[Samba] SOLVED(I hope): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)

rawi only4com at web.de
Tue Jan 17 11:19:15 UTC 2017 

Samba - General mailing list wrote
> Hello,
> 
> Am 16.01.2017 um 18:07 schrieb rawi via samba:
>> I discovered, that the generated smb.conf was not enough for an AD-DC.
>> 
>> Despite having:
>> 
>> server role = active directory domain controller
>> 
>> ... the default settings for:
>> 
>> domain logons = no (?)
>> domain master = auto (aka equally NO)
>> local master = yes
>> 
>> (not specifically mentioned in the generated smb.config)
>> 
>> ... where enough for Windows7 and Windows8 (?), but not for Windows XP
>> 
>> After setting 
>> 
>> domain master = YES 
>> 
>> ... I could join the WindowsXP and login.
>> 
>> I also added then (to be sure ;) domain logons = YES.
>> 
>> This seems now to work. I'll test tomorrow joins with another clients.
>> 
>> What remains, is the question, why a "server role = active directory
>> domain
>> controller" doesn't enable "domain logons" by default?
> 
> I cannot confirm this. I never had these settings in smb.conf files on
> my DCs and XP clients ran successfully.
> 
> 
> Additionally, the "domain logons" parameter was for Win9x clients and
> the default is "off" since a very long time, not just on AD DCs. See the
> smb.conf man page:
>> domain logons (G)
>>
>> If set to yes, the Samba server will provide the netlogon service for
>> Windows 9X network logons for the workgroup it is in. This will also
>> cause the Samba server to act as a domain controller for NT4 style
>> domain services. For more details on setting up this feature see the
>> Domain Control chapter of the Samba HOWTO Collection.
>>
>> Default: domain logons = no
> 
> I'm a bit afraid what happens if you enable this on a Samba DC.
> Let us know what it breaks. ;-)
> 
> Regards,
> Marc

Well, Mark

... your last sentence haunted me the whole night ;)

Please see also my answer to Rowland

IF something breaks... that's me and the only open source guy in this
institute.

I'm an old stubborn admin here since 13 years, alone. The youth and the
research wants only the job quickly done, no matter with which tools.

So, that's me breaking, if things are going awry... I hope not...

Regards

rawi




--
View this message in context: http://samba.2283325.n4.nabble.com/Difficulties-with-Windows-XP-failed-to-find-cifs-fileserver-y-z-Y-Z-in-keytab-arcfour-hmac-md5-tp4713385p4713550.html
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list