Incompatibility Windows 7

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Incompatibility Windows 7

Samba - General mailing list
Hello everyone,

 

I work as an IT assistant and I have a problem with my SaMBa Server.

 

Some users within the domain are getting an error at startup (Windows 7) :

 

The error reads : There are currently no log on servers available to service
the log on request

 
The problem is recurring, so we are looking for a long term solution.
 
The only solution for now is to :
- remove the ethernet cable
- enter the local account
- once logged on, change the domain in any way
- restart the computer (with network cable) and then it works

 

We are using the following registry modification :

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Para
meters]

"DNSNameResolutionRequired"=dword:00000000

"DomainCompatibilityMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]

"DisablePasswordChange"=dword:00000001

"RequireSignOrSeal"=dword:00000001

"RequireStrongKey"=dword:00000001

 
Thank you for any help you could provide.

 

Best regards.

 

 

Manon JEANJEAN

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
Hai,

Please give this info for us, that helps.

DOMAIN = AD DC ? NT4Dom ?
OS =
Samba version =
And smb.conf  content.

In advance.. What probely need is, disable fast logon optimization, and set Always wait for the network at computer startup and logon
See: https://technet.microsoft.com/en-us/library/gg486839.aspx 

You can test if this is what affects you, is very simple.

Turn of your computer, turn it on again, wait 5 min or so.
This depends all on the speed of the pc, but 5 min is resonable for a slow pc.
Login, does it work? yes? Try again.
Turn of your computer, turn it on again, now, login direct when available.

Repeat these 2-3 times to make sure.
If you can login, check the windows event ids.

Still the same problem?
Start with updating you network drivers.
Set the NIC hard to 100Mb/1Gb as speed, rule out the nic autonegiation.

Check primay dns domain, through CMD box with ipconfig /all
And same for dns search domain.

Start here, and if you need more info, the please give the asked info also.
That helps.

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Manon JEANJEAN via samba
> Verzonden: donderdag 20 juli 2017 9:36
> Aan: [hidden email]
> Onderwerp: [Samba] Incompatibility Windows 7
>
> Hello everyone,
>
>  
>
> I work as an IT assistant and I have a problem with my SaMBa Server.
>
>  
>
> Some users within the domain are getting an error at startup
> (Windows 7) :
>
>  
>
> The error reads : There are currently no log on servers
> available to service the log on request
>
>  
> The problem is recurring, so we are looking for a long term solution.
>  
> The only solution for now is to :
> - remove the ethernet cable
> - enter the local account
> - once logged on, change the domain in any way
> - restart the computer (with network cable) and then it works
>
>  
>
> We are using the following registry modification :
>
>  
>
> Windows Registry Editor Version 5.00
>
>  
>
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWo
> rkstation\Para
> meters]
>
> "DNSNameResolutionRequired"=dword:00000000
>
> "DomainCompatibilityMode"=dword:00000001
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
> \Parameters]
>
> "DisablePasswordChange"=dword:00000001
>
> "RequireSignOrSeal"=dword:00000001
>
> "RequireStrongKey"=dword:00000001
>
>  
> Thank you for any help you could provide.
>
>  
>
> Best regards.
>
>  
>
>  
>
> Manon JEANJEAN
>
>  
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
Ok, the informations about my domain:

Domain = NT4Dom
OS = Debian 8.8
Samba version = 4.2.14 - Debian

Thank you for help.

-----Message d'origine-----
De : L.P.H. van Belle via samba [mailto:[hidden email]]
Envoyé : jeudi 20 juillet 2017 09:53
À : [hidden email]
Objet : Re: [Samba] Incompatibility Windows 7

Hai,

Please give this info for us, that helps.

DOMAIN = AD DC ? NT4Dom ?
OS =
Samba version =
And smb.conf  content.

In advance.. What probely need is, disable fast logon optimization, and set Always wait for the network at computer startup and logon
See: https://technet.microsoft.com/en-us/library/gg486839.aspx 

You can test if this is what affects you, is very simple.

Turn of your computer, turn it on again, wait 5 min or so.
This depends all on the speed of the pc, but 5 min is resonable for a slow pc.
Login, does it work? yes? Try again.
Turn of your computer, turn it on again, now, login direct when available.

Repeat these 2-3 times to make sure.
If you can login, check the windows event ids.

Still the same problem?
Start with updating you network drivers.
Set the NIC hard to 100Mb/1Gb as speed, rule out the nic autonegiation.

Check primay dns domain, through CMD box with ipconfig /all And same for dns search domain.

Start here, and if you need more info, the please give the asked info also.
That helps.

Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens Manon
> JEANJEAN via samba
> Verzonden: donderdag 20 juli 2017 9:36
> Aan: [hidden email]
> Onderwerp: [Samba] Incompatibility Windows 7
>
> Hello everyone,
>
>  
>
> I work as an IT assistant and I have a problem with my SaMBa Server.
>
>  
>
> Some users within the domain are getting an error at startup (Windows
> 7) :
>
>  
>
> The error reads : There are currently no log on servers available to
> service the log on request
>
>  
> The problem is recurring, so we are looking for a long term solution.
>  
> The only solution for now is to :
> - remove the ethernet cable
> - enter the local account
> - once logged on, change the domain in any way
> - restart the computer (with network cable) and then it works
>
>  
>
> We are using the following registry modification :
>
>  
>
> Windows Registry Editor Version 5.00
>
>  
>
> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWo
> rkstation\Para
> meters]
>
> "DNSNameResolutionRequired"=dword:00000000
>
> "DomainCompatibilityMode"=dword:00000001
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
> \Parameters]
>
> "DisablePasswordChange"=dword:00000001
>
> "RequireSignOrSeal"=dword:00000001
>
> "RequireStrongKey"=dword:00000001
>
>  
> Thank you for any help you could provide.
>
>  
>
> Best regards.
>
>  
>
>  
>
> Manon JEANJEAN
>
>  
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

smb.conf.txt (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
Hai,

I dont see strange things in your smb.conf so check the pc's as i suggested and check the eventlogs.

