[Samba] win 10 client on linux pdc, join domain ok, logon script fails to run
coxsterdillon
coxsterdillon at hotmail.com
Tue Oct 4 14:18:15 UTC 2016
Hi,
Just in case someone looks at this thread, I've fix my samba win10 issue
with PDC. Here's what I did:
To over come perhaps a DNS issue where complete name of server including top
level domain name could not access box as \\hostname.tld\<share>
I change the hostname to match netbios name.
#cat dev2 > /etc/hostname
#reboot
edited hosts file to make sure old name was removed.
/etc/hosts contains
127.0.0.1 localhost
192.168.1.200 dev2
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/etc/resolvconf/resolv.conf.d/tail contains
domain dev2
nameserver 192.168.1.200
/etc/nsswitch.conf contains
group: compat winbind
shadow: compat
hosts: files winbind mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
/etc/samba/smb.conf contains:
[global]
workgroup = COMPO
netbios name = DEV2
server string = %h server (Samba, Ubuntu)
domain master = yes
preferred master = yes
local master = yes
domain logons = yes
add machine script = sudo /usr/sbin/useradd -N -g pdcmachines -c Machine
-d /var/lib/samba -s /bin/false %u
security = user
encrypt passwords = yes
wins support = yes
name resolve order = wins lmhosts hosts bcast
logon path = \\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
logon script = logon.bat
panic action = /usr/share/samba/panic-action %d
unix password sync = yes
obey pam restrictions = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully*.
pam password change = yes
server max protocol = NT1
[homes]
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
[share]
comment = Global shared directory
browseable = yes
path = /home/share
valid users = %U
directory mask = 0700
create mask = 0700
read only = no
[temp]
comment = Temporary shared data directory
browseable = yes
path = /home/temp
valid users = %U
directory mask = 0700
create mask = 0700
read only = no
[netlogon]
path = /srv/samba/netlogon
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
guest ok = yes
comment = Network Logon Service
I found all the samba users had the old tld name associated so I changed
them as for each:
pdbedit -r <username> -I COMPO
-----------------------------------
Important part for Windows 10. When I joined each user to the domain COMPO,
like:
https://wiki.samba.org/index.php/Joining_a_Windows_Client_or_Server_to_a_Domain
If you reboot. It will prompt to login a user and state the domain under
the user name box, in my case COMPO.
However It kind of left each user part of the domain, able to use shares but
not fully on the domain if you enter the samba password to login.
So for each user I log off. Click switch user. Even though it says domain
COMPO under the user name, I manually type "COMPO\<username>".
Then each user is logged into a new account in windows 10, each says
COMPO\<username> and magically their login scripts run!
I also followed the windows 10 group policy for hardened unc:
https://blogs.technet.microsoft.com/askpfeplat/2015/02/22/guidance-on-deployment-of-ms15-011-and-ms15-014/
and the windows 8 delayed boot group policy (with it set to disabled,
default was unset):
http://www.thewindowsclub.com/configure-logon-script-delay-windows
Hope this helps someone
Regards
--
View this message in context: http://samba.2283325.n4.nabble.com/win-10-client-on-linux-pdc-join-domain-ok-logon-script-fails-to-run-tp4708871p4709096.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list