[Samba] Fwd: Not able to join windows 10 clients to samba 3.6.23 NT4 Style PDC
David Whitney
soonerdew at gmail.com
Wed May 18 14:58:09 UTC 2016
A couple of other issues to keep in mind...
Aside from the fact that the errors suggest your W10 box is trying to join
an AD domain, W10 also defaults to a protocol of SMB 3.3 which Samba 3.x
does not support. If you resolve the issue wherein W10 thinks it is joining
an AD domain, there's a strong possibility (if not certainty) you will then
see errors in the log of the W10 box indicating Windows could not log onto
the domain because it could not find a netlogon server. That, in turn,
would be because it could not negotiate a sufficiently secure communication
with the server.
When I encountered this problem, the only solution I found was to disable
SMB 3.3 on the W10 box as noted in
https://support.microsoft.com/en-us/kb/2696547. I re-enabled it when the
version of Samba in the 4.x series that supported SMB 3.3 was released, and
my W10 box has been a content member of my old-style domain since.
Regards,
David
On Wed, May 18, 2016 at 9:00 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
wrote:
> Just to verify, did you configure the Win 10 machine as a WINS client ?
> The PDC will not necessarily be the master browser (showing what resources
> are available on the network) - browser elections are weighted towards
> machines with newer OS's. You can adjust the "os level" parameter in
> smb.conf to bias the election in favor of the PDC but if WINS is being used
> none of this should really matter.
>
>
>
> Does the machine account exist in samba ? You may need to precreate it
> with "smbpasswd -a -m machinename" and then verify that the
> "machinename$" account was created. I have an LDAP backend. The unix
> machine accounts exist. When samba creates a samba machine account (either
> when I use smbpasswd or a computer joins the domain) , samba updates/adds
> ldap attributes to the machine account. All the Win 10 machines I
> have added "recycled" preexisting Windows 7 machine accounts. With
> some versions of samba with an ldap backend I had to manually precreate the
> samba account and then verify the ldap attributes were set correctly.
>
> Can you copy and paste the results of the net join command (sanitized of
> course to remove any company info.)
>
> What OS is the PDC ? (mine is solaris 11.) Is this from package or
> precompiled? Any recent backported patches to fix badblock vulnerability?
>
>
> On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?
>
> Some of the "testparm -v" output from my PDC (mostly I disabled lanman for
> security and limited SMB versions to CORE and NT1 for file sharing issues)
>
>
> Server role: ROLE_DOMAIN_PDC
> ...
> interfaces =
> bind interfaces only = No
> security = USER
> auth methods =
> encrypt passwords = Yes
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
>
> ...
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = Yes
> client lanman auth = No
> client plaintext auth = No
> client use spnego principal = No
> send spnego principal = No
> ...
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> ...
> announce version = 4.9
> announce as = NT
> ...
> os level = 20
> ...
> preferred master = Yes
> local master = Yes
> domain master = Yes
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = No
> wins proxy = No
> wins server =
> wins support = Yes
> ...
> [netlogon]
> comment = Network Logon Service
> path = /export/samba/netlogon
> write list = @Administrators, @sysadmin
> guest ok = Yes
> share modes = No
>
> ...
>
>
>
>
>
>
>
>
>
>
>
>
>
> On 05/18/16 00:07, Ram Prasad Bikkina wrote:
>
>> Hi,
>>
>> I resolved NMBD errors, but still same error in windows 10 pro, Could
>> please suggest any changes in windows 10 PC. Applied registry changes
>> suggested by samba wiki but no improvement.
>>
>> I am able to join windows 7 clients without error.
>>
>> Regards,
>> Ram
>>
>>
>>
>>
>>
>> On Mon, May 16, 2016 at 8:11 PM, Ram Prasad Bikkina
>> <parvathiprasadb at gmail.com> wrote:
>>
>>> Hi Gaiseric,
>>>
>>> Thank you for quick reply. I configured my PDC as WINS server and
>>> specified "IP of PDC".
