[Samba] Windows 10
Thomas Bork
tombork at web.de
Thu Mar 31 19:15:56 UTC 2016
Am 31.03.2016 um 16:24 schrieb Korn, Ute:
> I can bind the clients to the domain without any problem. Afterwards I want to login in the domain, I get the error,
> no logonserver available
> I can change in the smb conf max protocol to NT1 -> now it is possible to login with user xxx in the domain
> We don't want to use our samba server with the NT1 setting, so I will delete this setting
See
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
#########################################################################
Windows 10: „No logon servers available“
If you have successfully joined Windows 10 to your Samba NT4 domain and
try to login, you may encounter the error "No logon servers available".
To workaround, set in your PDCs smb.conf:
max protocol = NT1
After you've restarted Samba, you will be able to login with a domain
account on Windows 10.
Be aware, that this setting prevent your clients to use newer SMB
protocol versions than SMB1 with this server! However, this is the way
the Samba team recommends. There are suggestions out there, to disable
newer SMB version on Windows 10 client(s) in general. However this will
prevent them from using newer protocol version with any SMB servers,
instead of a single one (PDC)!
#########################################################################
If you want to disable newer protocol versions on the Win10 client, you
can open a command prompt with administrator rights and set:
sc config lanmanworkstation depend=bowser/mrxsmb10/nsi
sc config mrxsmb20 start=disabled
See
https://support.microsoft.com/en-us/kb/2696547
In my experiments I also had to set an additional regpatch for Win10 and
a Samba 4.3.x NT4-style domain for logon scripts - otherwise the logon
scripts are not running:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
Complete regpatch:
############################################################################
Windows Registry Editor Version 5.00
;
; windows10_join_enable.reg
;
; This registry keys are needed for a Windows 10 Client to join
; and logon to a Samba 4.3.x domain.
;
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
; Enable NT-Domain compatibility mode
; Default:
; [value not present]
; "DomainCompatibilityMode"=-
"DomainCompatibilityMode"=dword:00000001
; Disable required DNS name resolution
; Default:
; [value not present]
; "DNSNameResolutionRequired"=-
"DNSNameResolutionRequired"=dword:00000000
; Disable Mutual authentication, no Kerberos, can fall back to NTLMv2
; Disable Integrity, SMB signing is not required
; Disable Privacy, no SMBv3 must be used
; Default:
; [value not present]
; "\\\\*\\netlogon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
############################################################################
--
der tom
More information about the samba
mailing list