samba - Jul 2018 - Samba4 AD cannot see machines in windows browser

Hi Penny.

On Tue, Jul 17, 2018 at 12:38 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 17 Jul 2018 12:16:56 -0700
> Alberto Moreno via samba <samba at lists.samba.org> wrote:
>
> > Hi.
> >
> > I'm continuing learning samba4.
> >
> > I had add some machines to the domain, windows 10 Pro.
> >
> > But I open windows browser and don't see my domain and my
machines.
> >
> > Is normal with samba4?
>
> Depending on how you set up Samba, yes and no.
>
> >
> > My smb.conf
> >
> > # Global parameters
> > [global]
> >         netbios name = MBXDC1
> >         realm = MBX.LOCAL
> >         server role = active directory domain controller
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> >         workgroup = MBX
> >         idmap_ldb:use rfc2307 = yes
> >         log level = 5
> >
> > [netlogon]
> >         path = /usr/local/samba/var/locks/sysvol/mbx.local/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /usr/local/samba/var/locks/sysvol
> >         read only = No
>
> Ah, it is an AD DC, so the answer is definitely yes, there is no
> browsing with a Samba AD DC.
>
>
Now, who manage the machine list in the network?
>
> > Other thing, I try to increase my log level, but samba won't
accept,
> > it continue with log level = 2.
>
> Did you restart Samba after making the change ?
>
>
Yes, I stop first and latter start the service.
>
> > My windows machines had the computer browser service off and fw off.
>
> How do you expect to use a browser service that is turned off ?
> Not that it will help if you do turn it on.
>
>
Just to understand, in samba NT4 domain, the recommendation was that, must
exist only 1 network browser in the network, them we had to turn off this
service(computer browser) under windows machines, because this service
conflict with samba, the reason was that those machines will try to became
master/local browser in the domain and start sending packets all over the
network which is traffic unnecessary.

With samba4 AD setup, the rule continue or I was wrong?

> >
> > Samba version 4.7.8 CentOS Linux release 7.5.1804 (Core)
>
> How did you provision an AD DC using Centos packages, I thought you
> still couldn't use them for a DC.
>
>
I install samba4 from src(make && make install).

Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Thanks for your help Penny.

-- 
LIving the dream...

On Tue, 17 Jul 2018 12:59:25 -0700
Alberto Moreno via samba <samba at lists.samba.org> wrote:

Hi Moreno, see inline comments:
> Hi Penny.
> 
> On Tue, Jul 17, 2018 at 12:38 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Tue, 17 Jul 2018 12:16:56 -0700
> > Alberto Moreno via samba <samba at lists.samba.org> wrote:
> >
> > > Hi.
> > >
> > > I'm continuing learning samba4.
> > >
> > > I had add some machines to the domain, windows 10 Pro.
> > >
> > > But I open windows browser and don't see my domain and my
> > > machines.
> > >
> > > Is normal with samba4?
> >
> > Depending on how you set up Samba, yes and no.
> >
> > >
> > > My smb.conf
> > >
> > > # Global parameters
> > > [global]
> > >         netbios name = MBXDC1
> > >         realm = MBX.LOCAL
> > >         server role = active directory domain controller
> > >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc,
> > > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > >         workgroup = MBX
> > >         idmap_ldb:use rfc2307 = yes
> > >         log level = 5
> > >
> > > [netlogon]
> > >         path =
/usr/local/samba/var/locks/sysvol/mbx.local/scripts
> > >         read only = No
> > >
> > > [sysvol]
> > >         path = /usr/local/samba/var/locks/sysvol
> > >         read only = No
> >
> > Ah, it is an AD DC, so the answer is definitely yes, there is no
> > browsing with a Samba AD DC.
> >
> >
> Now, who manage the machine list in the network?
The DNS server on the DC
> 
> >
> > > Other thing, I try to increase my log level, but samba won't
> > > accept, it continue with log level = 2.
> >
> > Did you restart Samba after making the change ?
> >
> >
> Yes, I stop first and latter start the service.
Then it should work, unless nothing happened over log level 2 ;-)
> 
> >
> > > My windows machines had the computer browser service off and fw
> > > off.
> >
> > How do you expect to use a browser service that is turned off ?
> > Not that it will help if you do turn it on.
> >
> >
> Just to understand, in samba NT4 domain, the recommendation was that,
> must exist only 1 network browser in the network, them we had to turn
> off this service(computer browser) under windows machines, because
> this service conflict with samba, the reason was that those machines
> will try to became master/local browser in the domain and start
> sending packets all over the network which is traffic unnecessary.
> 
> With samba4 AD setup, the rule continue or I was wrong?
Ye, the rule continues for Unix domain members, but there is no
browsing of Samba AD DC's, they will not show up in a Windows Browser,
you should use DNS instead. You should also be aware that Windows is
moving away from network browsing.
> 
> 
> > >
> > > Samba version 4.7.8 CentOS Linux release 7.5.1804 (Core)
> >
> > How did you provision an AD DC using Centos packages, I thought you
> > still couldn't use them for a DC.
> >
> >
> I install samba4 from src(make && make install).
OK, just checking ;-)
> Thanks for your help Penny.
> 
Please do not refer to me by my surname.