I do suggest that you think about moving to an AD DC setup.
Its much more compatible these days.

Your using smbldap-tools from debian, keep im mind that,
this package (smbldap-tools) can be removed anytime since it does not have a maintainer anymore.

Last, go through.
https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
Which also says.:

IMPORTANT: Registry Changes That You Should Never Set!
 You must not to change the values of the RequireSignOrSeal or RequireStrongKey. Changing the settings breaks the interoperability with Windows and Samba installations.

So reverting these settings from your reg file can help also.

You can try these on the PDC/BDC and member servers.
         server max protocol = NT1
         server min protocol = NT1
         client max protocol = NT1
         client min protocol = NT1
There are reports this helps, but im not sure about this if it works for you.

Very last. Howto upgrade to AD ;-)
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
The steps look overwelming, but if you have questions about this.. Rowland knows ;-)


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Manon JEANJEAN via samba
> Verzonden: donderdag 20 juli 2017 10:50
> Aan: [hidden email]
> Onderwerp: Re: [Samba] Incompatibility Windows 7
>
> Ok, the informations about my domain:
>
> Domain = NT4Dom
> OS = Debian 8.8
> Samba version = 4.2.14 - Debian
>
> Thank you for help.
>
> -----Message d'origine-----
> De : L.P.H. van Belle via samba
> [mailto:[hidden email]] Envoyé : jeudi 20 juillet 2017
> 09:53 À : [hidden email] Objet : Re: [Samba]
> Incompatibility Windows 7
>
> Hai,
>
> Please give this info for us, that helps.
>
> DOMAIN = AD DC ? NT4Dom ?
> OS =
> Samba version =
> And smb.conf  content.
>
> In advance.. What probely need is, disable fast logon
> optimization, and set Always wait for the network at computer
> startup and logon
> See: https://technet.microsoft.com/en-us/library/gg486839.aspx 
>
> You can test if this is what affects you, is very simple.
>
> Turn of your computer, turn it on again, wait 5 min or so.
> This depends all on the speed of the pc, but 5 min is
> resonable for a slow pc.
> Login, does it work? yes? Try again.
> Turn of your computer, turn it on again, now, login direct
> when available.
>
> Repeat these 2-3 times to make sure.
> If you can login, check the windows event ids.
>
> Still the same problem?
> Start with updating you network drivers.
> Set the NIC hard to 100Mb/1Gb as speed, rule out the nic
> autonegiation.
>
> Check primay dns domain, through CMD box with ipconfig /all
> And same for dns search domain.
>
> Start here, and if you need more info, the please give the
> asked info also.
> That helps.
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:[hidden email]] Namens Manon
> > JEANJEAN via samba
> > Verzonden: donderdag 20 juli 2017 9:36
> > Aan: [hidden email]
> > Onderwerp: [Samba] Incompatibility Windows 7
> >
> > Hello everyone,
> >
> >  
> >
> > I work as an IT assistant and I have a problem with my SaMBa Server.
> >
> >  
> >
> > Some users within the domain are getting an error at
> startup (Windows
> > 7) :
> >
> >  
> >
> > The error reads : There are currently no log on servers
> available to
> > service the log on request
> >
> >  
> > The problem is recurring, so we are looking for a long term
> solution.
> >  
> > The only solution for now is to :
> > - remove the ethernet cable
> > - enter the local account
> > - once logged on, change the domain in any way
> > - restart the computer (with network cable) and then it works
> >
> >  
> >
> > We are using the following registry modification :
> >
> >  
> >
> > Windows Registry Editor Version 5.00
> >
> >  
> >
> > [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWo
> > rkstation\Para
> > meters]
> >
> > "DNSNameResolutionRequired"=dword:00000000
> >
> > "DomainCompatibilityMode"=dword:00000001
> >
> > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
> > \Parameters]
> >
> > "DisablePasswordChange"=dword:00000001
> >
> > "RequireSignOrSeal"=dword:00000001
> >
> > "RequireStrongKey"=dword:00000001
> >
> >  
> > Thank you for any help you could provide.
> >
> >  
> >
> > Best regards.
> >
> >  
> >
> >  
> >
> > Manon JEANJEAN
> >
> >  
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
Sorry, I was wrong I use LDAP Domain.

I'm very very sorry.

-----Message d'origine-----
De : L.P.H. van Belle via samba [mailto:[hidden email]]
Envoyé : jeudi 20 juillet 2017 11:17
À : [hidden email]
Objet : Re: [Samba] Incompatibility Windows 7

Hai,

I dont see strange things in your smb.conf so check the pc's as i suggested and check the eventlogs.

I do suggest that you think about moving to an AD DC setup.
Its much more compatible these days.

Your using smbldap-tools from debian, keep im mind that, this package (smbldap-tools) can be removed anytime since it does not have a maintainer anymore.

Last, go through.
https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
Which also says.:

IMPORTANT: Registry Changes That You Should Never Set!
 You must not to change the values of the RequireSignOrSeal or RequireStrongKey. Changing the settings breaks the interoperability with Windows and Samba installations.

So reverting these settings from your reg file can help also.

You can try these on the PDC/BDC and member servers.
         server max protocol = NT1
         server min protocol = NT1
         client max protocol = NT1
         client min protocol = NT1
There are reports this helps, but im not sure about this if it works for you.

