogon)
>>
>> Everything works except accessing \\dc1\netlogon directly and joining
>> domain (no AD DC found) ... must be something special with windows 10
>> and I bet its:
>> - a reg key
>> - not solvable, because MS dont want us to access netlogon shares ...
>>
>> Config:
>>
>> [netlogon2]
>>   comment = Network Logon Service
>> #   browseable = no
>>   path = /opt/netlogon
>>   guest ok = yes
>>   read only = no
>>   force group = "Domain Admins"
>>   create mode = 0665
>>   directory mask = 0775
>>   write list = @"Domain Admins"
>> #   valid users = @"Domain Users" @"Domain Admins"
>>   force user = nobody
>>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>>   delete veto files = no
>>
>> [netlogon]
>>   comment = Network Logon Service
>> #   browseable = no
>>   path = /opt/netlogon
>>   guest ok = yes
>>   read only = no
>>   force group = "Domain Admins"
>>   create mode = 0665
>>   directory mask = 0775
>>   write list = @"Domain Admins"
>> #   valid users = @"Domain Users" @"Domain Admins"
>>   force user = nobody
>>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>>   delete veto files = no
>>
>> ### DFS Config ###
>>
>> [s1]
>>   comment = DFS Share s1
>>   path = /opt/s1
>>   msdfs root = yes
>>   browseable = yes
>>   read only = yes
>>   force group = "Domain Admins"
>>   create mode = 0660
>>   directory mask = 0770
>>   valid users = @"Domain Users" @"Domain Admins"
>>   veto files = /.DS_Store*/Thumbs.db*/~\$*/
>>   delete veto files = no
>>
>> ### Link in DFS path ###
>> lrwxrwxrwx 1 root   root          18  1. Okt 2013  Netlogon ->
>> msdfs:dc1\netlogon
>>
>> Greetings
>>
>> -- 
>> Marcel Ebbrecht <m.ebbrecht at dortmundit.de>
>> e2 consulting UG (haftungsbeschraenkt)
>>
>> Geschaeftssitz:
>> Rheinlanddamm 201
>> D-44139 Dortmund
>>
>> Telefon: +49 231 / 39982051
>> Telefax: +49 231 / 44677897
>> Mobil: +49 160 / 90345852
>> Jabber: m.ebbrecht at dortmundit.de
>> Internet: https://www.dortmundit.de
>>
>> Handelsregister Dortmund HRB 24666
>> Geschaeftsfuehrer: Marcel Ebbrecht
>> Steuernummer: 314/5723/1889
>> USTID: DE283203942
>>
>> PKI: https://ssl.dortmundit.de:18016
>>
>> AGB: http://agb.dortmundit.de
>>
>> Diese E-Mail und moegliche Anhaenge enthalten vertrauliche 
>> Informationen, die rechtlich besonders geschuetzt sein 
>> koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. 
>> Adressat dieser E-mail sind und diese E-Mail etwa aufgrund 
>> eines technischen Fehlers oder eines Versehens erhalten haben, 
>> informieren Sie uns bitte sofort und loeschen Sie 
>> anschliessend die E-Mail. Das unbefugte Kopieren dieser 
>> E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der 
>> enthaltenen Informationen an Dritte ist nicht gestattet.
>>
>> This e-mail message together with its attachments, if any, is 
>> confidential and may contain information subject to legal 
>> privilege (e.g. attorney-client-privilege). If you are not the 
>> intended recipient or have received this e-mail in error, 
>> please inform us immediately and delete this message. Any 
>> unauthorised copying of this message (and attachments) or 
>> unauthorised distribution of the information contained herein 
>> is prohibited.
>>
>> Go Green! Print this email only when necessary.
>>
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list