[Samba] Help win10 join

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Sep 14 12:37:00 UTC 2017 

If you have set an "classic" NT4 style domain, you may need to set the 
signorseal registry key

My 
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal=0

(same as Windows 7.)

I would also check samba parameters to make sure that NTLM v2 is enabled 
for authentication.  I don't know if Windows 10 supports NTLM v1.

Also, for Windows 10 you MAY want to disable smb v3.     Windows 7 does 
not use SMB v3, but Windows 10 does,  but the SMB3 compatibility between 
windows 10 and Samba 4.x is not very good. However, I don't think that 
would affect login.


I would also look at upgrading to Ubuntu 16 -   I think Samba 4.3.11 is 
EOL which means that at some point a Windows security patch may  break 
compatibility with Samba.

Obviously if you already have kerberos and ldap backend used for other 
stuff besides samba, switch to samba AD is a significant decision.  
While Samba in classic mode can use your OpenLDAP (or whatever) LDAP 
server, Samba in AD will expect to use its own LDAP server, and I think 
still expects Heimdal KRB server not MIT.        Which means any LDAP 
and kerberos stuff used by your linux machines will need to be reconfigured.



My classic PDC (version 4.1.14) is configured with the following settings


         server max protocol = NT1
         server min protocol = NT1
          server signing = default
         ntlm auth = Yes
         ldap server require strong auth = Yes
         allow dcerpc auth level connect = No







On 09/14/17 06:36, Rowland Penny via samba wrote:
> On Thu, 14 Sep 2017 11:40:13 +0200
> Marco Gemignani <marko.gem at inwind.it> wrote:
>
>>
>> Il 14/09/2017 11:24, Rowland Penny via samba ha scritto:
>>> On Thu, 14 Sep 2017 10:31:42 +0200
>>> Marco Gemignani via samba <samba at lists.samba.org> wrote:
>>>
>>>> Hi,
>>>>
>>>> i have a LDAP+Kerberos+nfs+samba server and Windows 7 workstation
>>>> joined to domain
>>>>
>>>> now i have some new workstation to join samba AD, but unable to
>>>> join them
>>>>
>>>> i try and try many solution, but no success
>>>>
>>>> need some help
>>>>
>>>>
>>> And we need some help to try and help you ;-)
>>>
>>> How is Samba set up ?
>> install in this way
>>
>> sudo apt-get install samba
>> Version 4.3.11-Ubuntu
>> server configured as that guide:
>> https://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/
> Hmm, you do realise that should be called the 'Ubuntu 14.04 Ultimate
> Old Type Server Guide', quite a few of the stages could be removed if
> you set it up as an AD DC instead.
>
> Why have you set up Samba as an NT4-Style PDC ?
> Why haven't you set up an AD DC instead ?
>
> Rowland
>

More information about the samba mailing list