Hello We have a problem with our Windows 10 Clients. Installed on a SLES12 Server is samba v4.4 I can bind the clients to the domain without any problem. Afterwards I want to login in the domain, I get the error, no logonserver available I can change in the smb conf max protocol to NT1 -> now it is possible to login with user xxx in the domain We don't want to use our samba server with the NT1 setting, so I will delete this setting Now it is still possible to login with user xxx , but if I want to login with another user, I get the same error message no logonserver available is it at this time still possible to work with windows 10 and samba only with the NT1 protocol? Kind regards Ute korn
Hai Any Windows event id? and message? Open CMD box, type: ipconfig /all Dnsdomain-suffix = ? Connection suffix = ? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Korn, Ute > Verzonden: donderdag 31 maart 2016 16:24 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Windows 10 > > Hello > > We have a problem with our Windows 10 Clients. > Installed on a SLES12 Server is samba v4.4 > > I can bind the clients to the domain without any problem. Afterwards I > want to login in the domain, I get the error, > > no logonserver available > > I can change in the smb conf max protocol to NT1 -> now it is possible to > login with user xxx in the domain > > We don't want to use our samba server with the NT1 setting, so I will > delete this setting > > Now it is still possible to login with user xxx , but if I want to login > with another user, I get the same error message > > no logonserver available > > > is it at this time still possible to work with windows 10 and samba only > with the NT1 protocol? > > > Kind regards Ute korn > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 31/03/16 15:24, Korn, Ute wrote:> Hello > > We have a problem with our Windows 10 Clients. > Installed on a SLES12 Server is samba v4.4 > > I can bind the clients to the domain without any problem. Afterwards I want to login in the domain, I get the error, > > no logonserver available > > I can change in the smb conf max protocol to NT1 -> now it is possible to login with user xxx in the domain > > We don't want to use our samba server with the NT1 setting, so I will delete this setting > > Now it is still possible to login with user xxx , but if I want to login with another user, I get the same error message > > no logonserver available > > > is it at this time still possible to work with windows 10 and samba only with the NT1 protocol? > > > Kind regards Ute kornIs this a classic NT4-style domain ? if so, I think it is microsofts subtle way of telling you to upgrade your PDC :-) There was a thread on here last june, this seems to describe your problem: https://lists.samba.org/archive/samba/2015-June/191979.html Rowland
> Is this a classic NT4-style domain ? if so, I think it is microsofts subtle > way of telling you to upgrade your PDC :-)I have seen that during my brief testing. I am in the tough situation of never ever being able to use AD. Well specifically I can not have DNS servers because of a company policy. My linux servers exist on a private network with no connection to the internet or the company. All clients are multi-homed. As a result I am not sure I will roll out Win10 at all. I am worried that a future release will totally eliminate NT4 domains. John
Hello Ute, Am 31.03.2016 um 16:24 schrieb Korn, Ute:> I can bind the clients to the domain without any problem. Afterwards I want to login in the domain, I get the error, > > no logonserver available > > I can change in the smb conf max protocol to NT1 -> now it is possible to login with user xxx in the domain > > We don't want to use our samba server with the NT1 setting, so I will delete this setting > > Now it is still possible to login with user xxx , but if I want to login with another user, I get the same error message > > no logonserver available > > > is it at this time still possible to work with windows 10 and samba only with the NT1 protocol?SMB1 seems to be the only way, if you don't want/can't migrate to Samba AD. MS skipped NT4 support already some Windows versions ago. So you need to accept some limitations. However you should really think about moving to AD. Maybe some day MS shipps an update for a current Windows OS, that breaks the NT4 stuff. However, to limit the PDC to SMB1-only is much better than disabling all newer versions on each client, like some guides on the internet suggest. If you want the improvements of newer SMB protocol versions, you can setup a domain member server as file server. This one can of course have newer protocol versions enabled. Only the PDC is the one you need to limit to SMB1. Regards, Marc
Am 31.03.2016 um 16:24 schrieb Korn, Ute:> I can bind the clients to the domain without any problem. Afterwards I want to login in the domain, I get the error, > no logonserver available > I can change in the smb conf max protocol to NT1 -> now it is possible to login with user xxx in the domain > We don't want to use our samba server with the NT1 setting, so I will delete this settingSee https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains ######################################################################### Windows 10: „No logon servers available“ If you have successfully joined Windows 10 to your Samba NT4 domain and try to login, you may encounter the error "No logon servers available". To workaround, set in your PDCs smb.conf: max protocol = NT1 After you've restarted Samba, you will be able to login with a domain account on Windows 10. Be aware, that this setting prevent your clients to use newer SMB protocol versions than SMB1 with this server! However, this is the way the Samba team recommends. There are suggestions out there, to disable newer SMB version on Windows 10 client(s) in general. However this will prevent them from using newer protocol version with any SMB servers, instead of a single one (PDC)! ######################################################################### If you want to disable newer protocol versions on the Win10 client, you can open a command prompt with administrator rights and set: sc config lanmanworkstation depend=bowser/mrxsmb10/nsi sc config mrxsmb20 start=disabled See https://support.microsoft.com/en-us/kb/2696547 In my experiments I also had to set an additional regpatch for Win10 and a Samba 4.3.x NT4-style domain for logon scripts - otherwise the logon scripts are not running: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" Complete regpatch: ############################################################################ Windows Registry Editor Version 5.00 ; ; windows10_join_enable.reg ; ; This registry keys are needed for a Windows 10 Client to join ; and logon to a Samba 4.3.x domain. ; [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] ; Enable NT-Domain compatibility mode ; Default: ; [value not present] ; "DomainCompatibilityMode"=- "DomainCompatibilityMode"=dword:00000001 ; Disable required DNS name resolution ; Default: ; [value not present] ; "DNSNameResolutionRequired"=- "DNSNameResolutionRequired"=dword:00000000 ; Disable Mutual authentication, no Kerberos, can fall back to NTLMv2 ; Disable Integrity, SMB signing is not required ; Disable Privacy, no SMBv3 must be used ; Default: ; [value not present] ; "\\\\*\\netlogon"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" ############################################################################ -- der tom