[Samba] Windows 10 cannot connect without SMB1
K. R. Foley
kr at cybsft.com
Mon Mar 1 15:57:26 UTC 2021
On 3/1/21 9:40 AM, Rowland penny via samba wrote:
> On 01/03/2021 15:35, K. R. Foley wrote:
>>
>> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
>>> On 01/03/2021 15:04, K. R. Foley wrote:
>>>>
>>>> The firewall is disabled on the client PC. The client and the
>>>> server are on 2 separate subnets separated by a VPN. I am not aware
>>>> of any filtering going on between the two, but I can't say for sure
>>>> without checking. Is there a list of ports somewhere that I can
>>>> check to make sure that they are all being routed over the VPN? I
>>>> have already checked everything that I can see in netstat on the
>>>> server.
>>>
>>>
>>> For port usage, see these wiki pages:
>>>
>>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
>>>
>>> https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>>>
>>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>>
>>>>
>>>> Keep in mind that the client can join the domain fine if I enable
>>>> SMB1 on the client. I don't want to use SMB1. That is why I am
>>>> trying to figure this out. The client seems to think that the
>>>> server is asking for SMB1.
>>>
>>>
>>> This is what I am struggling with, by default SMBv1 is turned off
>>> from Samba 4.11.0 , if you want to use SMBv1 then you have to
>>> explicitly set it in smb.conf. You haven't set it, so your DC
>>> shouldn't be using it, perhaps it is the client that is using it ?
>>>
>>> Rowland
>>>
>> I have disabled SMB1 using "Disable-WindowsOptionalFeature -Online
>> -FeatureName SMB1Protocol". If I enable it, it works.
>>
>> kr
>>
>
> When you join to a domain, the client searches for a DC, I am now
> wondering if something else (that is SMBv1 aware) is replying and
> causing the error message, perhaps the old PDC ?
>
> Rowland
>
Here is the debug from the Windows client. The domain for the old domain
is different.
03/01/2021 09:43:27:468 NetpDoDomainJoin
03/01/2021 09:43:27:468 NetpDoDomainJoin: using current computer names
03/01/2021 09:43:27:468 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios)
returned 0x0
03/01/2021 09:43:27:468 NetpDoDomainJoin:
NetpGetComputerNameEx(DnsHostName) returned 0x0
03/01/2021 09:43:27:468 NetpMachineValidToJoin: 'KR-DEV'
03/01/2021 09:43:27:468 NetpMachineValidToJoin: status: 0x0
03/01/2021 09:43:27:468 NetpJoinDomain
03/01/2021 09:43:27:468 HostName: KR-Dev
03/01/2021 09:43:27:468 NetbiosName: KR-DEV
03/01/2021 09:43:27:468 Domain: local.richardshapiro.com
03/01/2021 09:43:27:468 MachineAccountOU: (NULL)
03/01/2021 09:43:27:468 Account: local.richardshapiro.com\administrator
03/01/2021 09:43:27:468 Options: 0x25
03/01/2021 09:43:27:484 NetpValidateName: checking to see if
'local.richardshapiro.com' is valid as type 3 name
03/01/2021 09:43:27:484 NetpValidateName: 'local.richardshapiro.com' is
not a valid NetBIOS domain name: 0x7b
03/01/2021 09:43:27:577 NetpCheckDomainNameIsValid [ Exists ] for
'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:27:577 NetpValidateName: name
'local.richardshapiro.com' is valid for type 3
03/01/2021 09:43:27:577 NetpDsGetDcName: trying to find DC in domain
'local.richardshapiro.com', flags: 0x1020
03/01/2021 09:43:28:046 NetpDsGetDcName: failed to find a DC having
account 'KR-DEV$': 0x525, last error is 0x0
03/01/2021 09:43:28:046 NetpDsGetDcName: found DC
'\\ss-prod.local.richardshapiro.com' in the specified domain
03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/01/2021 09:43:28:046 NetpDisableIDNEncoding: using FQDN
local.richardshapiro.com from dcinfo
03/01/2021 09:43:28:046 NetpDisableIDNEncoding:
DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com' succeeded
03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDisableIDNEncoding
returned: 0x0
03/01/2021 09:43:28:140 NetUseAdd to
\\ss-prod.local.richardshapiro.com\IPC$ returned 384
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: status of connecting to dc
'\\ss-prod.local.richardshapiro.com': 0x180
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: Function exits with status
of: 0x180
03/01/2021 09:43:28:140 NetpResetIDNEncoding:
DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:28:140 NetpJoinDomainOnDs: NetpResetIDNEncoding on
'local.richardshapiro.com': 0x0
03/01/2021 09:43:28:140 NetpDoDomainJoin: status: 0x180
03/01/2021 09:43:28:155
-----------------------------------------------------------------
03/01/2021 09:43:28:155 NetpDoDomainJoin
03/01/2021 09:43:28:155 NetpDoDomainJoin: using current computer names
03/01/2021 09:43:28:155 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios)
returned 0x0
03/01/2021 09:43:28:155 NetpDoDomainJoin:
NetpGetComputerNameEx(DnsHostName) returned 0x0
03/01/2021 09:43:28:155 NetpMachineValidToJoin: 'KR-DEV'
03/01/2021 09:43:28:155 NetpMachineValidToJoin: status: 0x0
03/01/2021 09:43:28:155 NetpJoinDomain
03/01/2021 09:43:28:155 HostName: KR-Dev
03/01/2021 09:43:28:155 NetbiosName: KR-DEV
03/01/2021 09:43:28:155 Domain: local.richardshapiro.com
03/01/2021 09:43:28:155 MachineAccountOU: (NULL)
03/01/2021 09:43:28:155 Account: local.richardshapiro.com\administrator
03/01/2021 09:43:28:155 Options: 0x27
03/01/2021 09:43:28:155 NetpValidateName: checking to see if
'local.richardshapiro.com' is valid as type 3 name
03/01/2021 09:43:28:155 NetpValidateName: 'local.richardshapiro.com' is
not a valid NetBIOS domain name: 0x7b
03/01/2021 09:43:28:281 NetpCheckDomainNameIsValid [ Exists ] for
'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:28:281 NetpValidateName: name
'local.richardshapiro.com' is valid for type 3
03/01/2021 09:43:28:281 NetpDsGetDcName: trying to find DC in domain
'local.richardshapiro.com', flags: 0x1020
03/01/2021 09:43:28:749 NetpDsGetDcName: failed to find a DC having
account 'KR-DEV$': 0x525, last error is 0x0
03/01/2021 09:43:28:749 NetpDsGetDcName: found DC
'\\ss-prod.local.richardshapiro.com' in the specified domain
03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
03/01/2021 09:43:28:749 NetpDisableIDNEncoding: using FQDN
local.richardshapiro.com from dcinfo
03/01/2021 09:43:28:749 NetpDisableIDNEncoding:
DnsDisableIdnEncoding(UNTILREBOOT) on 'local.richardshapiro.com' succeeded
03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDisableIDNEncoding
returned: 0x0
03/01/2021 09:43:28:765 NetUseAdd to
\\ss-prod.local.richardshapiro.com\IPC$ returned 384
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: status of connecting to dc
'\\ss-prod.local.richardshapiro.com': 0x180
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: Function exits with status
of: 0x180
03/01/2021 09:43:28:765 NetpResetIDNEncoding:
DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com' returned 0x0
03/01/2021 09:43:28:765 NetpJoinDomainOnDs: NetpResetIDNEncoding on
'local.richardshapiro.com': 0x0
03/01/2021 09:43:28:765 NetpDoDomainJoin: status: 0x180
kr
More information about the samba
mailing list