[Samba] Windows 10 and Samba 4.1.17-debian (NT Domain)

Luke Barone lukebarone at gmail.com
Sat Apr 2 19:28:48 UTC 2016 

OK, I'll see if I can upgrade.

I *kinda* got it working on one Windows 10 machine, using a Microsoft KB to
disable SMB3 as a service. Thanks for your help today, Penny.

On Sat, Apr 2, 2016 at 12:22 PM, Rowland penny <rpenny at samba.org> wrote:

> On 02/04/16 20:02, Luke Barone wrote:
>
> Also, when I run testparm -svv | less I can find these four lines on both
> the working and non-working servers:
>
>         server max protocol = SMB3
>         server min protocol = LANMAN1
>         client max protocol = NT1
>         client min protocol = CORE
>
>
> On Sat, Apr 2, 2016 at 11:57 AM, Luke Barone <lukebarone at gmail.com> wrote:
>
>> OK, then here's the weird part. I have another server, hosting other
>> files, lets my Windows 10 system connect. The main server won't though.
>> They are both running Debian Jessie 8.3, and Samba 4.1.17-debian. Below is
>> the /etc/samba/smb.conf file *that works with Windows 7 and 10*:
>>
>> [global]
>>         workgroup = SD57
>>         netbios name = SAMBA
>>         server string = sss
>>         interfaces = eth1, tun0, eth0
>>         bind interfaces only = Yes
>>         pam password change = Yes
>>         passwd program = /usr/bin/passwd %u
>>         passwd chat = *new*password* %n\n *new*password* %n\n *updated*
>>         unix password sync = Yes
>>         name resolve order = wins, hosts, bcast
>>         printcap name = /etc/printcap
>>         logon script = login.bat
>>         logon path =
>>         logon drive = h:
>>         domain logons = Yes
>>         preferred master = Auto
>>         local master = No
>>         domain master = Yes
>>         wins support = Yes
>>         idmap config * : backend = tdb
>>         admin users = tech, machine, lbarone, @domainadmins
>>         write list = @domainadmins
>>         printing = lprng
>>         print command = lpr -r -P'%p' %s
>>         lpq command = lpq -P'%p'
>>         lprm command = lprm -P'%p' %j
>>         lppause command = lpc hold '%p' %j
>>         lpresume command = lpc release '%p' %j
>>         queuepause command = lpc stop '%p'
>>         queueresume command = lpc start '%p'
>>
>> [netlogon]
>>         path = /usr/local/share/netlogon
>>         read only = No
>>         oplocks = No
>>         level2 oplocks = No
>>
>>
>> On Sat, Apr 2, 2016 at 11:37 AM, Rowland penny < <rpenny at samba.org>
>> rpenny at samba.org> wrote:
>>
>>> On 02/04/16 19:17, Luke Barone wrote:
>>>
>>>> Hi all,
>>>>
>>>> After some config changes and reboots, I got the Samba server running
>>>> properly for my client computers running Windows 7. My issue now is with
>>>> Windows 10.
>>>>
>>>> I see threads relating to setting "max protocol = NT1", but this seems
>>>> to
>>>> break the Windows 7 clients (which are finally working again). Below is
>>>> my
>>>> smb.conf file (which works for Windows 7):
>>>>
>>>> [global]
>>>>          workgroup = JMC
>>>>          netbios name = JMAC
>>>>          server string = jmac
>>>>          interfaces = eth1
>>>>          bind interfaces only = Yes
>>>>          pam password change = Yes
>>>>          passwd program = /usr/bin/passwd %u
>>>>          passwd chat = *new*password* %n\n *new*password* %n\n *updated*
>>>>          unix password sync = Yes
>>>>          log file = /var/log/samba/log.%m
>>>>          name resolve order = host, wins, lmhosts, bcast
>>>>          printcap name = /dev/null
>>>>          disable spoolss = Yes
>>>>          logon script = login.bat
>>>>          logon drive = h:
>>>>          domain logons = Yes
>>>>          os level = 255
>>>>          preferred master = Yes
>>>>          domain master = Yes
>>>>          wins support = Yes
>>>>          lock directory = /var/cache/samba
>>>>          idmap config * : range = 1000-1999999
>>>>          idmap config * : backend = tdb
>>>>          admin users = machine, add, lbarone, @domainadmins
>>>>          write list = @domainadmins
>>>>          printing = lprng
>>>>          print command = lpr -r -P'%p' %s
>>>>          lpq command = lpq -P'%p'
>>>>          lprm command = lprm -P'%p' %j
>>>>          lppause command = lpc hold '%p' %j
>>>>          lpresume command = lpc release '%p' %j
>>>>          queuepause command = lpc stop '%p'
>>>>          queueresume command = lpc start '%p'
>>>>
>>>> [netlogon]
>>>>          path = /usr/local/share/netlogon
>>>>          inherit permissions = Yes
>>>>          browseable = No
>>>>
>>>>
>>>> Again, I had to turn off the max protocol = NT1 option in order to get
>>>> the
>>>> Windows 7 clients to connect, but I need Windows 10 clients to be able
>>>> to
>>>> connect. This is for both a domain-joined machine, and some stand-alone
>>>> clients. The reghack for joining the domain have been applied. I have
>>>> tried
>>>> rebooting the server as well, so I know the services are not hanging
>>>> right
>>>> now.
>>>>
>>>> Suggestions on what to try next?
>>>>
>>>
>>> That is the only way to get windows 10 to connect to an NT domain, it is
>>> windows subtle way of telling you to upgrade to an active directory domain.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
> OK, there was a similar thread recently, I dug out a link to it:
> https://lists.samba.org/archive/samba/2016-March/198527.html
>
> What Andrew Bartlett say in the link is that you need a 4.2 Samba, can I
> suggest you upgrade yet again, 4.1 is EOL anyway and I really really
> suggest you upgrade now! You can get 4.2.x from Sernet. Debian probably
> will be upgrading Samba shortly, but just when ?
>
> I would suggest you test this in VMs if at all possible.
>
> Rowland
>
>

More information about the samba mailing list