Hello, Given: - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN") - Windows 10 Enterprise workstation 1. Workstation (currently in WORKGROUP workgroup) is assigned computer (NetBIOS) name "sirius" 2. The instructions below: https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains have been applied (the 2 registry values added, workstation rebooted) 3. Corresponding machine name has been added on Samba PDC via useradd -M -g 515 sirius$ smbpasswd -a -m sirius 4. Firewall settings on Windows machine do not prevent communication with the PDC. When I try to join workstation to domain LAN (from "This PC" -> "Properties" -> "Change settings"), the only reaction is pop-up: ============= details below An Active Directory Domain Controller (AD DC) for the domain "LAN" could not be contacted" Ensure that the domain name is typed correctly. If the name is correct, click "Details" for troubleshooting information." ============= details above When I click "Details, the below is displayed: ============= details below Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt. The domain name "LAN" might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "LAN": The error was: "DNS name does not exist." (error code 0x0000232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN Common causes of this error include the following: - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses: 10.1.0.1 10.1.0.5 - One or more of the following zones do not include delegation to its child zone: LAN . (the root zone) ============= details below /etc/samba/smb.conf: ============= smb.conf below [global] unix charset = UTF8 workgroup = LAN netbios name = PDCLAN server max protocol = NT1 server string = PDCLAN - LAN Samba PDC passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10" username map = /etc/samba/smbusers interfaces = eth0 lo bind interfaces only = yes enable privileges = yes log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 0 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -W '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = %u.bat logon drive = W: logon home = \\%L\%u logon path = \\%L\profiles\%u domain logons = Yes domain master = Yes wins support = Yes ldapsam:trusted = no ldap ssl = off ldap suffix = dc=company,dc=lan ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=company,dc=lan idmap backend = ldap://127.0.0.1 idmap uid = 500-20000 idmap gid = 500-20000 printer admin = root printing = cups ============= smb.conf above PDC lives in intranet, in DNS root zone .lan. Note: there were many a Windows 7, Windows 8/8.1, other Windows 10; Windows 2012, and Windows 1026 servers which joined the above domain, following the same instructions, without a glitch. I would appreciate any helpful piece of advice. Sincerely, Konstantin
On Thu, 19 Jul 2018 16:36:45 +0700 Konstantin Boyandin via samba <samba at lists.samba.org> wrote:> Hello, > > Given: > - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN") > - Windows 10 Enterprise workstation > > 1. Workstation (currently in WORKGROUP workgroup) is assigned > computer (NetBIOS) name "sirius" > > 2. The instructions below: > > https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains > > have been applied (the 2 registry values added, workstation rebooted) > > 3. Corresponding machine name has been added on Samba PDC via > > useradd -M -g 515 sirius$ > smbpasswd -a -m sirius > > 4. Firewall settings on Windows machine do not prevent communication > with the PDC. > > When I try to join workstation to domain LAN (from "This PC" -> > "Properties" -> "Change settings"), the only reaction is pop-up: > > ============= details below > An Active Directory Domain Controller (AD DC) for the domain "LAN" > could not be contacted" > Ensure that the domain name is typed correctly. > If the name is correct, click "Details" for troubleshooting > information." > ============= details above > > When I click "Details, the below is displayed: > > ============= details below > Note: This information is intended for a network administrator. If > you are not your network's administrator, notify the administrator > that you received this information, which has been recorded in the > file C:\WINDOWS\debug\dcdiag.txt. > > The domain name "LAN" might be a NetBIOS domain name. If this is the > case, verify that the domain name is properly registered with WINS. > > If you are certain that the name is not a NetBIOS domain name, then > the following information can help you troubleshoot your DNS > configuration. > > The following error occurred when DNS was queried for the service > location (SRV) resource record used to locate an Active Directory > Domain Controller (AD DC) for domain "LAN": > > The error was: "DNS name does not exist." > (error code 0x0000232B RCODE_NAME_ERROR) > > The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN > > Common causes of this error include the following: > > - The DNS SRV records required to locate a AD DC for the domain are > not registered in DNS. These records are registered with a DNS server > automatically when a AD DC is added to a domain. They are updated by > the AD DC at set intervals. This computer is configured to use DNS > servers with the following IP addresses: > > 10.1.0.1 > 10.1.0.5 > > - One or more of the following zones do not include delegation to its > child zone: > > LAN > . (the root zone) > ============= details below > > /etc/samba/smb.conf: > ============= smb.conf below > [global] > unix charset = UTF8 > workgroup = LAN > netbios name = PDCLAN > server max protocol = NT1 > server string = PDCLAN - LAN Samba PDC > passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10" > username map = /etc/samba/smbusers > interfaces = eth0 lo > bind interfaces only = yes > enable privileges = yes > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 0 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > add user script = /usr/sbin/smbldap-useradd -m '%u' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' > '%u' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' > shutdown script = /var/lib/samba/scripts/shutdown.sh > abort shutdown script = /sbin/shutdown -c > logon script = %u.bat > logon drive = W: > logon home = \\%L\%u > logon path = \\%L\profiles\%u > domain logons = Yes > domain master = Yes > wins support = Yes > ldapsam:trusted = no > ldap ssl = off > ldap suffix = dc=company,dc=lan > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=company,dc=lan > idmap backend = ldap://127.0.0.1 > idmap uid = 500-20000 > idmap gid = 500-20000 > printer admin = root > printing = cups > ============= smb.conf above > > PDC lives in intranet, in DNS root zone .lan. > > Note: there were many a Windows 7, Windows 8/8.1, other Windows 10; > Windows 2012, and Windows 1026 servers which joined the above domain, > following the same instructions, without a glitch. > > I would appreciate any helpful piece of advice. > > Sincerely, > Konstantin >The most helpful advice I can give you is, start planning to upgrade to active directory NOW. Microsoft seems to be making it almost impossible to join Windows 10 to an NT4-style domain, there have been several similar posts about this recently. Rowland
On 19/07/18 10:36, Konstantin Boyandin via samba wrote:> Hello, > > Given: > - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN") > - Windows 10 Enterprise workstation > > 1. Workstation (currently in WORKGROUP workgroup) is assigned computer > (NetBIOS) name "sirius" > > 2. The instructions below: > > https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains > > have been applied (the 2 registry values added, workstation rebooted) > > 3. Corresponding machine name has been added on Samba PDC via > > useradd -M -g 515 sirius$ > smbpasswd -a -m sirius > > 4. Firewall settings on Windows machine do not prevent communication > with the PDC. > > When I try to join workstation to domain LAN (from "This PC" -> > "Properties" -> "Change settings"), the only reaction is pop-up: > > ============= details below > An Active Directory Domain Controller (AD DC) for the domain "LAN" > could not be contacted" > Ensure that the domain name is typed correctly. > If the name is correct, click "Details" for troubleshooting information." > ============= details above > > When I click "Details, the below is displayed: > > ============= details below > Note: This information is intended for a network administrator. If you > are not your network's administrator, notify the administrator that > you received this information, which has been recorded in the file > C:\WINDOWS\debug\dcdiag.txt. > > The domain name "LAN" might be a NetBIOS domain name. If this is the > case, verify that the domain name is properly registered with WINS. > > If you are certain that the name is not a NetBIOS domain name, then > the following information can help you troubleshoot your DNS > configuration. > > The following error occurred when DNS was queried for the service > location (SRV) resource record used to locate an Active Directory > Domain Controller (AD DC) for domain "LAN": > > The error was: "DNS name does not exist." > (error code 0x0000232B RCODE_NAME_ERROR) > > The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN > > Common causes of this error include the following: > > - The DNS SRV records required to locate a AD DC for the domain are > not registered in DNS. These records are registered with a DNS server > automatically when a AD DC is added to a domain. They are updated by > the AD DC at set intervals. This computer is configured to use DNS > servers with the following IP addresses: > > 10.1.0.1 > 10.1.0.5 > > - One or more of the following zones do not include delegation to its > child zone: > > LAN > . (the root zone) > ============= details below > > /etc/samba/smb.conf: > ============= smb.conf below > [global] > unix charset = UTF8 > workgroup = LAN > netbios name = PDCLAN > server max protocol = NT1 > server string = PDCLAN - LAN Samba PDC > passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10" > username map = /etc/samba/smbusers > interfaces = eth0 lo > bind interfaces only = yes > enable privileges = yes > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 0 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > add user script = /usr/sbin/smbldap-useradd -m '%u' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' > shutdown script = /var/lib/samba/scripts/shutdown.sh > abort shutdown script = /sbin/shutdown -c > logon script = %u.bat > logon drive = W: > logon home = \\%L\%u > logon path = \\%L\profiles\%u > domain logons = Yes > domain master = Yes > wins support = Yes > ldapsam:trusted = no > ldap ssl = off > ldap suffix = dc=company,dc=lan > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=company,dc=lan > idmap backend = ldap://127.0.0.1 > idmap uid = 500-20000 > idmap gid = 500-20000 > printer admin = root > printing = cups > ============= smb.conf above > > PDC lives in intranet, in DNS root zone .lan. > > Note: there were many a Windows 7, Windows 8/8.1, other Windows 10; > Windows 2012, and Windows 1026 servers which joined the above domain, > following the same instructions, without a glitch. > > I would appreciate any helpful piece of advice. > > Sincerely, > Konstantin >if you have all the "usual-required" tweaks done to win box and samba is already serving other win clients(which would confirm it's just this new windows problem) then make sure your windows 10 installation is build not newer than 17.09(of the top of my head)(nor do let updates get builds newer > 17.09)
