Michael Tokarev
2014-Dec-06 18:17 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
Hello. For may years we're running a classic (NT-style) domain with many machines (mostly windows7 these days). Initially it was set up using samba3, and now we upgraded samba to samba4 (4.1.11), without introducing AD functionality (it is not needed). I especially asked in several places whenever samba4 supports NT-style domains, and got several positive answers. Now, we're trying to join a new machine to this domain. And it fails with the following message (translated from russian, as it is a ru windows): Unable to join to domain controller of Active Directory domain TLS. Make sure that the name entered is correct. Details: Possible, domain name "TLS" is a NetBIOS-name of the domain. Verify that the name is correctly registered in WINS. If it is not a NetBIOS-name, the following information might help to correct a problem in DNS configuration. Error resolving SRV record _ldap._tcp.dc._msdcs.TLS, name does not exists. Now I wonder if samba4 really supports classic NT4-style domains. Previously it was eaily possible to join win7 machines to the domain, after a small registry tweak (DNSNameResolutionRequired=0 and DomainCompatibilityMode=1 in Lanmanworkstation\Parameters). Now I always see the above when tryin to join. Any way to fix this, without reinstalling samba3, which requires basically re-creating the domain and re-joining all machines to it again, because samba3 is unable to open samba4 registry files? Thank you! /mjt
Rowland Penny
2014-Dec-06 18:47 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
On 06/12/14 18:17, Michael Tokarev wrote:> Hello. > > For may years we're running a classic (NT-style) domain with many > machines (mostly windows7 these days). Initially it was set up > using samba3, and now we upgraded samba to samba4 (4.1.11), without > introducing AD functionality (it is not needed). > > I especially asked in several places whenever samba4 supports NT-style > domains, and got several positive answers. > > Now, we're trying to join a new machine to this domain. And it fails > with the following message (translated from russian, as it is a ru > windows): > > Unable to join to domain controller of Active Directory domain TLS. > > Make sure that the name entered is correct. > > Details: > > Possible, domain name "TLS" is a NetBIOS-name of the domain. > Verify that the name is correctly registered in WINS. > > If it is not a NetBIOS-name, the following information might > help to correct a problem in DNS configuration. > > Error resolving SRV record _ldap._tcp.dc._msdcs.TLS, name does > not exists. > > Now I wonder if samba4 really supports classic NT4-style domains. > Previously it was eaily possible to join win7 machines to the > domain, after a small registry tweak (DNSNameResolutionRequired=0 > and DomainCompatibilityMode=1 in Lanmanworkstation\Parameters). > Now I always see the above when tryin to join. > > Any way to fix this, without reinstalling samba3, which requires > basically re-creating the domain and re-joining all machines to > it again, because samba3 is unable to open samba4 registry files? > > Thank you! > > /mjtAny chance we can see your smb.conf ? Rowland
Michael Tokarev
2014-Dec-06 19:34 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
06.12.2014 21:47, Rowland Penny wrote: []> Any chance we can see your smb.conf ?Sure, here it is. Somehow I forgot to add it initially, even if planned. Thank you for looking into this. /mjt [global] workgroup = TLS server string = %h samba server %v netbios name = FS netbios aliases = PALTUS LINUX SERVER acl allow execute always = true wins support = yes dns proxy = yes interfaces = 192.168.177.2/26 127.0.0.1/8 bind interfaces only = yes allow hosts = 192.168.177.0/26 127.0.0.0/8 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 remote browse sync = 192.168.19.1 security = user encrypt passwords = true passdb backend = tdbsam:/var/lib/samba/passdb.tdb obey pam restrictions = yes unix password sync = no pam password change = yes username map = /etc/samba/username.map utmp = yes hostname lookups = yes # temp for win95 lanman auth = yes ########## Domains ########### preferred master = auto domain master = yes local master = yes domain logons = yes os level = 64 # added to try to join a machine to samba4 domain, does not help server role = classic primary domain controller # Location of the user's profile directory logon path = \\%L\%U\Profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) logon drive = H: logon home = \\%L\%U load printers = no printing = bsd ; printcap name = /etc/printcap print command = lpr -h -P%p '%s'; rm -f '%s' map archive = no # map hidden = yes # map system = yes create mask = 0775 directory mask = 0775 host msdfs = yes # unix ext and wide links are incompatible. we need wide links. unix extensions = no wide links = yes #======================= Share Definitions ====================== [homes] comment = Home Directories browseable = no [... other share definitions follow....]> Rowland >
Michael Tokarev
2014-Dec-06 19:36 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
