Marcel Ebbrecht
2015-Aug-13 11:51 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :)
Hi Folks, after some days of intensive google-work I didn't find a solution for joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP based NT Domain. I know, that I should switch to Samba4 but we got hundreds of scripts, services, devices and other stuff (our coffeemachine estimates the preferred strength for each user ... mission critical ;) ) that use the ldap service for nearly anything so the migration is a little bit more work than just install a apackage and migrate the tree... and until this issue with joining domain with windows 10 we dont need it ... When I try to join the Domain, the clients tries to contact our ldap daemon on udp/389: tcpdump: 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length 150 according to http://www.openldap.org/lists/openldap-technical/201303/msg00222.html this is problematic ... Has anyone a nice workaround for that problem ? In other words: Is anyone here who joined a Samba3/LDAP based domain with windows 10 ? Greetings -- Marcel Ebbrecht <m.ebbrecht at dortmundit.de> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150813/e51876fa/signature.sig>
Marcel Ebbrecht
2015-Aug-13 12:35 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :)
UPDATE: I rebuild slapd with cldap support - but still cannot join the domain :/ Marcel Ebbrecht <m.ebbrecht at dortmundit.de> e2 consulting UG (haftungsbeschraenkt) Geschaeftssitz: Rheinlanddamm 201 D-44139 Dortmund Telefon: +49 231 / 39982051 Telefax: +49 231 / 44677897 Mobil: +49 160 / 90345852 Jabber: m.ebbrecht at dortmundit.de Internet: https://www.dortmundit.de Handelsregister Dortmund HRB 24666 Geschaeftsfuehrer: Marcel Ebbrecht Steuernummer: 314/5723/1889 USTID: DE283203942 PKI: https://ssl.dortmundit.de:18016 AGB: http://agb.dortmundit.de Diese E-Mail und moegliche Anhaenge enthalten vertrauliche Informationen, die rechtlich besonders geschuetzt sein koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund eines technischen Fehlers oder eines Versehens erhalten haben, informieren Sie uns bitte sofort und loeschen Sie anschliessend die E-Mail. Das unbefugte Kopieren dieser E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der enthaltenen Informationen an Dritte ist nicht gestattet. This e-mail message together with its attachments, if any, is confidential and may contain information subject to legal privilege (e.g. attorney-client-privilege). If you are not the intended recipient or have received this e-mail in error, please inform us immediately and delete this message. Any unauthorised copying of this message (and attachments) or unauthorised distribution of the information contained herein is prohibited. Go Green! Print this email only when necessary. Am 13.08.2015 um 13:51 schrieb Marcel Ebbrecht:> Hi Folks, > > after some days of intensive google-work I didn't find a solution for > joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP based > NT Domain. > > I know, that I should switch to Samba4 but we got hundreds of scripts, > services, devices and other stuff (our coffeemachine estimates the > preferred strength for each user ... mission critical ;) ) that use the > ldap service for nearly anything so the migration is a little bit more > work than just install a apackage and migrate the tree... and until this > issue with joining domain with windows 10 we dont need it ... > > When I try to join the Domain, the clients tries to contact our ldap > daemon on udp/389: > > tcpdump: > 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length 150 > > according to > http://www.openldap.org/lists/openldap-technical/201303/msg00222.html > this is problematic ... > > Has anyone a nice workaround for that problem ? In other words: Is > anyone here who joined a Samba3/LDAP based domain with windows 10 ? > > Greetings > > >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150813/d265ce02/signature.sig>
Rowland Penny
2015-Aug-13 12:42 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :)
On 13/08/15 12:51, Marcel Ebbrecht wrote:> Hi Folks, > > after some days of intensive google-work I didn't find a solution for > joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP based > NT Domain. > > I know, that I should switch to Samba4 but we got hundreds of scripts, > services, devices and other stuff (our coffeemachine estimates the > preferred strength for each user ... mission critical ;) ) that use the > ldap service for nearly anything so the migration is a little bit more > work than just install a apackage and migrate the tree... and until this > issue with joining domain with windows 10 we dont need it ... > > When I try to join the Domain, the clients tries to contact our ldap > daemon on udp/389: > > tcpdump: > 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length 150 > > according to > http://www.openldap.org/lists/openldap-technical/201303/msg00222.html > this is problematic ... > > Has anyone a nice workaround for that problem ? In other words: Is > anyone here who joined a Samba3/LDAP based domain with windows 10 ? > > Greetings > > >Don't know, but you might find it easier to use a Samba4/LDAP based domain with windows 10, though thinking about it, I seem to think I read something about windows 10 not being able to connect to an NT4-style domain. But just in case it will work, I will say this again, but louder, YOU CAN USE SAMBA4 JUST LIKE SAMBA3, YOU DON'T HAVE TO USE IT FOR AN AD DOMAIN! Rowland