Rowland

On Tue, Jul 17, 2018 at 1:18 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 17 Jul 2018 12:59:25 -0700
> Alberto Moreno via samba <samba at lists.samba.org> wrote:
>
> Hi Moreno, see inline comments:
>
> > Hi
> >
> > On Tue, Jul 17, 2018 at 12:38 PM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Tue, 17 Jul 2018 12:16:56 -0700
> > > Alberto Moreno via samba <samba at lists.samba.org> wrote:
> > >
> > > > Hi.
> > > >
> > > > I'm continuing learning samba4.
> > > >
> > > > I had add some machines to the domain, windows 10 Pro.
> > > >
> > > > But I open windows browser and don't see my domain and
my
> > > > machines.
> > > >
> > > > Is normal with samba4?
> > >
> > > Depending on how you set up Samba, yes and no.
> > >
> > > >
> > > > My smb.conf
> > > >
> > > > # Global parameters
> > > > [global]
> > > >         netbios name = MBXDC1
> > > >         realm = MBX.LOCAL
> > > >         server role = active directory domain controller
> > > >         server services = s3fs, rpc, nbt, wrepl, ldap,
cldap, kdc,
> > > > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > > >         workgroup = MBX
> > > >         idmap_ldb:use rfc2307 = yes
> > > >         log level = 5
> > > >
> > > > [netlogon]
> > > >         path =
/usr/local/samba/var/locks/sysvol/mbx.local/scripts
> > > >         read only = No
> > > >
> > > > [sysvol]
> > > >         path = /usr/local/samba/var/locks/sysvol
> > > >         read only = No
> > >
> > > Ah, it is an AD DC, so the answer is definitely yes, there is no
> > > browsing with a Samba AD DC.
> > >
> > >
> > Now, who manage the machine list in the network?
>
> The DNS server on the DC
>
Got it.

> >
> > >
> > > > Other thing, I try to increase my log level, but samba
won't
> > > > accept, it continue with log level = 2.
> > >
> > > Did you restart Samba after making the change ?
> > >
> > >
> > Yes, I stop first and latter start the service.
>
> Then it should work, unless nothing happened over log level 2 ;-)
>
Got it.

> >
> > >
> > > > My windows machines had the computer browser service off and
fw
> > > > off.
> > >
> > > How do you expect to use a browser service that is turned off ?
> > > Not that it will help if you do turn it on.
> > >
> > >
> > Just to understand, in samba NT4 domain, the recommendation was that,
> > must exist only 1 network browser in the network, them we had to turn
> > off this service(computer browser) under windows machines, because
> > this service conflict with samba, the reason was that those machines
> > will try to became master/local browser in the domain and start
> > sending packets all over the network which is traffic unnecessary.
> >
> > With samba4 AD setup, the rule continue or I was wrong?
>
> Ye, the rule continues for Unix domain members, but there is no
> browsing of Samba AD DC's, they will not show up in a Windows Browser,
> you should use DNS instead. You should also be aware that Windows is
> moving away from network browsing.
>
Got it.
>
> >
> > > >
> > > > Samba version 4.7.8 CentOS Linux release 7.5.1804 (Core)
> > >
> > > How did you provision an AD DC using Centos packages, I thought
you
> > > still couldn't use them for a DC.
> > >
> > >
> > I install samba4 from src(make && make install).
>
> OK, just checking ;-)
>
>
:-).
> Thanks for your help Penny.
> >
>
> Please do not refer to me by my surname.
>
My apologies, my mistake.

> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
LIving the dream...