[Samba] Windows 10 won't join Samba 3 domain

David Whitney soonerdew at gmail.com
Thu Jul 19 11:40:22 UTC 2018 

Unfortunately, I must concur with others that joining a Win10 box to an
older Samba domain - even one as late as Samba 4 - is no longer possible.

My experience was that my Windows 10 box, when asked to join the domain,
queries DNS *only* for the AD _ldap record for the domain. I also noted
that in the latest build of Windows 10, the "domain join" dialog has been
slightly altered to say "Join an Active Directory Domain." I think this was
also s subtle hint from MS that support for NT-style domains (and,
implicitly, older-style Samba domains like mine) has finally ended.

If someone has experience to the contrary, I"d love to hear about it!

On Thu, Jul 19, 2018 at 5:16 AM Konstantin Boyandin via samba <
samba at lists.samba.org> wrote:

> Hello,
>
> Given:
> - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN")
> - Windows 10 Enterprise workstation
>
> 1. Workstation (currently in WORKGROUP workgroup) is assigned computer
> (NetBIOS) name "sirius"
>
> 2. The instructions below:
>
> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
>
> have been applied (the 2 registry values added, workstation rebooted)
>
> 3. Corresponding machine name has been added on Samba PDC via
>
> useradd -M -g 515 sirius$
> smbpasswd -a -m sirius
>
> 4. Firewall settings on Windows machine do not prevent communication
> with the PDC.
>
> When I try to join workstation to domain LAN (from "This PC" ->
> "Properties" -> "Change settings"), the only reaction is pop-up:
>
> ============= details below
> An Active Directory Domain Controller (AD DC) for the domain "LAN" could
> not be contacted"
> Ensure that the domain name is typed correctly.
> If the name is correct, click "Details" for troubleshooting
> information."
> ============= details above
>
> When I click "Details, the below is displayed:
>
> ============= details below
> Note: This information is intended for a network administrator.  If you
> are not your network's administrator, notify the administrator that you
> received this information, which has been recorded in the file
> C:\WINDOWS\debug\dcdiag.txt.
>
> The domain name "LAN" might be a NetBIOS domain name.  If this is the
> case, verify that the domain name is properly registered with WINS.
>
> If you are certain that the name is not a NetBIOS domain name, then the
> following information can help you troubleshoot your DNS configuration.
>
> The following error occurred when DNS was queried for the service
> location (SRV) resource record used to locate an Active Directory Domain
> Controller (AD DC) for domain "LAN":
>
> The error was: "DNS name does not exist."
> (error code 0x0000232B RCODE_NAME_ERROR)
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN
>
> Common causes of this error include the following:
>
> - The DNS SRV records required to locate a AD DC for the domain are not
> registered in DNS. These records are registered with a DNS server
> automatically when a AD DC is added to a domain. They are updated by the
> AD DC at set intervals. This computer is configured to use DNS servers
> with the following IP addresses:
>
> 10.1.0.1
> 10.1.0.5
>
> - One or more of the following zones do not include delegation to its
> child zone:
>
> LAN
> . (the root zone)
> ============= details below
>
> /etc/samba/smb.conf:
> ============= smb.conf below
> [global]
> unix charset = UTF8
> workgroup = LAN
> netbios name = PDCLAN
> server max protocol = NT1
> server string = PDCLAN - LAN Samba PDC
> passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10"
> username map = /etc/samba/smbusers
> interfaces = eth0 lo
> bind interfaces only = yes
> enable privileges = yes
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 0
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = CUPS
> add user script = /usr/sbin/smbldap-useradd -m '%u'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u'
> shutdown script = /var/lib/samba/scripts/shutdown.sh
> abort shutdown script = /sbin/shutdown -c
> logon script = %u.bat
> logon drive = W:
> logon home = \\%L\%u
> logon path = \\%L\profiles\%u
> domain logons = Yes
> domain master = Yes
> wins support = Yes
> ldapsam:trusted = no
> ldap ssl = off
> ldap suffix = dc=company,dc=lan
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap admin dn = cn=Manager,dc=company,dc=lan
> idmap backend = ldap://127.0.0.1
> idmap uid = 500-20000
> idmap gid = 500-20000
> printer admin = root
> printing = cups
> ============= smb.conf above
>
> PDC lives in intranet, in DNS root zone .lan.
>
> Note: there were many a Windows 7, Windows 8/8.1, other Windows 10;
> Windows 2012, and Windows 1026 servers which joined the above domain,
> following the same instructions, without a glitch.
>
> I would appreciate any helpful piece of advice.
>
> Sincerely,
> Konstantin
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list