[Samba] Can't join Windows 10 to classic domain

Marco Shmerykowsky PE marco at sce-engineers.com
Tue May 29 17:11:57 UTC 2018 

I wasted a bunch of time on this.

Downlevel Windows 10 to version 1703.  It should work and
it seems to hold the connection once the next update takes
hold.

Plan for updating the domain to AD as who knows what MS
will do next.  The 1703 connection could get broken in
the future.


On 5/29/2018 12:16 PM, samba1--- via samba wrote:
> 
> 
> 	I've been running Samba 4 in NT4 Domain mode for a few years, and
> it's been working fine with Windows 7 PCs.
> 
> 	I now need to join a new Windows 10 PC to the domain, but I'm not
> having any success!
> 
> 	When I try to join the domain, the Windows 10 PC says "An Active
> Directory Domain Controller could not be contacted...."
> 
> 	I've tried a few things, including:-
> 
> 	Setting registry entries for:-
> DomainCompatibilityMode = 1
> DNSNameResolutionRequired = 0
> 
> 	Then:-
> [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths]
> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
> [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindowsNetworkProviderHardenedPaths]
> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
> 
> 	I've tried adding entries for the domain controller in hosts and
> lmhosts, and have also tried enabling NetBIOS over TCP/IP.
> 
> 	I've then tried forcing the Windows Client to use SMB1:-
> 
> 	sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
> sc config mrxsmb20 start= disabledI also used the following Powershell
> commands:-
> Get-WindowsOptionalFeature -Online -FeatureName
> SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false
> 
> 	Running the status commands shows SMB1 to be enabled, and SMB2 to be
> disabled.
> 
> 	Should it be possible to join a Windows 10 PC to a Samba NT4 domain,
> and if so, what am I missing?
> 
> 	One thing I haven't tried is forcing Samba to "server max protocol =
> NT1" - mainly because I'm worried it might cause problems with all the
> existing Windows 7 clients, and also because of potential security
> risks.  I thought it might be 'safer' to force the Windows 10 PC to
> use SMB1 rather change anything on the server.
> 
> 	Any help would be much appreciated!
> 

---
This email has been checked for viruses by AVG.
https://www.avg.com

More information about the samba mailing list