Unfortunately, I must concur with others that joining a Win10 box to an older Samba domain - even one as late as Samba 4 - is no longer possible. My experience was that my Windows 10 box, when asked to join the domain, queries DNS *only* for the AD _ldap record for the domain. I also noted that in the latest build of Windows 10, the "domain join" dialog has been slightly altered to say "Join an Active Directory Domain." I think this was also s subtle hint from MS that support for NT-style domains (and, implicitly, older-style Samba domains like mine) has finally ended. If someone has experience to the contrary, I"d love to hear about it! On Thu, Jul 19, 2018 at 5:16 AM Konstantin Boyandin via samba < samba at lists.samba.org> wrote:> Hello, > > Given: > - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN") > - Windows 10 Enterprise workstation > > 1. Workstation (currently in WORKGROUP workgroup) is assigned computer > (NetBIOS) name "sirius" > > 2. The instructions below: > > https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains > > have been applied (the 2 registry values added, workstation rebooted) > > 3. Corresponding machine name has been added on Samba PDC via > > useradd -M -g 515 sirius$ > smbpasswd -a -m sirius > > 4. Firewall settings on Windows machine do not prevent communication > with the PDC. > > When I try to join workstation to domain LAN (from "This PC" -> > "Properties" -> "Change settings"), the only reaction is pop-up: > > ============= details below > An Active Directory Domain Controller (AD DC) for the domain "LAN" could > not be contacted" > Ensure that the domain name is typed correctly. > If the name is correct, click "Details" for troubleshooting > information." > ============= details above > > When I click "Details, the below is displayed: > > ============= details below > Note: This information is intended for a network administrator. If you > are not your network's administrator, notify the administrator that you > received this information, which has been recorded in the file > C:\WINDOWS\debug\dcdiag.txt. > > The domain name "LAN" might be a NetBIOS domain name. If this is the > case, verify that the domain name is properly registered with WINS. > > If you are certain that the name is not a NetBIOS domain name, then the > following information can help you troubleshoot your DNS configuration. > > The following error occurred when DNS was queried for the service > location (SRV) resource record used to locate an Active Directory Domain > Controller (AD DC) for domain "LAN": > > The error was: "DNS name does not exist." > (error code 0x0000232B RCODE_NAME_ERROR) > > The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN > > Common causes of this error include the following: > > - The DNS SRV records required to locate a AD DC for the domain are not > registered in DNS. These records are registered with a DNS server > automatically when a AD DC is added to a domain. They are updated by the > AD DC at set intervals. This computer is configured to use DNS servers > with the following IP addresses: > > 10.1.0.1 > 10.1.0.5 > > - One or more of the following zones do not include delegation to its > child zone: > > LAN > . (the root zone) > ============= details below > > /etc/samba/smb.conf: > ============= smb.conf below > [global] > unix charset = UTF8 > workgroup = LAN > netbios name = PDCLAN > server max protocol = NT1 > server string = PDCLAN - LAN Samba PDC > passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10" > username map = /etc/samba/smbusers > interfaces = eth0 lo > bind interfaces only = yes > enable privileges = yes > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 0 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > add user script = /usr/sbin/smbldap-useradd -m '%u' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' > shutdown script = /var/lib/samba/scripts/shutdown.sh > abort shutdown script = /sbin/shutdown -c > logon script = %u.bat > logon drive = W: > logon home = \\%L\%u > logon path = \\%L\profiles\%u > domain logons = Yes > domain master = Yes > wins support = Yes > ldapsam:trusted = no > ldap ssl = off > ldap suffix = dc=company,dc=lan > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap admin dn = cn=Manager,dc=company,dc=lan > idmap backend = ldap://127.0.0.1 > idmap uid = 500-20000 > idmap gid = 500-20000 > printer admin = root > printing = cups > ============= smb.conf above > > PDC lives in intranet, in DNS root zone .lan. > > Note: there were many a Windows 7, Windows 8/8.1, other Windows 10; > Windows 2012, and Windows 1026 servers which joined the above domain, > following the same instructions, without a glitch. > > I would appreciate any helpful piece of advice. > > Sincerely, > Konstantin > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Windows 10 won't join Samba 3 domain
- Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")
- Windows 10 won't join Samba 3 domain
- PDC (CentOS 5.5, Samba 3.5.6): no domain group names sent to Windows 2003 members
- Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")