Marcel Ebbrecht
2015-Aug-13 12:49 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :)
Another Update: We got ldap and samba on different hosts - a customer got ldap and samba on same host -> works ... hmmm... Marcel Ebbrecht <m.ebbrecht at dortmundit.de> e2 consulting UG (haftungsbeschraenkt) Geschaeftssitz: Rheinlanddamm 201 D-44139 Dortmund Telefon: +49 231 / 39982051 Telefax: +49 231 / 44677897 Mobil: +49 160 / 90345852 Jabber: m.ebbrecht at dortmundit.de Internet: https://www.dortmundit.de Handelsregister Dortmund HRB 24666 Geschaeftsfuehrer: Marcel Ebbrecht Steuernummer: 314/5723/1889 USTID: DE283203942 PKI: https://ssl.dortmundit.de:18016 AGB: http://agb.dortmundit.de Diese E-Mail und moegliche Anhaenge enthalten vertrauliche Informationen, die rechtlich besonders geschuetzt sein koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund eines technischen Fehlers oder eines Versehens erhalten haben, informieren Sie uns bitte sofort und loeschen Sie anschliessend die E-Mail. Das unbefugte Kopieren dieser E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der enthaltenen Informationen an Dritte ist nicht gestattet. This e-mail message together with its attachments, if any, is confidential and may contain information subject to legal privilege (e.g. attorney-client-privilege). If you are not the intended recipient or have received this e-mail in error, please inform us immediately and delete this message. Any unauthorised copying of this message (and attachments) or unauthorised distribution of the information contained herein is prohibited. Go Green! Print this email only when necessary. Am 13.08.2015 um 13:51 schrieb Marcel Ebbrecht:> Hi Folks, > > after some days of intensive google-work I didn't find a solution for > joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP based > NT Domain. > > I know, that I should switch to Samba4 but we got hundreds of scripts, > services, devices and other stuff (our coffeemachine estimates the > preferred strength for each user ... mission critical ;) ) that use the > ldap service for nearly anything so the migration is a little bit more > work than just install a apackage and migrate the tree... and until this > issue with joining domain with windows 10 we dont need it ... > > When I try to join the Domain, the clients tries to contact our ldap > daemon on udp/389: > > tcpdump: > 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length 150 > > according to > http://www.openldap.org/lists/openldap-technical/201303/msg00222.html > this is problematic ... > > Has anyone a nice workaround for that problem ? In other words: Is > anyone here who joined a Samba3/LDAP based domain with windows 10 ? > > Greetings > > >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150813/5679b336/signature.sig>
Harry Jede
2015-Aug-13 13:13 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :)
On 15:06:58 wrote Marcel Ebbrecht:> Hi Folks, > > after some days of intensive google-work I didn't find a solution for > joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP > based NT Domain. > > I know, that I should switch to Samba4 but we got hundreds of > scripts, services, devices and other stuff (our coffeemachine > estimates the preferred strength for each user ... mission critical > ;) ) that use the ldap service for nearly anything so the migration > is a little bit more work than just install a apackage and migrate > the tree... and until this issue with joining domain with windows 10 > we dont need it ... > > When I try to join the Domain, the clients tries to contact our ldap > daemon on udp/389: > > tcpdump: > 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length > 150 > > according to > http://www.openldap.org/lists/openldap-technical/201303/msg00222.html > this is problematic ... > > Has anyone a nice workaround for that problem ? In other words: Is > anyone here who joined a Samba3/LDAP based domain with windows 10 ? > > GreetingsWer lesen kann, ist klar im Vorteil. Standard Spruch zahlreicher Lehrer. You may have searched the archive of this list and then found: https://lists.samba.org/archive/samba/2015-June/192004.html and https://lists.samba.org/archive/samba/2015-June/192265.html -- Gruss aus dem sonnigen Dortmund Harry Jede
Marcel Ebbrecht
2015-Aug-13 15:33 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :) - SOLVED
FINAL UPDATE: Simple Reason: We got a dot in Domainname -> Win10 uses dns / ldap (udp) and fails - customer got no dot -> Everything goes the classic way (Netbios) and worked So I changed the Domain from foo.lan to foo ... everything fine Marcel Ebbrecht <m.ebbrecht at dortmundit.de> e2 consulting UG (haftungsbeschraenkt) Geschaeftssitz: Rheinlanddamm 201 D-44139 Dortmund Telefon: +49 231 / 39982051 Telefax: +49 231 / 44677897 Mobil: +49 160 / 90345852 Jabber: m.ebbrecht at dortmundit.de Internet: https://www.dortmundit.de Handelsregister Dortmund HRB 24666 Geschaeftsfuehrer: Marcel Ebbrecht Steuernummer: 314/5723/1889 USTID: DE283203942 PKI: https://ssl.dortmundit.de:18016 AGB: http://agb.dortmundit.de Diese E-Mail und moegliche Anhaenge enthalten vertrauliche Informationen, die rechtlich besonders geschuetzt sein koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund eines technischen Fehlers oder eines Versehens erhalten