[Samba] SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)
Rowland Penny
rpenny at samba.org
Tue Jan 17 11:24:28 UTC 2017
On Tue, 17 Jan 2017 03:03:28 -0800 (PST)
rawi via samba <samba at lists.samba.org> wrote:
> Samba - General mailing list wrote
>
> Rowland, thank you
>
> Please note the comments starting with two '#'. They give info about
> erroneous behavior I encontered.
>
> The manual says that "domain master = auto" means "NO", if "domain
> logons = NO" and this is default.
> Please note also the behavior of "hosts allow ... except" on the AD-DC
>
> here it comes...
>
> root at hg-dc1:/etc/samba# cat smb.conf
> ## Global parameters
> [global]
> workgroup = HUMGEN
> realm = HUMGEN.0ZONE
> netbios name = HG-DC1
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc
> #dnsupdate
> ## all dns and dhcp is static for humgen.0zone and _msdcs.humgen.0zone
> ## and contains all I have, inclusive printer and lab devices, which
> are not in the domain
> ## all dns tests are positive and all clients get DNS
>
> idmap_ldb:use rfc2307 = yes
> dns-nameservers 127.0.0.1
>
> tls enabled = yes
> tls keyfile = tls/myKey.pem
> tls certfile = tls/myCert.pem
> tls cafile =
>
> ## WITHOUT THIS no old WindowsXP will find the AD-DC to join,
> ## even if I've already set the IP of the wins server to the AD-DC in
> numerical form
> ## Error is, that no SRV record could be found for the domain. BUT
> nslookup shows manually all needed
> ## After the join, WindowsXP seems to stay joined and allow further
> login ## EVEN if I take these configs back
> #domain logons = yes
> #domain master = yes
> #local master = yes
>
> ## hosts allow on AD-DC breaks everything.
> ## No more wbinfo on the DC, no more id or getent passwd on the domain
> member
> ## BUG?
> #hosts allow = X.Y.Z.0/255.255.255.0 localhost EXCEPT X.Y.Z.123
>
> ## don't show the shares
> browseable = no
>
> map to guest = never
>
> ## allow no local caching of data on the client
> csc policy = disable
>
> hide unreadable = yes
> hide dot files = no
>
> ## new session kills possible old connection from the same IP. Avoids
> lock on files by old connections
> reset on zero vc = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/humgen.0zone/scripts
> read only = Yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> <<<<< smb.conf AD-DC END
>
> And now as a side note and deja vu for me, look what I wrote in the
> old smb.conf (still working since 2009) for a NT-domain wth
> Samba/smbd version 3.4.0 :)
>
> ## samba accepts no new computer in the domain if this
> ## browse options equals NO ?!
> preferred master = yes
> local master = yes
> domain master = yes
>
> Regards
> rawi
OK, first question, are you using BIND9_DLZ on the DC ?
Rowland
More information about the samba
mailing list