samba - May 2018 - Windows 10 Client - Samba 3 Server - NT4 Style PDC

I have an old setup that serves my purposes, but which I'll move over
to a more modern Samba4 setup at some point.  I know it's old,
deprecated etc.

In any case, at the moment I'm having a problem with two Windows 10
machines connecting to the domain I set up.

The network is a mix of XP, Windows 7 and Windows 10 machines.
Four (4) windows 10 machines connect to the domain after the two 
registry
settings in LanManager Workstation are set and the group policy
on hardened paths is defined.

Two (2) windows 10 machines refuse to connect.  They seem intent on 
using
DNS to resolve the domain name. NetBios does not seem to be queried.

At the command line 'nbtstat -a pdc' returns all the names for
servers that are running including the suffix defining the domain
controller.  Obviously the netbios name for the domain controller
(ie 'pdc') gets resolved since the name is resolved to an IP
and the data is returned.

NetBios over TCP/IP is enabled.  I've tried entering settings in
the LMhosts file (ie 192.168.1.10 pdc #PRE #DOM:domain).
I've entered the wins server (which is running on the Samab machine)
into the IPv4 settings on the client.  I've futzed with the
local firewall and some other policy & registry settings.

Nothing seems to work.  The win10 client seems intent on looking
for an active directory server resolved via DNS.

Any ideas?  Thanks.

Am 24. Mai 2018 05:44:04 MESZ schrieb Marco Shmerykowsky via samba <samba at
lists.samba.org>:
>I have an old setup that serves my purposes, but which I'll move over
>to a more modern Samba4 setup at some point.  I know it's old,
>deprecated etc.
>
>In any case, at the moment I'm having a problem with two Windows 10
>machines connecting to the domain I set up.

Which version of Windows 10? I also have problems joining a Windows 10 1803
machine to a NT style domain. W10 1709 machines can join, with 1803 it seems
Windows explicitly looks for an AD DC.

Additionally I have enabled SMBv1 (which isn't enabled by default since
1709) but to no avail.

It seems, with 1803 Microsoft closed that door for good.

Since I am using OpenLDAP as backend I ended up using pGina[0] to allow domain
users to log on onto that machine at least, which works, but you lose all
Windows domain specific features like roaming profiles, logon scripts, etc.

I am in the process of migrating to Samba AD and I think many more people are -
the time for NT style domains is up.

Regards,

Henry

[0] https://mutonufoai.github.io/pgina/

Interesting.

All my windows 10 machines are version 1803.  However, the ones
that are connect properly joined the domain prior to the 1803
update.

I've rolled back one machine to 1703 and now I at least get a
prompt for username & password.  It still doesn't connect to
the domain, but it is different behavior.

--

Marco J. Shmerykowsky, PE, F.ASCE
marco at sce-engineers.com

-----------------------------------------
    Shmerykowsky Consulting Engineers
      Structural Analysis & Design
     102 West 38th Street, 2nd Floor
         New York, New York 10018
Tel. (212) 719-9700 Fax. (212) 719-4822
       http://www.sce-engineers.com
-----------------------------------------

On 5/24/2018 2:06 AM, Henry Jensen via samba wrote:
> 
> 
> Am 24. Mai 2018 05:44:04 MESZ schrieb Marco Shmerykowsky via samba
<samba at lists.samba.org>:
> 
>> I have an old setup that serves my purposes, but which I'll move
over
>> to a more modern Samba4 setup at some point.  I know it's old,
>> deprecated etc.
>>
>> In any case, at the moment I'm having a problem with two Windows 10
>> machines connecting to the domain I set up.
> 
> 
> Which version of Windows 10? I also have problems joining a Windows 10 1803
machine to a NT style domain. W10 1709 machines can join, with 1803 it seems
Windows explicitly looks for an AD DC.
> 
> Additionally I have enabled SMBv1 (which isn't enabled by default since
1709) but to no avail.
> 
> It seems, with 1803 Microsoft closed that door for good.
> 
> Since I am using OpenLDAP as backend I ended up using pGina[0] to allow
domain users to log on onto that machine at least, which works, but you lose all
Windows domain specific features like roaming profiles, logon scripts, etc.
> 
> I am in the process of migrating to Samba AD and I think many more people
are - the time for NT style domains is up.
> 
> Regards,
> 
> Henry
> 
> [0] https://mutonufoai.github.io/pgina/
> 
---
This email has been checked for viruses by AVG.
https://www.avg.com

I suggest reading this: 
https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows

Imo, the longer you wait with samba AD the harder it gets to get things running.
You could better spend you time on settting up and migrating to AD the keep
putting time in a dying product.

But thats my optinion. 

Greetz, 

Louis

 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Shmerykowsky PE via samba
> Verzonden: donderdag 24 mei 2018 15:46
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Windows 10 Client - Samba 3 Server - 
> NT4 Style PDC
> 
> Interesting.
> 
> All my windows 10 machines are version 1803.  However, the ones
> that are connect properly joined the domain prior to the 1803
> update.
> 
> I've rolled back one machine to 1703 and now I at least get a
> prompt for username & password.  It still doesn't connect to
> the domain, but it is different behavior.
> 
> --
> 
> Marco J. Shmerykowsky, PE, F.ASCE
> marco at sce-engineers.com
> 
> -----------------------------------------
>     Shmerykowsky Consulting Engineers
>       Structural Analysis & Design
>      102 West 38th Street, 2nd Floor
>          New York, New York 10018
> Tel. (212) 719-9700 Fax. (212) 719-4822
>        http://www.sce-engineers.com
> -----------------------------------------
> 
> On 5/24/2018 2:06 AM, Henry Jensen via samba wrote:
> > 
> > 
> > Am 24. Mai 2018 05:44:04 MESZ schrieb Marco Shmerykowsky 
> via samba <samba at lists.samba.org>:
> > 
> >> I have an old setup that serves my purposes, but which 
> I'll move over
> >> to a more modern Samba4 setup at some point.  I know it's old,
> >> deprecated etc.
> >>
> >> In any case, at the moment I'm having a problem with two
Windows 10
> >> machines connecting to the domain I set up.
> > 
> > 
> > Which version of Windows 10? I also have problems joining a 
> Windows 10 1803 machine to a NT style domain. W10 1709 
> machines can join, with 1803 it seems Windows explicitly 
> looks for an AD DC.
> > 
> > Additionally I have enabled SMBv1 (which isn't enabled by 
> default since 1709) but to no avail.
> > 
> > It seems, with 1803 Microsoft closed that door for good.
> > 
> > Since I am using OpenLDAP as backend I ended up using 
> pGina[0] to allow domain users to log on onto that machine at 
> least, which works, but you lose all Windows domain specific 
> features like roaming profiles, logon scripts, etc.
> > 
> > I am in the process of migrating to Samba AD and I think 
> many more people are - the time for NT style domains is up.
> > 
> > Regards,
> > 
> > Henry
> > 
> > [0] https://mutonufoai.github.io/pgina/
> > 
> 
> ---
> This email has been checked for viruses by AVG.
> https://www.avg.com
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>