[Samba] Windows 10 cannot connect without SMB1

K. R. Foley kr at cybsft.com
Sun Feb 28 19:17:02 UTC 2021

On 2/28/21 12:31 PM, K. R. Foley via samba wrote:
> On 2/28/21 11:12 AM, Rowland penny via samba wrote:
>> On 28/02/2021 17:01, K. R. Foley wrote
>>> One other thing that might be worth mentioning, I am not sure. I 
>>> migrated an NT4 domain using the classicupgrade. This was a new 
>>> server that I copied the data to from an existing server and then 
>>> ran the classic upgrade.
>> I wonder if everything else is set up correctly, Bind9 for instance. 
>> Can you download this script:
>> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>> Run it on the DC and then post the output in a reply to this, 
>> sanitise it if you want, but do not attach it, this list strips 
>> attachments.
>> Rowland
> As soon as it tried to test the _kerberos._tcp records it blew apart. 
> I have run the configuration / migration multiple times playing around 
> with different domains. Maybe I screwed something up or missed a step 
> along the way. I am going to start from scratch again and I will 
> report back after I am done. Thanks.
Okay. Turns out the problem with the script was that the 
/etc/resolv.conf had been overwritten. After I resolved that, I was able 
to run the script and capture the output below:

Collected config  --- 2021-02-28-12:54 -----------

Hostname: ss-prod
DNS Domain: local.richardshapiro.com
FQDN: ss-prod.local.richardshapiro.com
Kerberos SRV _kerberos._tcp.local.richardshapiro.com record verified ok, 
sample output:

_kerberos._tcp.local.richardshapiro.com    service = 0 100 88 
Samba is running as an AD DC
        Checking file: /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID_LIKE="rhel fedora"
PRETTY_NAME="CentOS Linux 7 (Core)"


This computer is running an unknown distribution x86_64
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet scope host lo
     inet6 ::1/128 scope host
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP 
group default qlen 1000
     link/ether 12:ef:f5:d8:2b:d5 brd ff:ff:ff:ff:ff:ff
     inet brd scope global dynamic ens5
        valid_lft 2623sec preferred_lft 2623sec
     inet6 fe80::10ef:f5ff:fed8:2bd5/64 scope link
        Checking file: /etc/hosts   localhost localhost.localdomain localhost4 
::1         localhost localhost.localdomain localhost6 
localhost6.localdomain6 ss-prod.local.richardshapiro.com ss-prod
        Checking file: /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search local.richardshapiro.com
        Checking file: /etc/krb5.conf
     default_realm = LOCAL.RICHARDSHAPIRO.COM
     dns_lookup_realm = false
     dns_lookup_kdc = true
        Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid entries include:
#    nisplus            Use NIS+ (NIS version 3)
#    nis            Use NIS (NIS version 2), also called YP
#    dns            Use DNS (Domain Name Service)
#    files            Use the local files
#    db            Use the local database (.db) files
#    compat            Use NIS on compat mode
#    hesiod            Use Hesiod for user lookups
#    [NOTFOUND=return]    Stop searching if not found so far

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files sss
shadow:     files sss
group:      files sss
#initgroups: files sss

#hosts:     db files nisplus nis dns
hosts:      files dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   nisplus sss

publickey:  nisplus

automount:  files nisplus sss
aliases:    files nisplus
        Checking file: /usr/local/samba/etc/smb.conf
# Global parameters
     netbios name = SS-PROD
     server role = active directory domain controller
     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
     workgroup = LOCAL
     idmap_ldb:use rfc2307 = yes
     #log level = 10
     path = /usr/local/samba/var/locks/sysvol
     read only = No

     path = 
     read only = No
Detected bind DLZ enabled..
Warning, detected bind is enabled in smb.conf, but no /etc/bind 
directory found
Installed packages:


More information about the samba mailing list