[Samba] Fwd: Not able to join windows 10 clients to samba 3.6.23 NT4 Style PDC

Ram Prasad Bikkina parvathiprasadb at gmail.com
Fri May 27 06:18:01 UTC 2016 

Hi Good Morning,

Thank you for everyone and supported me, I struggled a lot to resolve
the problem. However I got a solution for joining windows 10 clients
to Samba PDC (Samba Version 3.6.23) .

I changed workgroup name is from "example.com" to "example" ( I
removed "." from workgroup name), then i can able to join windows 10
clients to Samba PDC without any other settings.

May I know the reason why it is working without "." in workgroup name,
Is there any specific reason?

I tried several settings in smb.conf as well as registry settings in
windows 10 PC but it was not worked.

Regards,
Ram Prasad Bikkina




On Wed, May 18, 2016 at 8:28 PM, David Whitney <soonerdew at gmail.com> wrote:
> A couple of other issues to keep in mind...
>
> Aside from the fact that the errors suggest your W10 box is trying to join
> an AD domain, W10 also defaults to a protocol of SMB 3.3 which Samba 3.x
> does not support. If you resolve the issue wherein W10 thinks it is joining
> an AD domain, there's a strong possibility (if not certainty) you will then
> see errors in the log of the W10 box indicating Windows could not log onto
> the domain because it could not find a netlogon server. That, in turn, would
> be because it could not negotiate a sufficiently secure communication with
> the server.
>
> When I encountered this problem, the only solution I found was to disable
> SMB 3.3 on the W10 box as noted in
> https://support.microsoft.com/en-us/kb/2696547. I re-enabled it when the
> version of Samba in the 4.x series that supported SMB 3.3 was released, and
> my W10 box has been a content member of my old-style domain since.
>
> Regards,
> David
>
>
> On Wed, May 18, 2016 at 9:00 AM, Gaiseric Vandal <gaiseric.vandal at gmail.com>
> wrote:
>>
>> Just to verify, did you configure the Win 10 machine as a WINS client ?
>> The PDC will not necessarily be the master browser (showing what resources
>> are available on the network) -  browser elections are weighted towards
>> machines with newer OS's.    You can adjust the "os level" parameter in
>> smb.conf to bias the election in favor of the PDC but if WINS is being used
>> none of this should really matter.
>>
>>
>>
>> Does the machine account exist in samba ?   You may need to precreate it
>> with "smbpasswd -a -m machinename"   and then verify that the "machinename$"
>> account was created.  I have an LDAP backend.   The unix machine accounts
>> exist.  When samba creates a samba machine account (either when I use
>> smbpasswd or a computer joins the domain) , samba updates/adds ldap
>> attributes to the machine account.        All the Win 10 machines I have
>> added "recycled"  preexisting Windows 7 machine accounts.      With some
>> versions of samba with an ldap backend I had to manually precreate the samba
>> account and then verify the ldap attributes were set correctly.
>>
>> Can you copy and paste the results of the net join command (sanitized of
>> course to remove any company info.)
>>
>> What OS is the PDC ?  (mine is solaris 11.)   Is this from package or
>> precompiled?    Any recent backported patches to fix badblock vulnerability?
>>
>>
>> On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?
>>
>> Some of the "testparm -v" output from my PDC (mostly I disabled lanman for
>> security and limited SMB versions to CORE and NT1 for file sharing issues)
>>
>>
>> Server role: ROLE_DOMAIN_PDC
>> ...
>>         interfaces =
>>         bind interfaces only = No
>>         security = USER
>>         auth methods =
>>         encrypt passwords = Yes
>>         client schannel = Auto
>>         server schannel = Auto
>>         allow trusted domains = Yes
>>
>> ...
>>         lanman auth = No
>>         ntlm auth = Yes
>>         client NTLMv2 auth = Yes
>>         client lanman auth = No
>>         client plaintext auth = No
>>         client use spnego principal = No
>>         send spnego principal = No
>> ...
>>         smb ports = 445 139
>>         large readwrite = Yes
>>         max protocol = NT1
>>         min protocol = CORE
>> ...
>>         announce version = 4.9
>>         announce as = NT
>> ...
>>         os level = 20
>> ...
>>         preferred master = Yes
>>         local master = Yes
>>         domain master = Yes
>>         browse list = Yes
>>         enhanced browsing = Yes
>>         dns proxy = No
>>         wins proxy = No
>>         wins server =
>>         wins support = Yes
>> ...
>> [netlogon]
>>         comment = Network Logon Service
>>         path = /export/samba/netlogon
>>         write list = @Administrators, @sysadmin
>>         guest ok = Yes
>>         share modes = No
>>
>> ...
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On 05/18/16 00:07, Ram Prasad Bikkina wrote:
>>>
>>> Hi,
>>>
>>> I resolved NMBD errors, but still same error in windows 10 pro, Could
>>> please suggest any changes in windows 10 PC. Applied registry changes
>>> suggested by samba wiki but no improvement.
>>>
>>> I am able to join windows 7 clients without error.
>>>
>>> Regards,
>>> Ram
>>>
>>>
>>>
>>>
>>>
>>> On Mon, May 16, 2016 at 8:11 PM, Ram Prasad Bikkina
>>> <parvathiprasadb at gmail.com> wrote:
>>>>
>>>> Hi Gaiseric,
>>>>
>>>> Thank you for quick reply. I configured my PDC as WINS server and
>>>> specified "IP of PDC".
>>>>
>>>> I observed some errors in NMBD log,  "become_domain_master_query
>>>> failed". I am googling these errors.
>>>>
>>>>
>>>>
>>>> On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
>>>> <gaiseric.vandal at gmail.com> wrote:
>>>>>
>>>>> If this is an NT4-style domain, then DNS is not essential.    Things
>>>>> like
>>>>> SRV records aren't relevant since a lot of the NT4 is back from the
>>>>> NetBios
>>>>> days.        It looks like your Win 10 machine thinks it is trying to
>>>>> join
>>>>> an AD domain.      Windows clients machines typically are using DNS to
>>>>> resolve server names to IP addresses.   However DNS does not provide
>>>>> info on
>>>>> locating PDC's and BDC's.  That is better handled with the use of a
>>>>> WINS
>>>>> server (Windows Internet Naming) which is basically name looking up for
>>>>> "netbios" names and services.
>>>>>
>>>>> I have configured my PDC to be the WINS server.
>>>>>
>>>>>
>>>>> In my smb.conf on member server
>>>>>
>>>>>     security = domain
>>>>>     domain master = no
>>>>>     domain logons = no
>>>>>      name resolve order =  host wins  bcast
>>>>>      workgroup = MYDOMAIN
>>>>>      wins server = IP_OF_PDC
>>>>>
>>>>>
>>>>>
>>>>> For a classic domain, make sure you have NOT disable NBT (netbios over
>>>>> tcp/ip) on the client machines.  By default it is left enabled.
>>>>>
>>>>>
>>>>> On 05/14/16 00:10, Ram Prasad Bikkina wrote:
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: Ram Prasad Bikkina <parvathiprasadb at gmail.com>
>>>>>> Date: Sat, May 14, 2016 at 9:39 AM
>>>>>> Subject: Re: [Samba] Not able to join windows 10 clients to samba
>>>>>> 3.6.23
>>>>>> NT4 Style PDC
>>>>>> To: gaiseric.vandal at gmail.com
>>>>>>
>>>>>>
>>>>>> Hi Gaiseric Vandal,
>>>>>>
>>>>>> I applied these registry settings in my windows 10 PC but not able to
>>>>>> join.
>>>>>> It is getting below error.
>>>>>>
>>>>>>    Note: This information is intended for a network administrator.  If
>>>>>> you are not your network's administrator, notify the administrator
>>>>>> that you received this information, which has been recorded in the
>>>>>> file C:\Windows\debug\dcdiag.txt.
>>>>>>
>>>>>>    The following error occurred when DNS was queried for the service
>>>>>> location (SRV) resource record used to locate an Active Directory
>>>>>> Domain Controller (AD DC) for domain "samba.local":
>>>>>>
>>>>>>    The error was: "DNS name does not exist."
>>>>>>    (error code 0x0000232B RCODE_NAME_ERROR)
>>>>>>
>>>>>>    The query was for the SRV record for
>>>>>> _ldap._tcp.dc._msdcs.samba.local
>>>>>>
>>>>>>    Common causes of this error include the following:>
>>>>>>
>>>>>>    - The DNS SRV records required to locate a AD DC for the domain are
>>>>>> not registered in DNS. These records are registered with a DNS server
>>>>>> automatically when a AD DC is added to a domain. They are updated by
>>>>>> the AD DC at set intervals. This computer is configured to use DNS
>>>>>> servers with the following IP addresses:
>>>>>>
>>>>>>    192.168.1.2
>>>>>>
>>>>>>    - One or more of the following zones do not include delegation to
>>>>>> its
>>>>>> child zone:
>>>>>>
>>>>>>    samba.local
>>>>>>    local
>>>>>>    . (the root zone)
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal
>>>>>> <gaiseric.vandal at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> The registry changes for Windows 7 also apply to Windows 10
>>>>>>>
>>>>>>>
>>>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 05/13/16 08:17, Ram Prasad Bikkina wrote:
>>>>>>>
>>>>>>>> I prepared samba PDC and not able to join windows 10 clients. Please
>>>>>>>> suggest any windows 10 registry settings.
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list