Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Not able to join windows 10 clients to samba 3.6.23 NT4 Style PDC
2,500 views
Skip to first unread message
Ram Prasad Bikkina
May 13, 2016, 8:50:03 AM5/13/16
to
I prepared samba PDC and not able to join windows 10 clients. Please
suggest any windows 10 registry settings.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
suggest any windows 10 registry settings.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Gaiseric Vandal
May 13, 2016, 9:10:03 AM5/13/16
to
The registry changes for Windows 7 also apply to Windows 10
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
Ram Prasad Bikkina
May 14, 2016, 12:20:04 AM5/14/16
to
---------- Forwarded message ----------
From: Ram Prasad Bikkina <parvath...@gmail.com>
Date: Sat, May 14, 2016 at 9:39 AM
Subject: Re: [Samba] Not able to join windows 10 clients to samba 3.6.23
NT4 Style PDC
To: gaiseri...@gmail.com
Hi Gaiseric Vandal,
I applied these registry settings in my windows 10 PC but not able to join.
It is getting below error.
Note: This information is intended for a network administrator. If
you are not your network's administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory
Domain Controller (AD DC) for domain "samba.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.samba.local
Common causes of this error include the following:>
- The DNS SRV records required to locate a AD DC for the domain are
not registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by
the AD DC at set intervals. This computer is configured to use DNS
servers with the following IP addresses:
192.168.1.2
- One or more of the following zones do not include delegation to its
child zone:
samba.local
local
. (the root zone)
On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal <gaiseri...@gmail.com>
wrote:
From: Ram Prasad Bikkina <parvath...@gmail.com>
Date: Sat, May 14, 2016 at 9:39 AM
Subject: Re: [Samba] Not able to join windows 10 clients to samba 3.6.23
NT4 Style PDC
To: gaiseri...@gmail.com
Hi Gaiseric Vandal,
I applied these registry settings in my windows 10 PC but not able to join.
It is getting below error.
Note: This information is intended for a network administrator. If
you are not your network's administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory
Domain Controller (AD DC) for domain "samba.local":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.samba.local
Common causes of this error include the following:>
- The DNS SRV records required to locate a AD DC for the domain are
not registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by
the AD DC at set intervals. This computer is configured to use DNS
servers with the following IP addresses:
192.168.1.2
- One or more of the following zones do not include delegation to its
child zone:
samba.local
local
. (the root zone)
On Fri, May 13, 2016 at 6:28 PM, Gaiseric Vandal <gaiseri...@gmail.com>
wrote:
Rowland penny
May 14, 2016, 4:20:03 AM5/14/16
to
If this is a new domain, can I suggest you use an AD domain instead.
Windows isn't supposed to work with an NT4-style domain since Version 7
(this is Microsofts view, not mine) and as such, Microsoft could make
the registry hacks inoperative at any time.
The other concern is that the Samba 3.6 series is now EOL and is only
supported by the distros that still use it.
Rowland
Ram Prasad Bikkina
May 14, 2016, 7:20:02 AM5/14/16
to
Hi Rowland Penny,
Thank you for quick response. I have set 'max protocol = nt1' in PDC, but
still same error. I changed registry values as suggested by samba wiki
portal. our limitation is 'we must be use Redhat builtin samba packages
only.
Will it support Samba 4.2 version for Windows 10 Clients which is getting
RHEL 7.2 builtin ?
Present PDC production server is running on samba 3.6 platform, Hence we
are trying the same.
Thank you for quick response. I have set 'max protocol = nt1' in PDC, but
still same error. I changed registry values as suggested by samba wiki
portal. our limitation is 'we must be use Redhat builtin samba packages
only.
Will it support Samba 4.2 version for Windows 10 Clients which is getting
RHEL 7.2 builtin ?
Present PDC production server is running on samba 3.6 platform, Hence we
are trying the same.
Rowland penny
May 14, 2016, 8:00:04 AM5/14/16
to
On 14/05/16 12:15, Ram Prasad Bikkina wrote:
> Hi Rowland Penny,
>
> Thank you for quick response. I have set 'max protocol = nt1' in PDC,
> but still same error. I changed registry values as suggested by samba
> wiki portal. our limitation is 'we must be use Redhat builtin samba
> packages only.
If you are running RHEL 7.2, you must have a RHEL contract, have you
> Hi Rowland Penny,
>
> Thank you for quick response. I have set 'max protocol = nt1' in PDC,
> but still same error. I changed registry values as suggested by samba
> wiki portal. our limitation is 'we must be use Redhat builtin samba
> packages only.
tried raising this with red hat ?
>
> Will it support Samba 4.2 version for Windows 10 Clients which is
> getting RHEL 7.2 builtin ?
do and as far as I know, it works for them.
Rowland
Fausto Disla
May 14, 2016, 8:20:03 AM5/14/16
to
Hi,
This problem sound that the DNS is not working fine.
What is the ip for the sambsa serer and windows pc?
Thanks.
Gracias...
Fausto A. Disla
P. 809.785.5260
P. 809.722.4284
fau...@gmail.com
Enviado desde mi Android.
On May 13, 2016 8:49 AM, "Ram Prasad Bikkina" <parvath...@gmail.com>
wrote:
This problem sound that the DNS is not working fine.
What is the ip for the sambsa serer and windows pc?
Thanks.
Gracias...
Fausto A. Disla
P. 809.785.5260
P. 809.722.4284
fau...@gmail.com
Enviado desde mi Android.
On May 13, 2016 8:49 AM, "Ram Prasad Bikkina" <parvath...@gmail.com>
wrote:
Ram Prasad Bikkina
May 16, 2016, 7:20:03 AM5/16/16
to
Hi Fausto,
Thank you for reply. I configured BIND DNS on same server (PDC).
Hi Rowland,
I have not configured RHEL 7.2 version, If supports the windows 10
clients then I will check it and also My preference is RHEL 6 platform
only because the production servers are running on RHEL 6. If supports
windows 10 with RHEL 6.0 (Samba 3.6.23 version) my most the work will
be reduce otherwise i have to migrate RHEL 6 to RHEL 7.2 ( It is very
difficult process to me)
Note: I will check with Redhat Support team also.
Thanks,
Ram Prasad
Thank you for reply. I configured BIND DNS on same server (PDC).
Hi Rowland,
I have not configured RHEL 7.2 version, If supports the windows 10
clients then I will check it and also My preference is RHEL 6 platform
only because the production servers are running on RHEL 6. If supports
windows 10 with RHEL 6.0 (Samba 3.6.23 version) my most the work will
be reduce otherwise i have to migrate RHEL 6 to RHEL 7.2 ( It is very
difficult process to me)
Note: I will check with Redhat Support team also.
Thanks,
Ram Prasad
Gaiseric Vandal
May 16, 2016, 9:40:04 AM5/16/16
to
If this is an NT4-style domain, then DNS is not essential. Things
like SRV records aren't relevant since a lot of the NT4 is back from the
NetBios days. It looks like your Win 10 machine thinks it is
trying to join an AD domain. Windows clients machines typically are
using DNS to resolve server names to IP addresses. However DNS does
not provide info on locating PDC's and BDC's. That is better handled
with the use of a WINS server (Windows Internet Naming) which is
basically name looking up for "netbios" names and services.
I have configured my PDC to be the WINS server.
In my smb.conf on member server
security = domain
domain master = no
domain logons = no
name resolve order = host wins bcast
workgroup = MYDOMAIN
wins server = IP_OF_PDC
For a classic domain, make sure you have NOT disable NBT (netbios over
tcp/ip) on the client machines. By default it is left enabled.
like SRV records aren't relevant since a lot of the NT4 is back from the
NetBios days. It looks like your Win 10 machine thinks it is
trying to join an AD domain. Windows clients machines typically are
using DNS to resolve server names to IP addresses. However DNS does
not provide info on locating PDC's and BDC's. That is better handled
with the use of a WINS server (Windows Internet Naming) which is
basically name looking up for "netbios" names and services.
I have configured my PDC to be the WINS server.
In my smb.conf on member server
security = domain
domain master = no
domain logons = no
name resolve order = host wins bcast
workgroup = MYDOMAIN
wins server = IP_OF_PDC
For a classic domain, make sure you have NOT disable NBT (netbios over
tcp/ip) on the client machines. By default it is left enabled.
Ram Prasad Bikkina
May 16, 2016, 10:50:04 AM5/16/16
to
Hi Gaiseric,
Thank you for quick reply. I configured my PDC as WINS server and
specified "IP of PDC".
I observed some errors in NMBD log, "become_domain_master_query
failed". I am googling these errors.
On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
Thank you for quick reply. I configured my PDC as WINS server and
specified "IP of PDC".
I observed some errors in NMBD log, "become_domain_master_query
failed". I am googling these errors.
On Mon, May 16, 2016 at 6:57 PM, Gaiseric Vandal
Ram Prasad Bikkina
May 18, 2016, 12:40:03 AM5/18/16
to
Hi,
I resolved NMBD errors, but still same error in windows 10 pro, Could
please suggest any changes in windows 10 PC. Applied registry changes
suggested by samba wiki but no improvement.
I am able to join windows 7 clients without error.
Regards,
Ram
I resolved NMBD errors, but still same error in windows 10 pro, Could
please suggest any changes in windows 10 PC. Applied registry changes
suggested by samba wiki but no improvement.
I am able to join windows 7 clients without error.
Regards,
Ram
Gaiseric Vandal
May 18, 2016, 10:10:03 AM5/18/16
to
Just to verify, did you configure the Win 10 machine as a WINS client
? The PDC will not necessarily be the master browser (showing what
resources are available on the network) - browser elections are
weighted towards machines with newer OS's. You can adjust the "os
level" parameter in smb.conf to bias the election in favor of the PDC
but if WINS is being used none of this should really matter.
Does the machine account exist in samba ? You may need to precreate it
with "smbpasswd -a -m machinename" and then verify that the
"machinename$" account was created. I have an LDAP backend. The unix
machine accounts exist. When samba creates a samba machine account
(either when I use smbpasswd or a computer joins the domain) , samba
updates/adds ldap attributes to the machine account. All the Win
10 machines I have added "recycled" preexisting Windows 7 machine
accounts. With some versions of samba with an ldap backend I had to
manually precreate the samba account and then verify the ldap attributes
were set correctly.
Can you copy and paste the results of the net join command (sanitized of
course to remove any company info.)
What OS is the PDC ? (mine is solaris 11.) Is this from package or
precompiled? Any recent backported patches to fix badblock
vulnerability?
On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?
Some of the "testparm -v" output from my PDC (mostly I disabled lanman
for security and limited SMB versions to CORE and NT1 for file sharing
issues)
Server role: ROLE_DOMAIN_PDC
...
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
...
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
client use spnego principal = No
send spnego principal = No
...
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
...
announce version = 4.9
announce as = NT
...
os level = 20
...
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = Yes
...
[netlogon]
comment = Network Logon Service
path = /export/samba/netlogon
write list = @Administrators, @sysadmin
guest ok = Yes
share modes = No
...
? The PDC will not necessarily be the master browser (showing what
resources are available on the network) - browser elections are
weighted towards machines with newer OS's. You can adjust the "os
level" parameter in smb.conf to bias the election in favor of the PDC
but if WINS is being used none of this should really matter.
Does the machine account exist in samba ? You may need to precreate it
with "smbpasswd -a -m machinename" and then verify that the
"machinename$" account was created. I have an LDAP backend. The unix
machine accounts exist. When samba creates a samba machine account
(either when I use smbpasswd or a computer joins the domain) , samba
updates/adds ldap attributes to the machine account. All the Win
10 machines I have added "recycled" preexisting Windows 7 machine
accounts. With some versions of samba with an ldap backend I had to
manually precreate the samba account and then verify the ldap attributes
were set correctly.
Can you copy and paste the results of the net join command (sanitized of
course to remove any company info.)
What OS is the PDC ? (mine is solaris 11.) Is this from package or
precompiled? Any recent backported patches to fix badblock
vulnerability?
On the windows machines, does "ipconfig /all" show any ipv6 DNS servers ?
Some of the "testparm -v" output from my PDC (mostly I disabled lanman
for security and limited SMB versions to CORE and NT1 for file sharing
issues)
Server role: ROLE_DOMAIN_PDC
...
interfaces =
bind interfaces only = No
security = USER
auth methods =
encrypt passwords = Yes
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
...
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
client use spnego principal = No
send spnego principal = No
...
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
...
announce version = 4.9
announce as = NT
...
os level = 20
...
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = Yes
...
[netlogon]
comment = Network Logon Service
path = /export/samba/netlogon
write list = @Administrators, @sysadmin
guest ok = Yes
share modes = No
...
David Whitney
May 18, 2016, 11:30:03 AM5/18/16
to
A couple of other issues to keep in mind...
Aside from the fact that the errors suggest your W10 box is trying to join
an AD domain, W10 also defaults to a protocol of SMB 3.3 which Samba 3.x
does not support. If you resolve the issue wherein W10 thinks it is joining
an AD domain, there's a strong possibility (if not certainty) you will then
see errors in the log of the W10 box indicating Windows could not log onto
the domain because it could not find a netlogon server. That, in turn,
would be because it could not negotiate a sufficiently secure communication
with the server.
When I encountered this problem, the only solution I found was to disable
SMB 3.3 on the W10 box as noted in
https://support.microsoft.com/en-us/kb/2696547. I re-enabled it when the
version of Samba in the 4.x series that supported SMB 3.3 was released, and
my W10 box has been a content member of my old-style domain since.
Regards,
David
On Wed, May 18, 2016 at 9:00 AM, Gaiseric Vandal <gaiseri...@gmail.com>
wrote:
Aside from the fact that the errors suggest your W10 box is trying to join
an AD domain, W10 also defaults to a protocol of SMB 3.3 which Samba 3.x
does not support. If you resolve the issue wherein W10 thinks it is joining
an AD domain, there's a strong possibility (if not certainty) you will then
see errors in the log of the W10 box indicating Windows could not log onto
the domain because it could not find a netlogon server. That, in turn,
would be because it could not negotiate a sufficiently secure communication
with the server.
When I encountered this problem, the only solution I found was to disable
SMB 3.3 on the W10 box as noted in
https://support.microsoft.com/en-us/kb/2696547. I re-enabled it when the
version of Samba in the 4.x series that supported SMB 3.3 was released, and
my W10 box has been a content member of my old-style domain since.
Regards,
David
On Wed, May 18, 2016 at 9:00 AM, Gaiseric Vandal <gaiseri...@gmail.com>
wrote:
Ram Prasad Bikkina
May 27, 2016, 2:30:03 AM5/27/16
to
Hi Good Morning,
Thank you for everyone and supported me, I struggled a lot to resolve
the problem. However I got a solution for joining windows 10 clients
to Samba PDC (Samba Version 3.6.23) .
I changed workgroup name is from "example.com" to "example" ( I
removed "." from workgroup name), then i can able to join windows 10
clients to Samba PDC without any other settings.
May I know the reason why it is working without "." in workgroup name,
Is there any specific reason?
I tried several settings in smb.conf as well as registry settings in
windows 10 PC but it was not worked.
Regards,
Ram Prasad Bikkina
Thank you for everyone and supported me, I struggled a lot to resolve
the problem. However I got a solution for joining windows 10 clients
to Samba PDC (Samba Version 3.6.23) .
I changed workgroup name is from "example.com" to "example" ( I
removed "." from workgroup name), then i can able to join windows 10
clients to Samba PDC without any other settings.
May I know the reason why it is working without "." in workgroup name,
Is there any specific reason?
I tried several settings in smb.conf as well as registry settings in
windows 10 PC but it was not worked.
Regards,
Ram Prasad Bikkina
Rowland penny
May 27, 2016, 3:20:02 AM5/27/16
to
On 27/05/16 07:18, Ram Prasad Bikkina wrote:
> Hi Good Morning,
>
> Thank you for everyone and supported me, I struggled a lot to resolve
> the problem. However I got a solution for joining windows 10 clients
> to Samba PDC (Samba Version 3.6.23) .
>
> I changed workgroup name is from "example.com" to "example" ( I
> removed "." from workgroup name), then i can able to join windows 10
> clients to Samba PDC without any other settings.
>
> May I know the reason why it is working without "." in workgroup name,
> Is there any specific reason?
HI, this is has nothing to do with Samba, it's a windows thing. If you
> Hi Good Morning,
>
> Thank you for everyone and supported me, I struggled a lot to resolve
> the problem. However I got a solution for joining windows 10 clients
> to Samba PDC (Samba Version 3.6.23) .
>
> I changed workgroup name is from "example.com" to "example" ( I
> removed "." from workgroup name), then i can able to join windows 10
> clients to Samba PDC without any other settings.
>
> May I know the reason why it is working without "." in workgroup name,
> Is there any specific reason?
look here:
https://support.microsoft.com/en-us/kb/909264
Under the heading 'NetBIOS domain names' (note this is another name for
'workgroup'), you will find this:
Names can contain a period (.). However, the name cannot start with a
period. The use of non-DNS names with periods is allowed in Microsoft
Windows NT. However, periods should not be used in Active Directory
domains. If you are upgrading a domain whose NetBIOS name contains a
period, change the name by migrating the domain to a new domain
structure. Do not use periods in new NetBIOS domain names.
This problem has come up before, it may be that Microsoft has tightened
up on the use of the dot '.' with windows 10.
Rowland
Ram Prasad Bikkina
May 27, 2016, 4:10:03 AM5/27/16
to
Hi Rowland,
Thank you so much for your reply. I understood completely about
NetBIOS domain naming conventions. Ok we will migrate to new domain
name type.
Regards,
Ram Prasad
Thank you so much for your reply. I understood completely about
NetBIOS domain naming conventions. Ok we will migrate to new domain
name type.
Regards,
Ram Prasad
Marc
May 27, 2016, 6:00:08 AM5/27/16
to
I need to diabled DNS Required and CompatibilityMode on.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
Am 13.05.16 um 14:17 schrieb Ram Prasad Bikkina:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
Am 13.05.16 um 14:17 schrieb Ram Prasad Bikkina:
0 new messages