>>>
>>> I observed some errors in NMBD log, "become_domain_master_query
>>> failed". I am googling these errors.
>>>
>>>
>>>
>>> On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
>>> <gaiseric.vandal at gmail.com> wrote:
>>>
>>>> If this is an NT4-style domain, then DNS is not essential. Things
>>>> like
>>>> SRV records aren't relevant since a lot of the NT4 is back from the
>>>> NetBios
>>>> days. It looks like your Win 10 machine thinks it is trying to
>>>> join
>>>> an AD domain. Windows clients machines typically are using DNS to
>>>> resolve server names to IP addresses. However DNS does not provide
>>>> info on
>>>> locating PDC's and BDC's. That is better handled with the use of a WINS
>>>> server (Windows Internet Naming) which is basically name looking up for
>>>> "netbios" names and services.
>>>>
>>>> I have configured my PDC to be the WINS server.
>>>>
>>>>
>>>> In my smb.conf on member server
>>>>
>>>> security = domain
>>>> domain master = no
>>>> domain logons = no
>>>> name resolve order = host wins bcast
>>>> workgroup = MYDOMAIN
>>>> wins server = IP_OF_PDC
>>>>
>>>>
>>>>
>>>> For a classic domain, make sure you have NOT disable NBT (netbios over
>>>> tcp/ip) on the client machines. By default it is left enabled.
>>>>
>>>>
>>>> On 05/14/16 00:10, Ram Prasad Bikkina wrote:
>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: Ram Prasad Bikkina <parvathiprasadb at gmail.com>
>>>>> Date: Sat, May 14, 2016 at 9:39 AM
>>>>> Subject: Re: [Samba] Not able to join windows 10 clients to samba
>>>>> 3.6.23
>>>>> NT4 Style PDC
>>>>> To: gaiseric.vandal at gmail.com
>>>>>
>>>>>
>>>>> Hi Gaiseric Vandal,
>>>>>
>>>>> I applied these registry settings in my windows 10 PC but not able to
>>>>> join.
>>>>> It is getting below error.
>>>>>
>>>>> Note: This information is intended for a network administrator. If
>>>>> you are not your network's administrator, notify the administrator
>>>>> that you received this information, which has been recorded in the
>>>>> file C:\Windows\debug\dcdiag.txt.
>>>>>
>>>>> The following error occurred when DNS was queried for the service
>>>>> location (SRV) resource record used to locate an Active Directory
>>>>> Domain Controller (AD DC) for domain "samba.local":
>>>>>
>>>>> The error was: "DNS name does not exist."
>>>>> (error code 0x0000232B RCODE_NAME_ERROR)
>>>>>
>>>>> The query was for the SRV record for
>>>>> _ldap._tcp.dc._msdcs.samba.local
>>>>>
>>>>> Common causes of this error include the following:>
>>>>>
>>>>> - The DNS SRV records required to locate a AD DC for the domain are
>>>>> not registered in DNS. These records are registered with a DNS server
>>>>> automatically when a AD DC is added to a domain. They are updated by
>>>>> the AD DC at set intervals. This computer is configured to use DNS
>>>>> servers with the following IP addresses:
>>>>>
>>>>> 192.168.1.2
>>>>>
>>>>> - One or more of the following zones do not include delegation to
>>>>> its
>>>>> child zone:
>>>>>
>>>>> samba.local
>>>>> local
>>>>> . (the root zone)
>>>>>
>>>>>
>>>>>
>>>>> On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal
>>>>> <gaiseric.vandal at gmail.com>
>>>>> wrote:
>>>>>
>>>>> The registry changes for Windows 7 also apply to Windows 10
>>>>>>
>>>>>>
>>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 05/13/16 08:17, Ram Prasad Bikkina wrote:
>>>>>>
>>>>>> I prepared samba PDC and not able to join windows 10 clients. Please
>>>>>>> suggest any windows 10 registry settings.
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list