Very last. Howto upgrade to AD ;-)
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
The steps look overwelming, but if you have questions about this.. Rowland knows ;-)


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens Manon
> JEANJEAN via samba
> Verzonden: donderdag 20 juli 2017 10:50
> Aan: [hidden email]
> Onderwerp: Re: [Samba] Incompatibility Windows 7
>
> Ok, the informations about my domain:
>
> Domain = NT4Dom
> OS = Debian 8.8
> Samba version = 4.2.14 - Debian
>
> Thank you for help.
>
> -----Message d'origine-----
> De : L.P.H. van Belle via samba
> [mailto:[hidden email]] Envoyé : jeudi 20 juillet 2017
> 09:53 À : [hidden email] Objet : Re: [Samba] Incompatibility
> Windows 7
>
> Hai,
>
> Please give this info for us, that helps.
>
> DOMAIN = AD DC ? NT4Dom ?
> OS =
> Samba version =
> And smb.conf  content.
>
> In advance.. What probely need is, disable fast logon optimization,
> and set Always wait for the network at computer startup and logon
> See: https://technet.microsoft.com/en-us/library/gg486839.aspx
>
> You can test if this is what affects you, is very simple.
>
> Turn of your computer, turn it on again, wait 5 min or so.
> This depends all on the speed of the pc, but 5 min is resonable for a
> slow pc.
> Login, does it work? yes? Try again.
> Turn of your computer, turn it on again, now, login direct when
> available.
>
> Repeat these 2-3 times to make sure.
> If you can login, check the windows event ids.
>
> Still the same problem?
> Start with updating you network drivers.
> Set the NIC hard to 100Mb/1Gb as speed, rule out the nic
> autonegiation.
>
> Check primay dns domain, through CMD box with ipconfig /all And same
> for dns search domain.
>
> Start here, and if you need more info, the please give the asked info
> also.
> That helps.
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:[hidden email]] Namens Manon
> > JEANJEAN via samba
> > Verzonden: donderdag 20 juli 2017 9:36
> > Aan: [hidden email]
> > Onderwerp: [Samba] Incompatibility Windows 7
> >
> > Hello everyone,
> >
> >  
> >
> > I work as an IT assistant and I have a problem with my SaMBa Server.
> >
> >  
> >
> > Some users within the domain are getting an error at
> startup (Windows
> > 7) :
> >
> >  
> >
> > The error reads : There are currently no log on servers
> available to
> > service the log on request
> >
> >  
> > The problem is recurring, so we are looking for a long term
> solution.
> >  
> > The only solution for now is to :
> > - remove the ethernet cable
> > - enter the local account
> > - once logged on, change the domain in any way
> > - restart the computer (with network cable) and then it works
> >
> >  
> >
> > We are using the following registry modification :
> >
> >  
> >
> > Windows Registry Editor Version 5.00
> >
> >  
> >
> > [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWo
> > rkstation\Para
> > meters]
> >
> > "DNSNameResolutionRequired"=dword:00000000
> >
> > "DomainCompatibilityMode"=dword:00000001
> >
> > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
> > \Parameters]
> >
> > "DisablePasswordChange"=dword:00000001
> >
> > "RequireSignOrSeal"=dword:00000001
> >
> > "RequireStrongKey"=dword:00000001
> >
> >  
> > Thank you for any help you could provide.
> >
> >  
> >
> > Best regards.
> >
> >  
> >
> >  
> >
> > Manon JEANJEAN
> >
> >  
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hai,

Today this problem is also on windows 10, I don't know why.
I use LDAP Domain not NT4,  for widows 10 there are problem of compatibility?

Thank you

-----Message d'origine-----
De : L.P.H. van Belle via samba [mailto:[hidden email]]
Envoyé : jeudi 20 juillet 2017 11:17
À : [hidden email]
Objet : Re: [Samba] Incompatibility Windows 7

Hai,

I dont see strange things in your smb.conf so check the pc's as i suggested and check the eventlogs.

I do suggest that you think about moving to an AD DC setup.
Its much more compatible these days.

Your using smbldap-tools from debian, keep im mind that, this package (smbldap-tools) can be removed anytime since it does not have a maintainer anymore.

Last, go through.
https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
Which also says.:

IMPORTANT: Registry Changes That You Should Never Set!
 You must not to change the values of the RequireSignOrSeal or RequireStrongKey. Changing the settings breaks the interoperability with Windows and Samba installations.

So reverting these settings from your reg file can help also.

You can try these on the PDC/BDC and member servers.
         server max protocol = NT1
         server min protocol = NT1
         client max protocol = NT1
         client min protocol = NT1
There are reports this helps, but im not sure about this if it works for you.

Very last. Howto upgrade to AD ;-)
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
The steps look overwelming, but if you have questions about this.. Rowland knows ;-)


