Web lists-archives.com

Re: [Samba] Can't join Windows 10 to classic domain




The issue does not seem to be connected to SMB1.

It can be installed and it still won't authenticate.
Something has been changed to force authentication to
AD/DNS either solely or as a first step.  The translation
of the netbios name never happens even if the computer
can resolve the name.

Given that the authentication thru netbios resolution
seems to get grandfathered in provided the domain is
joined prior to the latest upgrade, it would seem there
is a tweak that can applied, but who knows.

On 5/30/2018 2:18 AM, L.P.H. van Belle via samba wrote:
Yes, you correct, you wasted time on this..

Read also, this will give more insight.
https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows

Greetz,

Louis

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
Marco Shmerykowsky PE via samba
Verzonden: dinsdag 29 mei 2018 19:12
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Can't join Windows 10 to classic domain

I wasted a bunch of time on this.

Downlevel Windows 10 to version 1703.  It should work and
it seems to hold the connection once the next update takes
hold.

Plan for updating the domain to AD as who knows what MS
will do next.  The 1703 connection could get broken in
the future.


On 5/29/2018 12:16 PM, samba1--- via samba wrote:


	I've been running Samba 4 in NT4 Domain mode for a few
years, and
it's been working fine with Windows 7 PCs.

	I now need to join a new Windows 10 PC to the domain,
but I'm not
having any success!

	When I try to join the domain, the Windows 10 PC says "An Active
Directory Domain Controller could not be contacted...."

	I've tried a few things, including:-

	Setting registry entries for:-
DomainCompatibilityMode = 1
DNSNameResolutionRequired = 0

	Then:-

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProv
iderHardenedPaths]

"\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity
=0,RequirePrivacy=0"

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindows
NetworkProviderHardenedPaths]

"\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity
=0,RequirePrivacy=0"

	I've tried adding entries for the domain controller in hosts and
lmhosts, and have also tried enabling NetBIOS over TCP/IP.

	I've then tried forcing the Windows Client to use SMB1:-

	sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabledI also used the following
Powershell
commands:-
Get-WindowsOptionalFeature -Online -FeatureName
SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false

	Running the status commands shows SMB1 to be enabled,
and SMB2 to be
disabled.

	Should it be possible to join a Windows 10 PC to a
Samba NT4 domain,
and if so, what am I missing?

	One thing I haven't tried is forcing Samba to "server
max protocol =
NT1" - mainly because I'm worried it might cause problems
with all the
existing Windows 7 clients, and also because of potential security
risks.  I thought it might be 'safer' to force the Windows 10 PC to
use SMB1 rather change anything on the server.

	Any help would be much appreciated!


---
This email has been checked for viruses by AVG.
https://www.avg.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba