Web lists-archives.com

Re: [Samba] Can't join Windows 10 to classic domain

On Tue, 29 May 2018 17:16:01 +0100
samba1--- via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 	I've been running Samba 4 in NT4 Domain mode for a few years,
> and it's been working fine with Windows 7 PCs.  
> 	I now need to join a new Windows 10 PC to the domain, but I'm
> not having any success!
> 	When I try to join the domain, the Windows 10 PC says "An
> Active Directory Domain Controller could not be contacted...."
> 	I've tried a few things, including:-
> 	Setting registry entries for:-
> DomainCompatibilityMode = 1
> DNSNameResolutionRequired = 0
> 	Then:-
> [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths]
> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
> [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindowsNetworkProviderHardenedPaths]
> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
> 	I've tried adding entries for the domain controller in hosts
> and lmhosts, and have also tried enabling NetBIOS over TCP/IP.
> 	I've then tried forcing the Windows Client to use SMB1:-
> 	sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
> sc config mrxsmb20 start= disabledI also used the following Powershell
> commands:-
> Get-WindowsOptionalFeature -Online -FeatureName
> SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false
> 	Running the status commands shows SMB1 to be enabled, and
> SMB2 to be disabled.
> 	Should it be possible to join a Windows 10 PC to a Samba NT4
> domain, and if so, what am I missing?
> 	One thing I haven't tried is forcing Samba to "server max
> protocol = NT1" - mainly because I'm worried it might cause problems
> with all the existing Windows 7 clients, and also because of
> potential security risks.  I thought it might be 'safer' to force the
> Windows 10 PC to use SMB1 rather change anything on the server.
> 	Any help would be much appreciated!

There have been reports that the latest win10 will not join an
NT4-style domain, you can probably find workarounds for this but the
writing is on the wall, upgrade to AD.

You certainly don't want to be using NTLMv1, it is very insecure.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba