[Samba] Win10 and NT mode: netlogon script seems does not run anymore.
Rowland penny
rpenny at samba.org
Thu Aug 27 09:59:18 UTC 2020
On 27/08/2020 08:49, L.P.H. van Belle via samba wrote:
> https://support.microsoft.com/en-us/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias
> @Rowland have a good look at this one. This one is hitting the list.. (i have seen this problem also).
I think everyone knows my views on NT4-style domains, they were a good
idea at the time, but that time is most definitely not now ;-)
The link Louis provided is interesting, it seems to backup what I have
always thought, you cannot use a CNAME for an NT4-style domain, but for
a reason I never thought of, kerberos.
The link says 'Important Do not use DNS CNAMEs in the future for file
servers.', but then goes on to tell you how to use them.
If you want to still give "alternate names" to servers, you can do so
with the following command:
NETDOM COMPUTERNAME /ADD
Which is wrong/incomplete, it should be:
netdom computername <computers short hostname> /add:<fully qualified CNAME>
Though I cannot get it to work from a Win10 computer
What amused me was the section headed 'Not recommended', where they then
went on to tell you to not set SPN's on non Windows fileservers and how
to do it :D
From reading the link it looks like 'samba-tool dns add <server> <zone>
<name> <CNAME> fqdn_string' should be updated to allow adding SPN's
Another thought I had was, perhaps 'smb ports = 139' should be set in an
NT4-style PDC smb.conf
Rowland
More information about the samba
mailing list