samba1 at nym.hush.com
2018-May-29 16:16 UTC
[Samba] Can't join Windows 10 to classic domain
I've been running Samba 4 in NT4 Domain mode for a few years, and it's been working fine with Windows 7 PCs. I now need to join a new Windows 10 PC to the domain, but I'm not having any success! When I try to join the domain, the Windows 10 PC says "An Active Directory Domain Controller could not be contacted...." I've tried a few things, including:- Setting registry entries for:- DomainCompatibilityMode = 1 DNSNameResolutionRequired = 0 Then:- [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths] "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindowsNetworkProviderHardenedPaths] "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" I've tried adding entries for the domain controller in hosts and lmhosts, and have also tried enabling NetBIOS over TCP/IP. I've then tried forcing the Windows Client to use SMB1:- sc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabledI also used the following Powershell commands:- Get-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false Running the status commands shows SMB1 to be enabled, and SMB2 to be disabled. Should it be possible to join a Windows 10 PC to a Samba NT4 domain, and if so, what am I missing? One thing I haven't tried is forcing Samba to "server max protocol NT1" - mainly because I'm worried it might cause problems with all the existing Windows 7 clients, and also because of potential security risks. I thought it might be 'safer' to force the Windows 10 PC to use SMB1 rather change anything on the server. Any help would be much appreciated!
On Tue, 29 May 2018 17:16:01 +0100 samba1--- via samba <samba at lists.samba.org> wrote:> > > I've been running Samba 4 in NT4 Domain mode for a few years, > and it's been working fine with Windows 7 PCs. > > I now need to join a new Windows 10 PC to the domain, but I'm > not having any success! > > When I try to join the domain, the Windows 10 PC says "An > Active Directory Domain Controller could not be contacted...." > > I've tried a few things, including:- > > Setting registry entries for:- > DomainCompatibilityMode = 1 > DNSNameResolutionRequired = 0 > > Then:- > [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths] > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" > [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindowsNetworkProviderHardenedPaths] > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" > > I've tried adding entries for the domain controller in hosts > and lmhosts, and have also tried enabling NetBIOS over TCP/IP. > > I've then tried forcing the Windows Client to use SMB1:- > > sc config lanmanworkstation depend= bowser/mrxsmb10/nsi > sc config mrxsmb20 start= disabledI also used the following Powershell > commands:- > Get-WindowsOptionalFeature -Online -FeatureName > SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false > > Running the status commands shows SMB1 to be enabled, and > SMB2 to be disabled. > > Should it be possible to join a Windows 10 PC to a Samba NT4 > domain, and if so, what am I missing? > > One thing I haven't tried is forcing Samba to "server max > protocol = NT1" - mainly because I'm worried it might cause problems > with all the existing Windows 7 clients, and also because of > potential security risks. I thought it might be 'safer' to force the > Windows 10 PC to use SMB1 rather change anything on the server. > > Any help would be much appreciated!There have been reports that the latest win10 will not join an NT4-style domain, you can probably find workarounds for this but the writing is on the wall, upgrade to AD. You certainly don't want to be using NTLMv1, it is very insecure. Rowland
Marco Shmerykowsky PE
2018-May-29 17:11 UTC
[Samba] Can't join Windows 10 to classic domain
I wasted a bunch of time on this. Downlevel Windows 10 to version 1703. It should work and it seems to hold the connection once the next update takes hold. Plan for updating the domain to AD as who knows what MS will do next. The 1703 connection could get broken in the future. On 5/29/2018 12:16 PM, samba1--- via samba wrote:> > > I've been running Samba 4 in NT4 Domain mode for a few years, and > it's been working fine with Windows 7 PCs. > > I now need to join a new Windows 10 PC to the domain, but I'm not > having any success! > > When I try to join the domain, the Windows 10 PC says "An Active > Directory Domain Controller could not be contacted...." > > I've tried a few things, including:- > > Setting registry entries for:- > DomainCompatibilityMode = 1 > DNSNameResolutionRequired = 0 > > Then:- > [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProviderHardenedPaths] > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" > [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindowsNetworkProviderHardenedPaths] > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" > > I've tried adding entries for the domain controller in hosts and > lmhosts, and have also tried enabling NetBIOS over TCP/IP. > > I've then tried forcing the Windows Client to use SMB1:- > > sc config lanmanworkstation depend= bowser/mrxsmb10/nsi > sc config mrxsmb20 start= disabledI also used the following Powershell > commands:- > Get-WindowsOptionalFeature -Online -FeatureName > SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false > > Running the status commands shows SMB1 to be enabled, and SMB2 to be > disabled. > > Should it be possible to join a Windows 10 PC to a Samba NT4 domain, > and if so, what am I missing? > > One thing I haven't tried is forcing Samba to "server max protocol > NT1" - mainly because I'm worried it might cause problems with all the > existing Windows 7 clients, and also because of potential security > risks. I thought it might be 'safer' to force the Windows 10 PC to > use SMB1 rather change anything on the server. > > Any help would be much appreciated! >--- This email has been checked for viruses by AVG. https://www.avg.com
Yes, you correct, you wasted time on this.. Read also, this will give more insight. https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Shmerykowsky PE via samba > Verzonden: dinsdag 29 mei 2018 19:12 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Can't join Windows 10 to classic domain > > I wasted a bunch of time on this. > > Downlevel Windows 10 to version 1703. It should work and > it seems to hold the connection once the next update takes > hold. > > Plan for updating the domain to AD as who knows what MS > will do next. The 1703 connection could get broken in > the future. > > > On 5/29/2018 12:16 PM, samba1--- via samba wrote: > > > > > > I've been running Samba 4 in NT4 Domain mode for a few > years, and > > it's been working fine with Windows 7 PCs. > > > > I now need to join a new Windows 10 PC to the domain, > but I'm not > > having any success! > > > > When I try to join the domain, the Windows 10 PC says "An Active > > Directory Domain Controller could not be contacted...." > > > > I've tried a few things, including:- > > > > Setting registry entries for:- > > DomainCompatibilityMode = 1 > > DNSNameResolutionRequired = 0 > > > > Then:- > > > [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProv > iderHardenedPaths] > > > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity > =0,RequirePrivacy=0" > > > [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindows > NetworkProviderHardenedPaths] > > > "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity > =0,RequirePrivacy=0" > > > > I've tried adding entries for the domain controller in hosts and > > lmhosts, and have also tried enabling NetBIOS over TCP/IP. > > > > I've then tried forcing the Windows Client to use SMB1:- > > > > sc config lanmanworkstation depend= bowser/mrxsmb10/nsi > > sc config mrxsmb20 start= disabledI also used the following > Powershell > > commands:- > > Get-WindowsOptionalFeature -Online -FeatureName > > SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false > > > > Running the status commands shows SMB1 to be enabled, > and SMB2 to be > > disabled. > > > > Should it be possible to join a Windows 10 PC to a > Samba NT4 domain, > > and if so, what am I missing? > > > > One thing I haven't tried is forcing Samba to "server > max protocol > > NT1" - mainly because I'm worried it might cause problems > with all the > > existing Windows 7 clients, and also because of potential security > > risks. I thought it might be 'safer' to force the Windows 10 PC to > > use SMB1 rather change anything on the server. > > > > Any help would be much appreciated! > > > > --- > This email has been checked for viruses by AVG. > https://www.avg.com > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Marco Shmerykowsky PE
2018-May-30 14:04 UTC
[Samba] Can't join Windows 10 to classic domain
The issue does not seem to be connected to SMB1. It can be installed and it still won't authenticate. Something has been changed to force authentication to AD/DNS either solely or as a first step. The translation of the netbios name never happens even if the computer can resolve the name. Given that the authentication thru netbios resolution seems to get grandfathered in provided the domain is joined prior to the latest upgrade, it would seem there is a tweak that can applied, but who knows. On 5/30/2018 2:18 AM, L.P.H. van Belle via samba wrote:> Yes, you correct, you wasted time on this.. > > Read also, this will give more insight. > https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Marco Shmerykowsky PE via samba >> Verzonden: dinsdag 29 mei 2018 19:12 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] Can't join Windows 10 to classic domain >> >> I wasted a bunch of time on this. >> >> Downlevel Windows 10 to version 1703. It should work and >> it seems to hold the connection once the next update takes >> hold. >> >> Plan for updating the domain to AD as who knows what MS >> will do next. The 1703 connection could get broken in >> the future. >> >> >> On 5/29/2018 12:16 PM, samba1--- via samba wrote: >>> >>> >>> I've been running Samba 4 in NT4 Domain mode for a few >> years, and >>> it's been working fine with Windows 7 PCs. >>> >>> I now need to join a new Windows 10 PC to the domain, >> but I'm not >>> having any success! >>> >>> When I try to join the domain, the Windows 10 PC says "An Active >>> Directory Domain Controller could not be contacted...." >>> >>> I've tried a few things, including:- >>> >>> Setting registry entries for:- >>> DomainCompatibilityMode = 1 >>> DNSNameResolutionRequired = 0 >>> >>> Then:- >>> >> [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsNetworkProv >> iderHardenedPaths] >>> >> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity >> =0,RequirePrivacy=0" >>> >> [HKEY_LOCAL_MACHINESOFTWAREWow6432NodePoliciesMicrosoftWindows >> NetworkProviderHardenedPaths] >>> >> "\\*\netlogon"="RequireMutualAuthentication=0,RequireIntegrity >> =0,RequirePrivacy=0" >>> >>> I've tried adding entries for the domain controller in hosts and >>> lmhosts, and have also tried enabling NetBIOS over TCP/IP. >>> >>> I've then tried forcing the Windows Client to use SMB1:- >>> >>> sc config lanmanworkstation depend= bowser/mrxsmb10/nsi >>> sc config mrxsmb20 start= disabledI also used the following >> Powershell >>> commands:- >>> Get-WindowsOptionalFeature -Online -FeatureName >>> SMB1ProtocolSet-SmbServer-Configuration -EnableSMB2Protocol $false >>> >>> Running the status commands shows SMB1 to be enabled, >> and SMB2 to be >>> disabled. >>> >>> Should it be possible to join a Windows 10 PC to a >> Samba NT4 domain, >>> and if so, what am I missing? >>> >>> One thing I haven't tried is forcing Samba to "server >> max protocol >>> NT1" - mainly because I'm worried it might cause problems >> with all the >>> existing Windows 7 clients, and also because of potential security >>> risks. I thought it might be 'safer' to force the Windows 10 PC to >>> use SMB1 rather change anything on the server. >>> >>> Any help would be much appreciated! >>> >> >> --- >> This email has been checked for viruses by AVG. >> https://www.avg.com >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > >