Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Next Problem: windows 10 as samba domain member

266 views
Skip to first unread message

Roland Schwingel

unread,
Jul 9, 2015, 8:40:05 AM7/9/15
to
Hi ...

After having a tough fight the last days with migrating from samba 3.6
to 4.2.2 in one network segment (see my previous posts) I am facing my
next problem:

Domain logons with windows 10 pro.

I got windows 10 pro build 10159 running in a vm. I added the 2 well
known registry changes I always add to windows 7 also to windows 10. So
far so good. I joined the machine to my samba 4.2.2 PDC. Heureka! It
worked smoothly. Now I try to logon with a domain user. On the login
screen I see the error message:

There are currently no logon servers available to service the logon request

Ouch... I spent a bunch of time now trying to find a solution but with
no success. Netlogon appears to be fine.

Has anyone yet succeeded in using windows 10 as domain member with samba
4.2.2?

Here is the smb.conf of my PDC
(I still have to run samba 4.2.2 in NT4 style domain mode)
[global]
unix charset = UTF-8
workgroup = MYDOM
server string = domaincontroller
passdb backend = ldapsam:"ldap://localhost"
log level = 3
log file = /usr/local/samba/var/log.%m
max log size = 500
name resolve order = host bcast
time server = Yes
add machine script = /usr/local/samba/bin/createSambaMachineAccount.php
"%u"
logon script = logonscripts/%U/logon.bat
logon path = \\%N\profiles\%U
logon home =
domain logons = Yes
os level = 66
preferred master = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=Directory Manager
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap,ou=samba
ldap machine suffix = ou=computers,ou=samba
ldap passwd sync = yes
ldap suffix = dc=mydom,dc=com
ldap user suffix = ou=people
idmap config * : range =
idmap config * : backend = tdb
create mask = 0755
hide dot files = No
map hidden = Yes
csc policy = disable
strict locking = No
allow nt4 crypto = Yes

[netlogon]
comment = PDC netlogon
path = /PDC/netlogon
browseable = No
root preexec = /PDC/scripts/sambaCreateHomeAccounts.sh "%u" "%g" "%H"
"%I" "%L"
read only = yes

[profiles]
comment = pdc profiles
path = /PDC/profiles
read only = No
create mask = 0601
directory mask = 0700

I can logon to my domain with this PDC server with all Windows Version
from XP up to 8.1 and 2012 R2 without problems.

Is anyone already running windows 10 as domain member within a samba 4
domain? What where the problems?

Thanks for all your help,

Roland

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Marc Muehlfeld

unread,
Jul 9, 2015, 12:00:03 PM7/9/15
to
Hello Roland,

Am 09.07.2015 um 14:35 schrieb Roland Schwingel:
> I got windows 10 pro build 10159 running in a vm. I added the 2 well
> known registry changes I always add to windows 7 also to windows 10. So
> far so good. I joined the machine to my samba 4.2.2 PDC. Heureka! It
> worked smoothly. Now I try to logon with a domain user. On the login
> screen I see the error message:
>
> There are currently no logon servers available to service the logon request


I've renamed the old "Registry changes for NT4-style domains" page in
the wiki, because Win10 in an Samba NT4 domain requires also an smb.conf
setting. Otherwise you will stop at the "No logon servers available"
problem. To cover everything on one page, a page rename was required.

https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains


Regards,
Marc

Roland Schwingel

unread,
Jul 10, 2015, 3:40:03 AM7/10/15
to
Good Morning Marc,

Marc Muehlfeld <mmueh...@samba.org> wrote on 09.07.2015 17:49:36:
> Am 09.07.2015 um 14:35 schrieb Roland Schwingel:
> > I got windows 10 pro build 10159 running in a vm. I added the 2 well
> > known registry changes I always add to windows 7 also to windows 10. So
> > far so good. I joined the machine to my samba 4.2.2 PDC. Heureka! It
> > worked smoothly. Now I try to logon with a domain user. On the login
> > screen I see the error message:
> >
> > There are currently no logon servers available to service the logon
request
>
> I've renamed the old "Registry changes for NT4-style domains" page in
> the wiki, because Win10 in an Samba NT4 domain requires also an smb.conf
> setting. Otherwise you will stop at the "No logon servers available"
> problem. To cover everything on one page, a page rename was required.
>
> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains

This is great news. I can confirm that this is working here for me too.
After changing to max protocol NT1 I restarted samba on my PDC. But
immediately afterwards a domain logon from win10 was not possible. I
tried it twice (still the old error message) but than was interrupted by
a phone call. After the phone call (~2min) it worked without changing
anything.

Regarding the switch to NT1. This does not make me really happy. I tried
domain logons with win7 and 8.1 using a user with a profile containing
lots of small files. It takes longer on win7/8.1 to login/logout now.
Its about 1.5 times slower in my case. (My PDC
is also hosting the windows profiles.)

Is this going to be the permanent solution? Or is this just
intermediate? Has MS changed/extended something in smb2/3 that samba is
yet not aware of or is it maybe "just" a bug in sambas implementation?

Anyhow: I am glad that samba works now with windows 10. THANK YOU!

Roland

Marc Muehlfeld

unread,
Jul 13, 2015, 12:00:04 PM7/13/15
to
Hello Rowland,

Am 10.07.2015 um 09:36 schrieb Roland Schwingel:
> Regarding the switch to NT1. This does not make me really happy. I tried
> domain logons with win7 and 8.1 using a user with a profile containing
> lots of small files. It takes longer on win7/8.1 to login/logout now.
> Its about 1.5 times slower in my case. (My PDC
> is also hosting the windows profiles.)

The newer SMB protocol versions have some speed improvements compared
with the old SMB1, so this is possible. :-)

However, you can put all the data on a member server with SMB2/3 and
only run the pure PDC with SMB1.



> Is this going to be the permanent solution? Or is this just
> intermediate? Has MS changed/extended something in smb2/3 that samba is
> yet not aware of or is it maybe "just" a bug in sambas implementation?

The problem is, that NT4 support ended a long time ago. Andrew asked MS
a while ago about Win10 and NT4 support:
https://lists.samba.org/archive/samba-technical/2015-June/107624.html

If there are things to fix on the server side, to make everything work
smooth, just file a bug, but if something has been removed on the client
side, then it's time to think about moving to AD or stay at maximum
Win8(.1), which is supported by MS until Jan 2023.



Even if it looks like everything is working now with Win10, I'm curious,
if maybe a future Win update breaks this. MS said, that they want to
continually work and develop Win10. So hopefully Win10 users in an NT4
domain don't have a problem some day after installing a major Windows
update and rebooting... :-/


Regards,
Marc
0 new messages