Rowland penny
2021-Feb-23 16:29 UTC
[Samba] How do I join an Centos8 workstation to an NT4 domain?
On 23/02/2021 14:19, Nick Howitt via samba wrote:> Please don't ream me for using an NT4 domain, but that is the beast I > am stuck with.You might think you are stuck with it, but unless you plan to upgrade to Samba AD, you might find you are stuck without it. NT4-style domains are going away, in fact they were deprecated at 4.13.0 It is your decision, but I felt that I should warn you.> > I am trying to join a Centos 8 workstation to an NT4 domain and the > only notes I have are not really applicable - > https://documentation.clearos.com/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain. > It references Ubuntu and its PAM configuration is irrelevant. In any > case I believe the join is falling down before PAM even comes into play.Ensure that all the Samba daemons are stopped, then try this '[global]' section of the smb.conf: [global] ??????? domain master = No ??????? security = DOMAIN ??????? client min protocol = NT1 ??????? template shell = /bin/bash ??????? winbind use default domain = Yes ??????? workgroup = HOME ??????? idmap config * : range = 3000-7999 ??????? idmap config * : backend = tdb ??????? idmap config HOME : range = 10000000-19999999 ??????? idmap config HOME : backend = rid Try the join again and if it joins, then start winbind followed by smbd and nmbd. Rowland
On 23/02/2021 16:29, Rowland penny via samba wrote:> > On 23/02/2021 14:19, Nick Howitt via samba wrote: >> Please don't ream me for using an NT4 domain, but that is the beast I >> am stuck with. > > > You might think you are stuck with it, but unless you plan to upgrade to > Samba AD, you might find you are stuck without it. NT4-style domains are > going away, in fact they were deprecated at 4.13.0 > > It is your decision, but I felt that I should warn you. > >> >> I am trying to join a Centos 8 workstation to an NT4 domain and the >> only notes I have are not really applicable - >> https://documentation.clearos.com/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain. >> It references Ubuntu and its PAM configuration is irrelevant. In any >> case I believe the join is falling down before PAM even comes into play. > > > Ensure that all the Samba daemons are stopped, then try this '[global]' > section of the smb.conf: > > [global] > ??????? domain master = No > ??????? security = DOMAIN > ??????? client min protocol = NT1 > ??????? template shell = /bin/bash > ??????? winbind use default domain = Yes > ??????? workgroup = HOME > ??????? idmap config * : range = 3000-7999 > ??????? idmap config * : backend = tdb > ??????? idmap config HOME : range = 10000000-19999999 > ??????? idmap config HOME : backend = rid > > Try the join again and if it joins, then start winbind followed by smbd > and nmbd. > > Rowland > > >I'm afraid it is the same problem: [root at proxmox106 ~]# net rpc join -U winadmin Enter winadmin's password: Failed to join domain: failed to find DC for domain HOME - The object was not found. I don't know if it is of interest but changing "client min protocol = NT1" to "client max protocol = NT1" gave: [root at proxmox106 ~]# net rpc join -U winadmin lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02. lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02. Enter winadmin's password: Failed to join domain: failed to find DC for domain HOME - The object was not found. Has NT1/SMB1 been removed from this version of Samba and could that be a problem? The server was running with "server min protocol = SMB2" and I changed it to allow SMB1 when I changed the min protocol to max protocol. -- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus