[Samba] Windows 10 won't join Samba 3 domain

Fri Jul 20 07:17:41 UTC 2018

On Fri, 20 Jul 2018 08:22:56 +0700
Konstantin Boyandin via samba <samba at lists.samba.org> wrote:

> Rowland Penny via samba wrote 2018-07-19 20:47:
> > On 19 Jul 2018 09:21:46 -0400
> > Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
> > 
> >> Hello,
> >> 
> >> Thanks to everyone who responded.
> >> 
> >> On 19.07.2018 17:55, Rowland Penny via samba wrote:
> >> > On Thu, 19 Jul 2018 16:36:45 +0700
> >> > Konstantin Boyandin via samba <samba at lists.samba.org> wrote:
> >> >
> >> >> Hello,
> >> >>
> >> >> Given:
> >> >> - Samba 3 domain is set up (runs on Samba 3.6.23, domain name
> >> >> "LAN")
> >> >> - Windows 10 Enterprise workstation
> >> >>
> >> >> 1. Workstation (currently in WORKGROUP workgroup) is assigned
> >> >> computer (NetBIOS) name "sirius"
> >> >>
> >> >> 2. The instructions below:
> >> >>
> >> >> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
> >> >>
> >> >> have been applied (the 2 registry values added, workstation
> >> >> rebooted)
> >> >>
> >> >> 3. Corresponding machine name has been added on Samba PDC via
> >> >>
> >> >> useradd -M -g 515 sirius$
> >> >> smbpasswd -a -m sirius
> >> >>
> >> >> 4. Firewall settings on Windows machine do not prevent
> >> >> communication with the PDC.
> >> >>
> >> >> When I try to join workstation to domain LAN (from "This PC" ->
> >> >> "Properties" -> "Change settings"), the only reaction is pop-up:
> >> >> [...]
> >> 
> >> > The most helpful advice I can give you is, start planning to
> >> > upgrade to active directory NOW. Microsoft seems to be making it
> >> > almost impossible to join Windows 10 to an NT4-style domain,
> >> > there have been several similar posts about this recently.
> >> 
> >> Do you mean switching to Samba 4, or moving entirely to Windows AD
> >> domain?
> >> 
> >> I would prefer to stay with Samba as long as possible (if
> >> possible).
> > 
> > You can do both, upgrade to a Samba Active Directory domain, before
> > it is too late.
> 
> Looks like this transition is nigh, as we absolutely need our zoo of 
> Windows versions joined to a domain.
> 
> My question actually was, does Samba 4 ("Samba Active Directory") in
> its current state emulate AD good enough, to allow staying with 
> Linux-powered AD DC. For almost 10 years we were quite happy with our 
> Samba 3 domain, it worked nicely and gave us almost no serious
> trouble.

It is being used extensively in production, yes, there are problems, but
there are also workarounds for these problems. Samba is also being
worked on extensively and the problems are going away.

> 
> Also, has the mentioned Microsoft change in Windows 10 (the one that 
> explicitly prevents it from joining NT4 domains) officially been 
> published anywhere in Microsoft docs?

Not that I am aware of, but there have been multiple posts saying
basically the same thing, Windows 10 1803 doesn't like NT4-style
domains. This may be something Microsoft is doing on purpose, or it may
just be an artefact of other changes, either way, Microsoft is unlikely
to fix this state of affairs, they EOL'ed NT domains over 10 years ago.

Rowland