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens Manon
> JEANJEAN via samba
> Verzonden: donderdag 20 juli 2017 10:50
> Aan: [hidden email]
> Onderwerp: Re: [Samba] Incompatibility Windows 7
>
> Ok, the informations about my domain:
>
> Domain = NT4Dom
> OS = Debian 8.8
> Samba version = 4.2.14 - Debian
>
> Thank you for help.
>
> -----Message d'origine-----
> De : L.P.H. van Belle via samba
> [mailto:[hidden email]] Envoyé : jeudi 20 juillet 2017
> 09:53 À : [hidden email] Objet : Re: [Samba] Incompatibility
> Windows 7
>
> Hai,
>
> Please give this info for us, that helps.
>
> DOMAIN = AD DC ? NT4Dom ?
> OS =
> Samba version =
> And smb.conf  content.
>
> In advance.. What probely need is, disable fast logon optimization,
> and set Always wait for the network at computer startup and logon
> See: https://technet.microsoft.com/en-us/library/gg486839.aspx
>
> You can test if this is what affects you, is very simple.
>
> Turn of your computer, turn it on again, wait 5 min or so.
> This depends all on the speed of the pc, but 5 min is resonable for a
> slow pc.
> Login, does it work? yes? Try again.
> Turn of your computer, turn it on again, now, login direct when
> available.
>
> Repeat these 2-3 times to make sure.
> If you can login, check the windows event ids.
>
> Still the same problem?
> Start with updating you network drivers.
> Set the NIC hard to 100Mb/1Gb as speed, rule out the nic
> autonegiation.
>
> Check primay dns domain, through CMD box with ipconfig /all And same
> for dns search domain.
>
> Start here, and if you need more info, the please give the asked info
> also.
> That helps.
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:[hidden email]] Namens Manon
> > JEANJEAN via samba
> > Verzonden: donderdag 20 juli 2017 9:36
> > Aan: [hidden email]
> > Onderwerp: [Samba] Incompatibility Windows 7
> >
> > Hello everyone,
> >
> >  
> >
> > I work as an IT assistant and I have a problem with my SaMBa Server.
> >
> >  
> >
> > Some users within the domain are getting an error at
> startup (Windows
> > 7) :
> >
> >  
> >
> > The error reads : There are currently no log on servers
> available to
> > service the log on request
> >
> >  
> > The problem is recurring, so we are looking for a long term
> solution.
> >  
> > The only solution for now is to :
> > - remove the ethernet cable
> > - enter the local account
> > - once logged on, change the domain in any way
> > - restart the computer (with network cable) and then it works
> >
> >  
> >
> > We are using the following registry modification :
> >
> >  
> >
> > Windows Registry Editor Version 5.00
> >
> >  
> >
> > [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWo
> > rkstation\Para
> > meters]
> >
> > "DNSNameResolutionRequired"=dword:00000000
> >
> > "DomainCompatibilityMode"=dword:00000001
> >
> > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
> > \Parameters]
> >
> > "DisablePasswordChange"=dword:00000001
> >
> > "RequireSignOrSeal"=dword:00000001
> >
> > "RequireStrongKey"=dword:00000001
> >
> >  
> > Thank you for any help you could provide.
> >
> >  
> >
> > Best regards.
> >
> >  
> >
> >  
> >
> > Manon JEANJEAN
> >
> >  
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
On Thu, 20 Jul 2017 16:34:23 +0200
Manon JEANJEAN via samba <[hidden email]> wrote:

> Hai,
>
> Today this problem is also on windows 10, I don't know why.
> I use LDAP Domain not NT4,  for widows 10 there are problem of
> compatibility?
>

If Samba is involved, it is very probably an NT4-style domain.

Can you please do what Louis asked you to do and post your smb.conf

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Thu, 20 Jul 2017 16:59:58 +0200
L.P.H. van Belle <[hidden email]> wrote:

> At 10:52 today, he posted the smb.conf as attachment, ( see below)
> Regular NT4 domain, about the same as i did run way back...
>
> Its this one, but i dont think he "base" problem is samba but windows.
> Im off, time to go, office is closing...
> Until tomorrow :-)
>

I don't think the OP sent his smb.conf to the list, but can I suggest
he replaces his [global] part of smb.conf with this:

[global]
        workgroup = SYSOCO
        server string = SERVEUR DE FICHIERS
        security = user
        Server max protocol = NT1

        ldap passwd sync = yes
        ldap admin dn = cn=admin,dc=sysoco,dc=fr
        ldap suffix = dc=sysoco,dc=fr
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=Users
        ldap ssl = off
        idmap config SYSOCO: backend = ldap
        idmap config SYSOCO: range = 1000-10000
        idmap config SYSOCO: ldap_url = ldap://localhost
        idmap config SYSOCO: ldap_base_dn = ou=idmap,dc=sysoco,dc=fr
        idmap config SYSOCO: ldap_user_dn = cn=admin,dc=sysoco,dc=fr

        add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
        add user script = /usr/local/sbin/smbldap-useradd -m "%u"
        add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
        set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
        #delete user script = /usr/local/sbin/smbldap-userdel "%u"
        #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
        delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"

        wins support = yes
        domain master = Yes
        preferred master = yes
        domain logons = Yes
        logon path =
        logon script = logon.cmd
        os level = 255
        name resolve order = wins hosts lmhosts bcast
        printcap name = cups
        log file = /var/log/samba.log
        log level = 2 passdb:5 auth:5
        use sendfile = yes
        aio read size = 16384
        aio write size = 16384
        vfs objects = full_audit recycle
        full_audit:priority = notice
        full_audit:facility = local5
        full_audit:success = mkdir rmdir rename unlink write open
        full_audit:failure = connect
        full_audit:prefix = %u|%I|%S

        recycle:keeptree = yes
        recycle:versions = yes
        recycle:touch = yes
        recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP
        recycle:exclude_dir=  /tmp,/temp,/cache
        recycle:repository = .recycle/.recycle.%u
        recycle:noversions = *.doc,*.xls,*.ppt
        recycle:maxsize = 524288000

I personally think he is hitting the 'Windows wants to use SMB3 by
default' problem.

I would also suggest the OP starts thinking about upgrading his
NT4-style (yes it is an NT4-style domain) to AD.

Rowland
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Mandi! Manon JEANJEAN via samba
  In chel di` si favelave...

I'm still in these situation, a samba4 NT-like domains with windows 7
pro clients.

> The error reads : There are currently no log on servers available to service
> the log on request

I'm hitting this also i, recurring but ''random''; apart effectively
troubled box (eg, a box that boot bad, do an automatic rollback from a
restore point and so lost the machine account) i hit errors like these,
normally in twin with user password change troubles.

Tipically it sufficies to look at windows updates, most of the time the
box have some update stuck or half-installed, and so a windows update
runnign and a reboot fix the trouble.

All these sort of troubles start last autumn by the infamous KB3167679
update, that broke for a month or so NT domains.


Rowland, i've not set:

        Server max protocol = NT1

but, as stated, these trouble are spot and random...

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
Hello everybody

Ok Marco, I'm reassured to look you have the same problem.
My friend speak of NTML for my problem, it can help me?
What is NTML?

Thank you


> -----Message d'origine-----
> De : Marco Gaiarin via samba [mailto:[hidden email]]
> Envoyé : vendredi 21 juillet 2017 11:27
> À : [hidden email]
> Objet : Re: [Samba] Incompatibility Windows 7

> Mandi! Manon JEANJEAN via samba
 > In chel di` si favelave...

> I'm still in these situation, a samba4 NT-like domains with windows 7 pro clients.

> The error reads : There are currently no log on servers available to
> service the log on request

> I'm hitting this also i, recurring but ''random''; apart effectively troubled box (eg, a box that boot bad, do an automatic rollback from a restore point and so lost the machine account) i hit errors like these, normally in twin with user password change troubles.

> Tipically it sufficies to look at windows updates, most of the time the box have some update stuck or half-installed, and so a windows update runnign and a reboot fix the trouble.

> All these sort of troubles start last autumn by the infamous KB3167679 update, that broke for a month or so NT domains.


> Rowland, i've not set:

        Server max protocol = NT1

 >but, as stated, these trouble are spot and random...

--
 > dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  > Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
 >  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  >marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
On Fri, 21 Jul 2017 11:46:55 +0200
Manon JEANJEAN via samba <[hidden email]> wrote:

> Hello everybody
>
> Ok Marco, I'm reassured to look you have the same problem.
> My friend speak of NTML for my problem, it can help me?
> What is NTML?
>

No idea ;-)
However I think you mean 'NTLM' NT LanManager

Microsoft is trying very hard not to use this, because it isn't very
secure, so, from posts on here, it seems that you need to add 'Server
max protocol = NT1' to the smb.conf on the PDC.

It is also a wake up call, you should seriously consider updating the
PDC to a DC.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hello again,

False Server max protocol = NT1 doesn't work because all my server fell there are 20 minutes.
So it's necessary to find a new idea.

Thank you.

-----Message d'origine-----
De : Manon JEANJEAN via samba [mailto:[hidden email]]
Envoyé : vendredi 21 juillet 2017 11:47
À : [hidden email]
Objet : Re: [Samba] Incompatibility Windows 7

Hello everybody

Ok Marco, I'm reassured to look you have the same problem.
My friend speak of NTML for my problem, it can help me?
What is NTML?

Thank you


> -----Message d'origine-----
> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
> [Samba] Incompatibility Windows 7

> Mandi! Manon JEANJEAN via samba
 > In chel di` si favelave...

> I'm still in these situation, a samba4 NT-like domains with windows 7 pro clients.

> The error reads : There are currently no log on servers available to
> service the log on request

> I'm hitting this also i, recurring but ''random''; apart effectively troubled box (eg, a box that boot bad, do an automatic rollback from a restore point and so lost the machine account) i hit errors like these, normally in twin with user password change troubles.

> Tipically it sufficies to look at windows updates, most of the time the box have some update stuck or half-installed, and so a windows update runnign and a reboot fix the trouble.

> All these sort of troubles start last autumn by the infamous KB3167679 update, that broke for a month or so NT domains.


> Rowland, i've not set:

        Server max protocol = NT1

 >but, as stated, these trouble are spot and random...

--
 > dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  > Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
 >  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  >marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In October,  when samba was patched for "badlock" I had to set the following


         client signing = auto
         client ipc signing = auto
          server signing = auto


otherwise some of the signing behavior was defaulting on on.   You may
want to try turning some of the signing options to auto or off.

I am also using NT1 as the min and max server and client protocol.   SMB
2.x causes problems.

I am running Samba 4.4.14 on my domain controllers and key file
servers.  I think Samba 4.2.x is end-of-life so at some point there will
be some windows update that will break compatibility.    I had Samba
3.6.x running last year and I couldn't keep it working anymore.




On 07/21/17 08:32, Manon JEANJEAN via samba wrote:

> Hello again,
>
> False Server max protocol = NT1 doesn't work because all my server fell there are 20 minutes.
> So it's necessary to find a new idea.
>
> Thank you.
>
> -----Message d'origine-----
> De : Manon JEANJEAN via samba [mailto:[hidden email]]
> Envoyé : vendredi 21 juillet 2017 11:47
> À : [hidden email]
> Objet : Re: [Samba] Incompatibility Windows 7
>
> Hello everybody
>
> Ok Marco, I'm reassured to look you have the same problem.
> My friend speak of NTML for my problem, it can help me?
> What is NTML?
>
> Thank you
>
>
>> -----Message d'origine-----
>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>> [Samba] Incompatibility Windows 7
>> Mandi! Manon JEANJEAN via samba
>   > In chel di` si favelave...
>
>> I'm still in these situation, a samba4 NT-like domains with windows 7 pro clients.
>> The error reads : There are currently no log on servers available to
>> service the log on request
>> I'm hitting this also i, recurring but ''random''; apart effectively troubled box (eg, a box that boot bad, do an automatic rollback from a restore point and so lost the machine account) i hit errors like these, normally in twin with user password change troubles.
>> Tipically it sufficies to look at windows updates, most of the time the box have some update stuck or half-installed, and so a windows update runnign and a reboot fix the trouble.
>> All these sort of troubles start last autumn by the infamous KB3167679 update, that broke for a month or so NT domains.
>
>> Rowland, i've not set:
> Server max protocol = NT1
>
>   >but, as stated, these trouble are spot and random...
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
wikipedia has a comparison

https://en.wikipedia.org/wiki/Server_Message_Block


SMB1 = NT1


WIndows 7 does not support SMB3 it won't negotiate to use it. Windows 10
does support SMB3 which means it will try to negotiate to use it -  and
since SMB3 doesn't seem to be implemented properly in Samba it then
causes problems.

I don't know if SMB2 works ok with Windows 10 clients-     most machines
in my samba domain are windows 7 Pro (desktop) and Windows 2008/2008R2
(server.)     SMB2 caused issues with WIndows 7 and 2008.      A Windows
client could make one file sharing connection to a samba server but not
additional ones.   Very weird.    I don't know if the problem was with
SMB 2.x on the samba file servers or  SMB2.x on the samba domain
controllers.





On 07/21/17 09:42, Manon JEANJEAN wrote:

> What i don' understand is Windows 7 works in SMB3 but not Windows 10 whereas when I am in NT1 it's contrary windows 10 works but not Windows 7...
> What's the difference between NT1 and SMB3 who provoc this...
>
> -----Message d'origine-----
> De : Gaiseric Vandal via samba [mailto:[hidden email]]
> Envoyé : vendredi 21 juillet 2017 15:16
> À : [hidden email]
> Objet : Re: [Samba] Incompatibility Windows 7
>
> In October,  when samba was patched for "badlock" I had to set the following
>
>
>           client signing = auto
>           client ipc signing = auto
>            server signing = auto
>
>
> otherwise some of the signing behavior was defaulting on on.   You may
> want to try turning some of the signing options to auto or off.
>
> I am also using NT1 as the min and max server and client protocol.   SMB
> 2.x causes problems.
>
> I am running Samba 4.4.14 on my domain controllers and key file servers.  I think Samba 4.2.x is end-of-life so at some point there will
> be some windows update that will break compatibility.    I had Samba
> 3.6.x running last year and I couldn't keep it working anymore.
>
>
>
>
> On 07/21/17 08:32, Manon JEANJEAN via samba wrote:
>> Hello again,
>>
>> False Server max protocol = NT1 doesn't work because all my server fell there are 20 minutes.
>> So it's necessary to find a new idea.
>>
>> Thank you.
>>
>> -----Message d'origine-----
>> De : Manon JEANJEAN via samba [mailto:[hidden email]]
>> Envoyé : vendredi 21 juillet 2017 11:47
>> À : [hidden email]
>> Objet : Re: [Samba] Incompatibility Windows 7
>>
>> Hello everybody
>>
>> Ok Marco, I'm reassured to look you have the same problem.
>> My friend speak of NTML for my problem, it can help me?
>> What is NTML?
>>
>> Thank you
>>
>>
>>> -----Message d'origine-----
>>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>>> [Samba] Incompatibility Windows 7
>>> Mandi! Manon JEANJEAN via samba
>>    > In chel di` si favelave...
>>
>>> I'm still in these situation, a samba4 NT-like domains with windows 7 pro clients.
>>> The error reads : There are currently no log on servers available to
>>> service the log on request
>>> I'm hitting this also i, recurring but ''random''; apart effectively troubled box (eg, a box that boot bad, do an automatic rollback from a restore point and so lost the machine account) i hit errors like these, normally in twin with user password change troubles.
>>> Tipically it sufficies to look at windows updates, most of the time the box have some update stuck or half-installed, and so a windows update runnign and a reboot fix the trouble.
>>> All these sort of troubles start last autumn by the infamous KB3167679 update, that broke for a month or so NT domains.
>>> Rowland, i've not set:
>> Server max protocol = NT1
>>
>>    >but, as stated, these trouble are spot and random...
>>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Are these changes for the PDC, the member server, or both?

Dale


On 07/21/2017 8:15 AM, Gaiseric Vandal via samba wrote:

> In October,  when samba was patched for "badlock" I had to set the
> following
>
>
>         client signing = auto
>         client ipc signing = auto
>          server signing = auto
>
>
> otherwise some of the signing behavior was defaulting on on.   You may
> want to try turning some of the signing options to auto or off.
>
> I am also using NT1 as the min and max server and client protocol.  
> SMB 2.x causes problems.
>
> I am running Samba 4.4.14 on my domain controllers and key file
> servers.  I think Samba 4.2.x is end-of-life so at some point there
> will be some windows update that will break compatibility.    I had
> Samba 3.6.x running last year and I couldn't keep it working anymore.
>
>
>
>
> On 07/21/17 08:32, Manon JEANJEAN via samba wrote:
>> Hello again,
>>
>> False Server max protocol = NT1 doesn't work because all my server
>> fell there are 20 minutes.
>> So it's necessary to find a new idea.
>>
>> Thank you.
>>
>> -----Message d'origine-----
>> De : Manon JEANJEAN via samba [mailto:[hidden email]]
>> Envoyé : vendredi 21 juillet 2017 11:47
>> À : [hidden email]
>> Objet : Re: [Samba] Incompatibility Windows 7
>>
>> Hello everybody
>>
>> Ok Marco, I'm reassured to look you have the same problem.
>> My friend speak of NTML for my problem, it can help me?
>> What is NTML?
>>
>> Thank you
>>
>>
>>> -----Message d'origine-----
>>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>>> [Samba] Incompatibility Windows 7
>>> Mandi! Manon JEANJEAN via samba
>>   > In chel di` si favelave...
>>
>>> I'm still in these situation, a samba4 NT-like domains with windows
>>> 7 pro clients.
>>> The error reads : There are currently no log on servers available to
>>> service the log on request
>>> I'm hitting this also i, recurring but ''random''; apart effectively
>>> troubled box (eg, a box that boot bad, do an automatic rollback from
>>> a restore point and so lost the machine account) i hit errors like
>>> these, normally in twin with user password change troubles.
>>> Tipically it sufficies to look at windows updates, most of the time
>>> the box have some update stuck or half-installed, and so a windows
>>> update runnign and a reboot fix the trouble.
>>> All these sort of troubles start last autumn by the infamous
>>> KB3167679 update, that broke for a month or so NT domains.
>>
>>> Rowland, i've not set:
>>     Server max protocol = NT1
>>
>>   >but, as stated, these trouble are spot and random...
>>
>
>



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
There have been a rash of NT4 threads lately on this list, so I will try
to resurrect my problem once more and hope that someone is looking.

I believe that there has to be more to it than the parameters listed
below, because I've tried those parameters, the max/min protocol
parameter options, and every other incantation postulated on this list.  
Regardless of what I've tried, member servers above 4.2.x absolutely
will not allow access to shares with the stated fixes. [Please note that
this problem started pre-badlock patches, immediately after upgrading to
4.3.x.]

For me, (1) an NT4 PDC (ver. 4.6.5) with a share, allows access from
linux and Windows 7 clients; however, (2) shares on 4.6.5 member servers
are inaccessible (NT_STATUS_NO_LOGON_SERVERS error).  (3) Shares on
member servers running 4.2.x are accessible from linux and Win7.

Is there anyone at all who is willing to share their 'working' NT4
global config?  I would appreciate it very much.

Thanks,
Dale


On 07/21/2017 8:15 AM, Gaiseric Vandal via samba wrote:

> In October,  when samba was patched for "badlock" I had to set the
> following
>
>
>         client signing = auto
>         client ipc signing = auto
>          server signing = auto
>
>
> otherwise some of the signing behavior was defaulting on on.   You may
> want to try turning some of the signing options to auto or off.
>
> I am also using NT1 as the min and max server and client protocol.  
> SMB 2.x causes problems.
>
> I am running Samba 4.4.14 on my domain controllers and key file
> servers.  I think Samba 4.2.x is end-of-life so at some point there
> will be some windows update that will break compatibility.    I had
> Samba 3.6.x running last year and I couldn't keep it working anymore.
>
>
>
>
> On 07/21/17 08:32, Manon JEANJEAN via samba wrote:
>> Hello again,
>>
>> False Server max protocol = NT1 doesn't work because all my server
>> fell there are 20 minutes.
>> So it's necessary to find a new idea.
>>
>> Thank you.
>>
>> -----Message d'origine-----
>> De : Manon JEANJEAN via samba [mailto:[hidden email]]
>> Envoyé : vendredi 21 juillet 2017 11:47
>> À : [hidden email]
>> Objet : Re: [Samba] Incompatibility Windows 7
>>
>> Hello everybody
>>
>> Ok Marco, I'm reassured to look you have the same problem.
>> My friend speak of NTML for my problem, it can help me?
>> What is NTML?
>>
>> Thank you
>>
>>
>>> -----Message d'origine-----
>>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>>> [Samba] Incompatibility Windows 7
>>> Mandi! Manon JEANJEAN via samba
>>   > In chel di` si favelave...
>>
>>> I'm still in these situation, a samba4 NT-like domains with windows
>>> 7 pro clients.
>>> The error reads : There are currently no log on servers available to
>>> service the log on request
>>> I'm hitting this also i, recurring but ''random''; apart effectively
>>> troubled box (eg, a box that boot bad, do an automatic rollback from
>>> a restore point and so lost the machine account) i hit errors like
>>> these, normally in twin with user password change troubles.
>>> Tipically it sufficies to look at windows updates, most of the time
>>> the box have some update stuck or half-installed, and so a windows
>>> update runnign and a reboot fix the trouble.
>>> All these sort of troubles start last autumn by the infamous
>>> KB3167679 update, that broke for a month or so NT domains.
>>
>>> Rowland, i've not set:
>>     Server max protocol = NT1
>>
>>   >but, as stated, these trouble are spot and random...
>>
>
>



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list

my member file server  sanitized samba config .  (samba 4.4.14) I have
the idmapping entries to force consistency between machines.


Can you try "smbclient -L \\someserver" from various samba machines?  
That make shake out if there is some version incompatibility.

Can you try "net rpc testjoin" on a member server?

Can you run "testparm -v" on a problem server and compare to a good
server?   Defaults may have changed.

----------------------------------------------------------


#======================= Global Settings
=====================================
[global]

#  5/28/17 - disable nt pipe support
nt pipe support = no

syslog = 3

# 10/8/16 for badlock idr
         client signing = auto
         client ipc signing = auto
#

    workgroup = MYDOMAIN

# server string is the equivalent of the NT Description field

    server string = FileServer1

# set the netbios name in case change unix host name
     netbios name = FILESERVER1

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
    security = domain

#IDMAPPING

     idmap config * : backend  = tdb
     idmap config * : range =  5000-6000


     idmap config MYDOMAIN : backend  = nss
     idmap config MYDOMAIN : range = 100-2000


# winbind use default domain = yes
# winbind trusted domains only = yes
log level = 5


winbind enum users = Yes
winbind enum groups = Yes
#winbind rpc only = yes


# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
;   hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
    load printers = yes

# you may wish to override the location of the printcap file
;   printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
;   printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
;   printing = cups

# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
    log file = /var/samba/log/log.%m

# Put a capping on the size of the log files (in Kb).
    max log size = 50

# Use password server option only with security = server
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
;   password server = <NT-Server-Name>

# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
;   realm = MY_REALM

# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
    #passdb backend = smbpasswd
    passdb backend = tdbsam

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#       this line.  The included file is read at that point.
;  include = /usr/sfw/lib/smb.conf.%m

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
;   domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;   preferred master = yes

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
;   domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
#        %L substitutes for this servers netbios name, %U is username
#        You must uncomment the [Profiles] share below
;   logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS
Server
;   wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#    Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
;   wins server = w.x.y.z
    wins server = 192.168.x.x

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one    WINS Server on the network. The default is NO.
;   wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
    dns proxy = no


#============================ Share Definitions
==============================

...

