Web lists-archives.com

Re: [Samba] Help win10 join




If you have set an "classic" NT4 style domain, you may need to set the signorseal registry key

My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal=0

(same as Windows 7.)

I would also check samba parameters to make sure that NTLM v2 is enabled for authentication. I don't know if Windows 10 supports NTLM v1.

Also, for Windows 10 you MAY want to disable smb v3. Windows 7 does not use SMB v3, but Windows 10 does, but the SMB3 compatibility between windows 10 and Samba 4.x is not very good. However, I don't think that would affect login.


I would also look at upgrading to Ubuntu 16 - I think Samba 4.3.11 is EOL which means that at some point a Windows security patch may break compatibility with Samba.

Obviously if you already have kerberos and ldap backend used for other stuff besides samba, switch to samba AD is a significant decision. While Samba in classic mode can use your OpenLDAP (or whatever) LDAP server, Samba in AD will expect to use its own LDAP server, and I think still expects Heimdal KRB server not MIT. Which means any LDAP and kerberos stuff used by your linux machines will need to be reconfigured.



My classic PDC (version 4.1.14) is configured with the following settings


        server max protocol = NT1
        server min protocol = NT1
         server signing = default
        ntlm auth = Yes
        ldap server require strong auth = Yes
        allow dcerpc auth level connect = No







On 09/14/17 06:36, Rowland Penny via samba wrote:
On Thu, 14 Sep 2017 11:40:13 +0200
Marco Gemignani <marko.gem@xxxxxxxxx> wrote:


Il 14/09/2017 11:24, Rowland Penny via samba ha scritto:
On Thu, 14 Sep 2017 10:31:42 +0200
Marco Gemignani via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,

i have a LDAP+Kerberos+nfs+samba server and Windows 7 workstation
joined to domain

now i have some new workstation to join samba AD, but unable to
join them

i try and try many solution, but no success

need some help


And we need some help to try and help you ;-)

How is Samba set up ?
install in this way

sudo apt-get install samba
Version 4.3.11-Ubuntu
server configured as that guide:
https://www.danbishop.org/2015/01/30/ubuntu-14-04-ultimate-server-guide/
Hmm, you do realise that should be called the 'Ubuntu 14.04 Ultimate
Old Type Server Guide', quite a few of the stages could be removed if
you set it up as an AD DC instead.

Why have you set up Samba as an NT4-Style PDC ?
Why haven't you set up an AD DC instead ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba