Michal Hajek
2013-Oct-13 09:27 UTC
[Samba] From 3.0.11 to up-to-date versions protocol problem
Hi. We have been using samba 3.0.11 for years and now we need to add some win7 machines to our domain. So I test up-to-date Samba versions (3.6.19, 4.1.0 compiled, and Centos today "native" binary package 3.6.something) and with all of them I run into the same problem. I get stuck with protocols when checking XP machines (which works like a charm in 3.0.11 domain) When max protocol is NT1 (as in 3.0.11), I can add XP into domain, but can not do domain logon nor "net view /DOMAIN:NIS7" -> the domain is not longer available. "Net view /DOMAIN:NIS" works good - NIS is 3.0.11 samba domain. When I set protocol to LANMAN2, "net view" shows my SAMBA7 server, I can log into domain from already-in-domain XP, but I can not add the XP into domain, when it was removed from it - with "incorrect parameter" message. (The XP is in LDAP and can join the domain with max protocol NT1, as I said). I have tried many combinations of options, but with no luck. I suppose NT1 should be used as max protocol, is it right? Where can be the problem with logging into domain and "net view" command then? I did wiresharking, tcpdumping, log reading, googling for days... Thanks, Michal This is my global section right now. [global] dos charset = CP852 unix charset = ISO8859-2 workgroup = NIS7 server string passdb backend = ldapsam:ldap://10.200.11.11 lanman auth = Yes syslog = 0 log file = /var/log/samba/%m.log max log size = 50 max protocol = LANMAN2 name resolve order = host bcast server signing = auto socket options = TCP_NODELAY,SO_KEEPALIVE add user script = /usr/sbin/useradd -d /dev/null -g users -s /bin/false -M %u add machine script = /usr/local/bin/AM %u logon script = smbprofile.bat logon path = \\%h\home\profiles\%U logon drive = S: domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No ldap admin dn = cn=Manager,dc=nspuh,dc=cz ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = dc=nspuh,dc=cz ldap ssl = no ldap user suffix = ou=people allow insecure wide links = Yes panic action = /usr/share/samba/panic-action %d template homedir = /profiles/DEFAULT idmap config * : range idmap config * : backend = tdb admin users = root root preexec = /usr/local/bin/RPE '%u' 'GLOBALS' >> /var/log/RPE.log 2>&1 wide links = Yes