To: Rowland Penny <rowlandpenny at googlemail.com> 06.12.2014 21:47, Rowland Penny wrote: []> Any chance we can see your smb.conf ?Sure, here it is. Somehow I forgot to add it initially, even if planned. Thank you for looking into this. /mjt [global] workgroup = TLS server string = %h samba server %v netbios name = FS netbios aliases = PALTUS LINUX SERVER acl allow execute always = true wins support = yes dns proxy = yes interfaces = 192.168.177.2/26 127.0.0.1/8 bind interfaces only = yes allow hosts = 192.168.177.0/26 127.0.0.0/8 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 remote browse sync = 192.168.19.1 security = user encrypt passwords = true passdb backend = tdbsam:/var/lib/samba/passdb.tdb obey pam restrictions = yes unix password sync = no pam password change = yes username map = /etc/samba/username.map utmp = yes hostname lookups = yes # temp for win95 lanman auth = yes ########## Domains ########### preferred master = auto domain master = yes local master = yes domain logons = yes os level = 64 # added to try to join a machine to samba4 domain, does not help server role = classic primary domain controller # Location of the user's profile directory logon path = \\%L\%U\Profile # The following setting only takes effect if 'domain logons' is set # It specifies the location of a user's home directory (from the client # point of view) logon drive = H: logon home = \\%L\%U load printers = no printing = bsd ; printcap name = /etc/printcap print command = lpr -h -P%p '%s'; rm -f '%s' map archive = no # map hidden = yes # map system = yes create mask = 0775 directory mask = 0775 host msdfs = yes # unix ext and wide links are incompatible. we need wide links. unix extensions = no wide links = yes #======================= Share Definitions ====================== [homes] comment = Home Directories browseable = no [... other share definitions follow....]> Rowland >
Andrew Bartlett
2014-Dec-07 08:00 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
On Sat, 2014-12-06 at 21:17 +0300, Michael Tokarev wrote:> Hello. > > For may years we're running a classic (NT-style) domain with many > machines (mostly windows7 these days). Initially it was set up > using samba3, and now we upgraded samba to samba4 (4.1.11), without > introducing AD functionality (it is not needed). > > I especially asked in several places whenever samba4 supports NT-style > domains, and got several positive answers. > > Now, we're trying to join a new machine to this domain. And it fails > with the following message (translated from russian, as it is a ru > windows): > > Unable to join to domain controller of Active Directory domain TLS. > > Make sure that the name entered is correct. > > Details: > > Possible, domain name "TLS" is a NetBIOS-name of the domain. > Verify that the name is correctly registered in WINS. > > If it is not a NetBIOS-name, the following information might > help to correct a problem in DNS configuration. > > Error resolving SRV record _ldap._tcp.dc._msdcs.TLS, name does > not exists. > > Now I wonder if samba4 really supports classic NT4-style domains.It really is still expected to, and no intentional changes have been made to that. I suspect a genuine netbios name resolution issue, rather than something bigger. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Michael Tokarev
2014-Dec-07 09:24 UTC
[Samba] Runnung samba4 as classic domain controller, win7 thinks it is AD
07.12.2014 11:00, Andrew Bartlett wrote:> On Sat, 2014-12-06 at 21:17 +0300, Michael Tokarev wrote:[]>> Possible, domain name "TLS" is a NetBIOS-name of the domain. >> Verify that the name is correctly registered in WINS.[]>> Now I wonder if samba4 really supports classic NT4-style domains. > > It really is still expected to, and no intentional changes have been > made to that. I suspect a genuine netbios name resolution issue, rather > than something bigger.I asked around about classic NT-style domain support before upgrading samba, and got positive replies. Speaking of netbios name resolution - it's been years (>10) since this setup is working, back at the time I knew various details but not anymore. What name should be registered in wins for the domain to work? I examined browse.dat files on a samba3 DC and this my samba4 DC (both are set up the same way, I just haven't upgraded samba3 yet), and both shows the same name, like this: "TLS" c0001000 "FS" "TLS" "FS" 408d9b0b "tsrv samba server 4.1.11" "TLS" ... Is this c0001000 enough? Speaking of name resolution -- this is a single subnet, 192.168.177.1/26, all machines receive configuration over dhcp, with the following info: netbios-nodetype 2 (peer to peer) netbios-ns $samba-server netbios-dd $samba-server Again, this worked for years, it only broke after I upgraded samba from samba 3.6 to 4.1. So far, only joining domain does not work, at least I haven't seen anything else is broken (well, except of the fix for https://bugzilla.samba.org/show_bug.cgi?id=10297 which broke another use-case around this, I made comments in that bug report). With netbios-nodetype=2, I think it is effectively all or none -- either all registered names works or none. Thanks, /mjt
Maybe Matching Threads
- Runnung samba4 as classic domain controller, win7 thinks it is AD
- Runnung samba4 as classic domain controller, win7 thinks it is AD
- Runnung samba4 as classic domain controller, win7 thinks it is AD
- Runnung samba4 as classic domain controller, win7 thinks it is AD
- Runnung samba4 as classic domain controller, win7 thinks it is AD