haben, informieren Sie uns bitte sofort und loeschen Sie anschliessend die E-Mail. Das unbefugte Kopieren dieser E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der enthaltenen Informationen an Dritte ist nicht gestattet. This e-mail message together with its attachments, if any, is confidential and may contain information subject to legal privilege (e.g. attorney-client-privilege). If you are not the intended recipient or have received this e-mail in error, please inform us immediately and delete this message. Any unauthorised copying of this message (and attachments) or unauthorised distribution of the information contained herein is prohibited. Go Green! Print this email only when necessary. Am 13.08.2015 um 13:51 schrieb Marcel Ebbrecht:> Hi Folks, > > after some days of intensive google-work I didn't find a solution for > joining Windows 10 Clients (release version) to Samba 3.6.6 LDAP based > NT Domain. > > I know, that I should switch to Samba4 but we got hundreds of scripts, > services, devices and other stuff (our coffeemachine estimates the > preferred strength for each user ... mission critical ;) ) that use the > ldap service for nearly anything so the migration is a little bit more > work than just install a apackage and migrate the tree... and until this > issue with joining domain with windows 10 we dont need it ... > > When I try to join the Domain, the clients tries to contact our ldap > daemon on udp/389: > > tcpdump: > 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: UDP, length 150 > > according to > http://www.openldap.org/lists/openldap-technical/201303/msg00222.html > this is problematic ... > > Has anyone a nice workaround for that problem ? In other words: Is > anyone here who joined a Samba3/LDAP based domain with windows 10 ? > > Greetings > > >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150813/aa18fa1b/signature.sig>
L.P.H. van Belle
2015-Aug-14 06:43 UTC
[Samba] Samba 3 with LDAP vs. Windows 10 - I KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :) - SOLVED
try setting dns proxy = yes if its not set yet. Greetz. Louis>-----Oorspronkelijk bericht----- >Van: samba [mailto:samba-bounces at lists.samba.org] Namens >Marcel Ebbrecht >Verzonden: donderdag 13 augustus 2015 17:33 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Samba 3 with LDAP vs. Windows 10 - I >KNOW SAMBA3 IS DEPRECATED, BUT COULD BE INTERESTING :) - SOLVED > >FINAL UPDATE: Simple Reason: We got a dot in Domainname -> Win10 uses >dns / ldap (udp) and fails - customer got no dot -> Everything goes the >classic way (Netbios) and worked > >So I changed the Domain from foo.lan to foo ... everything fine > >Marcel Ebbrecht <m.ebbrecht at dortmundit.de> >e2 consulting UG (haftungsbeschraenkt) > >Geschaeftssitz: >Rheinlanddamm 201 >D-44139 Dortmund > >Telefon: +49 231 / 39982051 >Telefax: +49 231 / 44677897 >Mobil: +49 160 / 90345852 >Jabber: m.ebbrecht at dortmundit.de >Internet: https://www.dortmundit.de > >Handelsregister Dortmund HRB 24666 >Geschaeftsfuehrer: Marcel Ebbrecht >Steuernummer: 314/5723/1889 >USTID: DE283203942 > >PKI: https://ssl.dortmundit.de:18016 > >AGB: http://agb.dortmundit.de > >Diese E-Mail und moegliche Anhaenge enthalten vertrauliche >Informationen, die rechtlich besonders geschuetzt sein >koennen. Wenn Sie nicht der beabsichtigte Empfaenger bzw. >Adressat dieser E-mail sind und diese E-Mail etwa aufgrund >eines technischen Fehlers oder eines Versehens erhalten haben, >informieren Sie uns bitte sofort und loeschen Sie >anschliessend die E-Mail. Das unbefugte Kopieren dieser >E-Mail, etwaiger Anhaenge sowie die unbefugte Weitergabe der >enthaltenen Informationen an Dritte ist nicht gestattet. > >This e-mail message together with its attachments, if any, is >confidential and may contain information subject to legal >privilege (e.g. attorney-client-privilege). If you are not the >intended recipient or have received this e-mail in error, >please inform us immediately and delete this message. Any >unauthorised copying of this message (and attachments) or >unauthorised distribution of the information contained herein >is prohibited. > >Go Green! Print this email only when necessary. > >Am 13.08.2015 um 13:51 schrieb Marcel Ebbrecht: >> Hi Folks, >> >> after some days of intensive google-work I didn't find a solution for >> joining Windows 10 Clients (release version) to Samba 3.6.6 >LDAP based >> NT Domain. >> >> I know, that I should switch to Samba4 but we got hundreds >of scripts, >> services, devices and other stuff (our coffeemachine estimates the >> preferred strength for each user ... mission critical ;) ) >that use the >> ldap service for nearly anything so the migration is a >little bit more >> work than just install a apackage and migrate the tree... >and until this >> issue with joining domain with windows 10 we dont need it ... >> >> When I try to join the Domain, the clients tries to contact our ldap >> daemon on udp/389: >> >> tcpdump: >> 12:38:24.823478 IP hugo.foo.bar.56137 > dc1.foo.bar.ldap: >UDP, length 150 >> >> according to >> http://www.openldap.org/lists/openldap-technical/201303/msg00222.html >> this is problematic ... >> >> Has anyone a nice workaround for that problem ? In other words: Is >> anyone here who joined a Samba3/LDAP based domain with windows 10 ? >> >> Greetings >> >> >> > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba >