[Samba] Windows 10 and Samba 4.1.17-debian (NT Domain)
Luke Barone
lukebarone at gmail.com
Sat Apr 2 19:28:48 UTC 2016
OK, I'll see if I can upgrade.
I *kinda* got it working on one Windows 10 machine, using a Microsoft KB to
disable SMB3 as a service. Thanks for your help today, Penny.
On Sat, Apr 2, 2016 at 12:22 PM, Rowland penny <rpenny at samba.org> wrote:
> On 02/04/16 20:02, Luke Barone wrote:
>
> Also, when I run testparm -svv | less I can find these four lines on both
> the working and non-working servers:
>
> server max protocol = SMB3
> server min protocol = LANMAN1
> client max protocol = NT1
> client min protocol = CORE
>
>
> On Sat, Apr 2, 2016 at 11:57 AM, Luke Barone <lukebarone at gmail.com> wrote:
>
>> OK, then here's the weird part. I have another server, hosting other
>> files, lets my Windows 10 system connect. The main server won't though.
>> They are both running Debian Jessie 8.3, and Samba 4.1.17-debian. Below is
>> the /etc/samba/smb.conf file *that works with Windows 7 and 10*:
>>
>> [global]
>> workgroup = SD57
>> netbios name = SAMBA
>> server string = sss
>> interfaces = eth1, tun0, eth0
>> bind interfaces only = Yes
>> pam password change = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *new*password* %n\n *new*password* %n\n *updated*
>> unix password sync = Yes
>> name resolve order = wins, hosts, bcast
>> printcap name = /etc/printcap
>> logon script = login.bat
>> logon path =
>> logon drive = h:
>> domain logons = Yes
>> preferred master = Auto
>> local master = No
>> domain master = Yes
>> wins support = Yes
>> idmap config * : backend = tdb
>> admin users = tech, machine, lbarone, @domainadmins
>> write list = @domainadmins
>> printing = lprng
>> print command = lpr -r -P'%p' %s
>> lpq command = lpq -P'%p'
>> lprm command = lprm -P'%p' %j
>> lppause command = lpc hold '%p' %j
>> lpresume command = lpc release '%p' %j
>> queuepause command = lpc stop '%p'
>> queueresume command = lpc start '%p'
>>
>> [netlogon]
>> path = /usr/local/share/netlogon
>> read only = No
>> oplocks = No
>> level2 oplocks = No
>>
>>
>> On Sat, Apr 2, 2016 at 11:37 AM, Rowland penny < <rpenny at samba.org>
>> rpenny at samba.org> wrote:
>>
>>> On 02/04/16 19:17, Luke Barone wrote:
>>>
>>>> Hi all,
>>>>
>>>> After some config changes and reboots, I got the Samba server running
>>>> properly for my client computers running Windows 7. My issue now is with
>>>> Windows 10.
>>>>
>>>> I see threads relating to setting "max protocol = NT1", but this seems
>>>> to
>>>> break the Windows 7 clients (which are finally working again). Below is
>>>> my
>>>> smb.conf file (which works for Windows 7):
>>>>
>>>> [global]
>>>> workgroup = JMC
>>>> netbios name = JMAC
>>>> server string = jmac
>>>> interfaces = eth1
>>>> bind interfaces only = Yes
>>>> pam password change = Yes
>>>> passwd program = /usr/bin/passwd %u
>>>> passwd chat = *new*password* %n\n *new*password* %n\n *updated*
>>>> unix password sync = Yes
>>>> log file = /var/log/samba/log.%m
>>>> name resolve order = host, wins, lmhosts, bcast
>>>> printcap name = /dev/null
>>>> disable spoolss = Yes
>>>> logon script = login.bat
>>>> logon drive = h:
>>>> domain logons = Yes
>>>> os level = 255
>>>> preferred master = Yes
>>>> domain master = Yes
>>>> wins support = Yes
>>>> lock directory = /var/cache/samba
>>>> idmap config * : range = 1000-1999999
>>>> idmap config * : backend = tdb
>>>> admin users = machine, add, lbarone, @domainadmins
>>>> write list = @domainadmins
>>>> printing = lprng
>>>> print command = lpr -r -P'%p' %s
>>>> lpq command = lpq -P'%p'
>>>> lprm command = lprm -P'%p' %j
>>>> lppause command = lpc hold '%p' %j
>>>> lpresume command = lpc release '%p' %j
>>>> queuepause command = lpc stop '%p'
>>>> queueresume command = lpc start '%p'
>>>>
>>>> [netlogon]
>>>> path = /usr/local/share/netlogon
>>>> inherit permissions = Yes
>>>> browseable = No
>>>>
>>>>
>>>> Again, I had to turn off the max protocol = NT1 option in order to get
>>>> the
>>>> Windows 7 clients to connect, but I need Windows 10 clients to be able
>>>> to
>>>> connect. This is for both a domain-joined machine, and some stand-alone
>>>> clients. The reghack for joining the domain have been applied. I have
>>>> tried
>>>> rebooting the server as well, so I know the services are not hanging
>>>> right
>>>> now.
>>>>
>>>> Suggestions on what to try next?
>>>>
>>>
>>> That is the only way to get windows 10 to connect to an NT domain, it is
>>> windows subtle way of telling you to upgrade to an active directory domain.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
> OK, there was a similar thread recently, I dug out a link to it:
> https://lists.samba.org/archive/samba/2016-March/198527.html
>
> What Andrew Bartlett say in the link is that you need a 4.2 Samba, can I
> suggest you upgrade yet again, 4.1 is EOL anyway and I really really
> suggest you upgrade now! You can get 4.2.x from Sernet. Debian probably
> will be upgrading Samba shortly, but just when ?
>
> I would suggest you test this in VMs if at all possible.
>
> Rowland
>
>
More information about the samba
mailing list