[Samba] Win10 and NT mode: netlogon script seems does not run anymore.

Rowland penny rpenny at samba.org
Thu Aug 27 09:59:18 UTC 2020

On 27/08/2020 08:49, L.P.H. van Belle via samba wrote:
> https://support.microsoft.com/en-us/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias
> @Rowland  have a good look at this one. This one is hitting the list.. (i have seen this problem also).
I think everyone knows my views on NT4-style domains, they were a good 
idea at the time, but that time is most definitely not now ;-)

The link Louis provided is interesting, it seems to backup what I have 
always thought, you cannot use a CNAME for an NT4-style domain, but for 
a reason I never thought of, kerberos.

The link says 'Important Do not use DNS CNAMEs in the future for file 
servers.', but then goes on to tell you how to use them.

If you want to still give "alternate names" to servers, you can do so 
with the following command:

Which is wrong/incomplete, it should be:
netdom computername <computers short hostname> /add:<fully qualified CNAME>

Though I cannot get it to work from a Win10 computer

What amused me was the section headed 'Not recommended', where they then 
went on to tell you to not set SPN's on non Windows fileservers and how 
to do it :D

 From reading the link it looks like 'samba-tool dns add <server> <zone> 
<name> <CNAME> fqdn_string' should be updated to allow adding SPN's

Another thought I had was, perhaps 'smb ports = 139' should be set in an 
NT4-style PDC smb.conf


More information about the samba mailing list