[Samba] SOLVED(aproximative?): Difficulties with Windows XP: failed to find cifs/fileserver.y.z at Y.Z in keytab (arcfour-hmac-md5)
rawi
only4com at web.de
Tue Jan 17 11:32:46 UTC 2017
Samba - General mailing list wrote
> On Tue, 17 Jan 2017 03:03:28 -0800 (PST)
> rawi via samba <
> samba at .samba
> > wrote:
>
>> Samba - General mailing list wrote
>>
>> Rowland, thank you
>>
>> Please note the comments starting with two '#'. They give info about
>> erroneous behavior I encontered.
>>
>> The manual says that "domain master = auto" means "NO", if "domain
>> logons = NO" and this is default.
>> Please note also the behavior of "hosts allow ... except" on the AD-DC
>>
>> here it comes...
>>
>> root at hg-dc1:/etc/samba# cat smb.conf
>> ## Global parameters
>> [global]
>> workgroup = HUMGEN
>> realm = HUMGEN.0ZONE
>> netbios name = HG-DC1
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc
>> #dnsupdate
>> ## all dns and dhcp is static for humgen.0zone and _msdcs.humgen.0zone
>> ## and contains all I have, inclusive printer and lab devices, which
>> are not in the domain
>> ## all dns tests are positive and all clients get DNS
>>
>> idmap_ldb:use rfc2307 = yes
>> dns-nameservers 127.0.0.1
>>
>> tls enabled = yes
>> tls keyfile = tls/myKey.pem
>> tls certfile = tls/myCert.pem
>> tls cafile =
>>
>> ## WITHOUT THIS no old WindowsXP will find the AD-DC to join,
>> ## even if I've already set the IP of the wins server to the AD-DC in
>> numerical form
>> ## Error is, that no SRV record could be found for the domain. BUT
>> nslookup shows manually all needed
>> ## After the join, WindowsXP seems to stay joined and allow further
>> login ## EVEN if I take these configs back
>> #domain logons = yes
>> #domain master = yes
>> #local master = yes
>>
>> ## hosts allow on AD-DC breaks everything.
>> ## No more wbinfo on the DC, no more id or getent passwd on the domain
>> member
>> ## BUG?
>> #hosts allow = X.Y.Z.0/255.255.255.0 localhost EXCEPT X.Y.Z.123
>>
>> ## don't show the shares
>> browseable = no
>>
>> map to guest = never
>>
>> ## allow no local caching of data on the client
>> csc policy = disable
>>
>> hide unreadable = yes
>> hide dot files = no
>>
>> ## new session kills possible old connection from the same IP. Avoids
>> lock on files by old connections
>> reset on zero vc = yes
>>
>> [netlogon]
>> path = /var/lib/samba/sysvol/humgen.0zone/scripts
>> read only = Yes
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> <<<<< smb.conf AD-DC END
>>
>> And now as a side note and deja vu for me, look what I wrote in the
>> old smb.conf (still working since 2009) for a NT-domain wth
>> Samba/smbd version 3.4.0 :)
>>
>> ## samba accepts no new computer in the domain if this
>> ## browse options equals NO ?!
>> preferred master = yes
>> local master = yes
>> domain master = yes
>>
>> Regards
>> rawi
>
> OK, first question, are you using BIND9_DLZ on the DC ?
>
> Rowland
NO BIND9_DLZ, no dns updates.
As mentioned (commented) in the confiig: all dns comes from bind9 from
static zones containing all I have and supplementary all records samba AD-DC
would need (SOA for _msdcs and it's objects etc.).
The newer Windows Versions (7 and 8.1) are doing perfectly.
rawi
--
View this message in context: http://samba.2283325.n4.nabble.com/Difficulties-with-Windows-XP-failed-to-find-cifs-fileserver-y-z-Y-Z-in-keytab-arcfour-hmac-md5-tp4713385p4713552.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list