[Samba] Fwd: Not able to join windows 10 clients to samba 3.6.23 NT4 Style PDC

Gaiseric Vandal gaiseric.vandal at gmail.com
Wed May 18 14:00:45 UTC 2016 

Just to verify, did you configure the Win 10 machine as a WINS client 
?    The PDC will not necessarily be the master browser (showing what 
resources are available on the network) -  browser elections are 
weighted towards machines with newer OS's.    You can adjust the "os 
level" parameter in smb.conf to bias the election in favor of the PDC 
but if WINS is being used none of this should really matter.



Does the machine account exist in samba ?   You may need to precreate it 
with "smbpasswd -a -m machinename"   and then verify that the 
"machinename$" account was created.  I have an LDAP backend.   The unix 
machine accounts exist.  When samba creates a samba machine account 
(either when I use smbpasswd or a computer joins the domain) , samba 
updates/adds ldap attributes to the machine account.        All the Win 
10 machines I have added "recycled"  preexisting Windows 7 machine 
accounts.      With some versions of samba with an ldap backend I had to 
manually precreate the samba account and then verify the ldap attributes 
were set correctly.

Can you copy and paste the results of the net join command (sanitized of 
course to remove any company info.)

What OS is the PDC ?  (mine is solaris 11.)   Is this from package or 
precompiled?    Any recent backported patches to fix badblock 
vulnerability?


On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?

Some of the "testparm -v" output from my PDC (mostly I disabled lanman 
for security and limited SMB versions to CORE and NT1 for file sharing 
issues)


Server role: ROLE_DOMAIN_PDC
...
         interfaces =
         bind interfaces only = No
         security = USER
         auth methods =
         encrypt passwords = Yes
         client schannel = Auto
         server schannel = Auto
         allow trusted domains = Yes

...
         lanman auth = No
         ntlm auth = Yes
         client NTLMv2 auth = Yes
         client lanman auth = No
         client plaintext auth = No
         client use spnego principal = No
         send spnego principal = No
...
         smb ports = 445 139
         large readwrite = Yes
         max protocol = NT1
         min protocol = CORE
...
         announce version = 4.9
         announce as = NT
...
         os level = 20
...
         preferred master = Yes
         local master = Yes
         domain master = Yes
         browse list = Yes
         enhanced browsing = Yes
         dns proxy = No
         wins proxy = No
         wins server =
         wins support = Yes
...
[netlogon]
         comment = Network Logon Service
         path = /export/samba/netlogon
         write list = @Administrators, @sysadmin
         guest ok = Yes
         share modes = No

...












On 05/18/16 00:07, Ram Prasad Bikkina wrote:
> Hi,
>
> I resolved NMBD errors, but still same error in windows 10 pro, Could
> please suggest any changes in windows 10 PC. Applied registry changes
> suggested by samba wiki but no improvement.
>
> I am able to join windows 7 clients without error.
>
> Regards,
> Ram
>
>
>
>
>
> On Mon, May 16, 2016 at 8:11 PM, Ram Prasad Bikkina
> <parvathiprasadb at gmail.com> wrote:
>> Hi Gaiseric,
>>
>> Thank you for quick reply. I configured my PDC as WINS server and
>> specified "IP of PDC".
>>
>> I observed some errors in NMBD log,  "become_domain_master_query
>> failed". I am googling these errors.
>>
>>
>>
>> On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
>> <gaiseric.vandal at gmail.com> wrote:
>>> If this is an NT4-style domain, then DNS is not essential.    Things like
>>> SRV records aren't relevant since a lot of the NT4 is back from the NetBios
>>> days.        It looks like your Win 10 machine thinks it is trying to join
>>> an AD domain.      Windows clients machines typically are using DNS to
>>> resolve server names to IP addresses.   However DNS does not provide info on
>>> locating PDC's and BDC's.  That is better handled with the use of a WINS
>>> server (Windows Internet Naming) which is basically name looking up for
>>> "netbios" names and services.
>>>
>>> I have configured my PDC to be the WINS server.
>>>
>>>
>>> In my smb.conf on member server
>>>
>>>     security = domain
>>>     domain master = no
>>>     domain logons = no
>>>      name resolve order =  host wins  bcast
>>>      workgroup = MYDOMAIN
>>>      wins server = IP_OF_PDC
>>>
>>>
>>>
>>> For a classic domain, make sure you have NOT disable NBT (netbios over
>>> tcp/ip) on the client machines.  By default it is left enabled.
>>>
>>>
>>> On 05/14/16 00:10, Ram Prasad Bikkina wrote:
>>>> ---------- Forwarded message ----------
>>>> From: Ram Prasad Bikkina <parvathiprasadb at gmail.com>
>>>> Date: Sat, May 14, 2016 at 9:39 AM
>>>> Subject: Re: [Samba] Not able to join windows 10 clients to samba 3.6.23
>>>> NT4 Style PDC
>>>> To: gaiseric.vandal at gmail.com
>>>>
>>>>
>>>> Hi Gaiseric Vandal,
>>>>
>>>> I applied these registry settings in my windows 10 PC but not able to
>>>> join.
>>>> It is getting below error.
>>>>
>>>>    Note: This information is intended for a network administrator.  If
>>>> you are not your network's administrator, notify the administrator
>>>> that you received this information, which has been recorded in the
>>>> file C:\Windows\debug\dcdiag.txt.
>>>>
>>>>    The following error occurred when DNS was queried for the service
>>>> location (SRV) resource record used to locate an Active Directory
>>>> Domain Controller (AD DC) for domain "samba.local":
>>>>
>>>>    The error was: "DNS name does not exist."
>>>>    (error code 0x0000232B RCODE_NAME_ERROR)
>>>>
>>>>    The query was for the SRV record for _ldap._tcp.dc._msdcs.samba.local
>>>>
>>>>    Common causes of this error include the following:>
>>>>
>>>>    - The DNS SRV records required to locate a AD DC for the domain are
>>>> not registered in DNS. These records are registered with a DNS server
>>>> automatically when a AD DC is added to a domain. They are updated by
>>>> the AD DC at set intervals. This computer is configured to use DNS
>>>> servers with the following IP addresses:
>>>>
>>>>    192.168.1.2
>>>>
>>>>    - One or more of the following zones do not include delegation to its
>>>> child zone:
>>>>
>>>>    samba.local
>>>>    local
>>>>    . (the root zone)
>>>>
>>>>
>>>>
>>>> On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal
>>>> <gaiseric.vandal at gmail.com>
>>>> wrote:
>>>>
>>>>> The registry changes for Windows 7 also apply to Windows 10
>>>>>
>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 05/13/16 08:17, Ram Prasad Bikkina wrote:
>>>>>
>>>>>> I prepared samba PDC and not able to join windows 10 clients. Please
>>>>>> suggest any windows 10 registry settings.
>>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list