[Samba] samba 3 domain and win10 logon scripts
Thomas Bork
tombork at web.de
Mon Apr 18 15:17:52 UTC 2016
Am 14.04.2016 um 11:33 schrieb lejeczek:
> I'm guessing I'm missing some specifics needed for win10 - what are
> those I wonder.
Is your Samba a NT4-style PDC? You are using Samba 3, I'm using Samba 4.
Anyway:
In my experiments I also had to set an additional regpatch for Win10 and
a Samba 4.3.x NT4-style domain for logon scripts - otherwise the logon
scripts are not running:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
Complete regpatch:
############################################################################
Windows Registry Editor Version 5.00
;
; windows10_join_enable.reg
;
; This registry keys are needed for a Windows 10 Client to join
; and logon to a Samba 4.3.x domain.
;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
; Enable NT-Domain compatibility mode
; Default:
; [value not present]
; "DomainCompatibilityMode"=-
"DomainCompatibilityMode"=dword:00000001
; Disable required DNS name resolution
; Default:
; [value not present]
; "DNSNameResolutionRequired"=-
"DNSNameResolutionRequired"=dword:00000000
; Disable Mutual authentication, no Kerberos, can fall back to NTLMv2
; Disable Integrity, SMB signing is not required
; Disable Privacy, no SMBv3 must be used
; Default:
; [value not present]
; "\\\\*\\netlogon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
############################################################################
--
der tom
More information about the samba
mailing list