[archived_projects]
         path = /ArchiveProjectsPool1
         #valid users = @engr, ssc
         read only = No
         hide special files = Yes
         map archive = No
         guest ok = yes



[dept]
         msdfs root = yes
         path = /DataPool1/Dept
         # valid users = @group1,someuser
         read only = No
         hide special files = Yes
         map archive = No
         inherit permissions = Yes
         inherit acls = Yes
        vfs objects = zfsacl
         nfs4:acedup = merge
         nfs4:chown = yes
         nfs4: mode = special
         mapread only = no
         ea support = yes
         store dos attributes = yes
         create mask = 0770
         force create mode = 0600
         directory mask = 0775
         force directory mode = 0600
         zfsacl: acesort = dontcare
,...
# Un-comment the following and create the netlogon directory for Domain
Logons
; [netlogon]
;   comment = Network Logon Service
;   path = /usr/local/sambanetlogon
;   guest ok = yes
;   writable = no
;   share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;    path = /usr/local/samba/profiles
;    browseable = no
;    guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
# Set public = yes to allow user 'guest account' to print
    guest ok = no
    writable = no
    printable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba
;   public = yes
;   writable = no
;   printable = no
;   write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in
fred's
# home directory. Note that fred must have write access to the spool
directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# A publicly accessible directory, read/write to all users. Note that
all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of
course
# be specified, in which case all files would be owned by that user instead.
;[public]
;   path = /usr/somewhere/else/public
;   public = yes
;   only guest = yes
;   writable = yes
;   printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users.
In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765
-------------------------------------------------------


On 07/28/17 14:57, Dale Schroeder via samba wrote:

> There have been a rash of NT4 threads lately on this list, so I will
> try to resurrect my problem once more and hope that someone is looking.
>
> I believe that there has to be more to it than the parameters listed
> below, because I've tried those parameters, the max/min protocol
> parameter options, and every other incantation postulated on this
> list.  Regardless of what I've tried, member servers above 4.2.x
> absolutely will not allow access to shares with the stated fixes.
> [Please note that this problem started pre-badlock patches,
> immediately after upgrading to 4.3.x.]
>
> For me, (1) an NT4 PDC (ver. 4.6.5) with a share, allows access from
> linux and Windows 7 clients; however, (2) shares on 4.6.5 member
> servers are inaccessible (NT_STATUS_NO_LOGON_SERVERS error).  (3)
> Shares on member servers running 4.2.x are accessible from linux and
> Win7.
>
> Is there anyone at all who is willing to share their 'working' NT4
> global config?  I would appreciate it very much.
>
> Thanks,
> Dale
>
>
> On 07/21/2017 8:15 AM, Gaiseric Vandal via samba wrote:
>> In October,  when samba was patched for "badlock" I had to set the
>> following
>>
>>
>>         client signing = auto
>>         client ipc signing = auto
>>          server signing = auto
>>
>>
>> otherwise some of the signing behavior was defaulting on on. You may
>> want to try turning some of the signing options to auto or off.
>>
>> I am also using NT1 as the min and max server and client protocol.  
>> SMB 2.x causes problems.
>>
>> I am running Samba 4.4.14 on my domain controllers and key file
>> servers.  I think Samba 4.2.x is end-of-life so at some point there
>> will be some windows update that will break compatibility.    I had
>> Samba 3.6.x running last year and I couldn't keep it working anymore.
>>
>>
>>
>>
>> On 07/21/17 08:32, Manon JEANJEAN via samba wrote:
>>> Hello again,
>>>
>>> False Server max protocol = NT1 doesn't work because all my server
>>> fell there are 20 minutes.
>>> So it's necessary to find a new idea.
>>>
>>> Thank you.
>>>
>>> -----Message d'origine-----
>>> De : Manon JEANJEAN via samba [mailto:[hidden email]]
>>> Envoyé : vendredi 21 juillet 2017 11:47
>>> À : [hidden email]
>>> Objet : Re: [Samba] Incompatibility Windows 7
>>>
>>> Hello everybody
>>>
>>> Ok Marco, I'm reassured to look you have the same problem.
>>> My friend speak of NTML for my problem, it can help me?
>>> What is NTML?
>>>
>>> Thank you
>>>
>>>
>>>> -----Message d'origine-----
>>>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>>>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>>>> [Samba] Incompatibility Windows 7
>>>> Mandi! Manon JEANJEAN via samba
>>>   > In chel di` si favelave...
>>>
>>>> I'm still in these situation, a samba4 NT-like domains with windows
>>>> 7 pro clients.
>>>> The error reads : There are currently no log on servers available to
>>>> service the log on request
>>>> I'm hitting this also i, recurring but ''random''; apart
>>>> effectively troubled box (eg, a box that boot bad, do an automatic
>>>> rollback from a restore point and so lost the machine account) i
>>>> hit errors like these, normally in twin with user password change
>>>> troubles.
>>>> Tipically it sufficies to look at windows updates, most of the time
>>>> the box have some update stuck or half-installed, and so a windows
>>>> update runnign and a reboot fix the trouble.
>>>> All these sort of troubles start last autumn by the infamous
>>>> KB3167679 update, that broke for a month or so NT domains.
>>>
>>>> Rowland, i've not set:
>>>     Server max protocol = NT1
>>>
>>>   >but, as stated, these trouble are spot and random...
>>>
>>
>>
>
>
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
In case this helps here's some smb.conf parameters (many not at the
defaults) being used in a shop where most clients are Windows 7 domain
members. There is one XP domain member and also one NT4 Server domain
member (was the original PDC) running Exchange 5.5. All systems work
just superb. No changes to min/max protocols.

The Samba member server (handles all file and print sharing):
================================
server role = MEMBER SERVER
security = domain
smb ports = 445 139
client ipc signing = Auto
client signing = Auto
server signing = Auto
raw NTLMv2 auth = Yes
ntlm auth = Yes
wins server = <ip address of PDC>
================================

The PDC (no file or print sharing, only a PDC running in an LXC):
================================
server role = CLASSIC PRIMARY DOMAIN CONTROLLER
security = user
smb ports = 445 139
raw NTLMv2 auth = Yes
ntlm auth = Yes
client use spnego = No
wins support = yes
================================

As you're not trying to support NT4 you may not need to go to the
extremes I show, but it's nice to know it works.

Both above are Samba 4.6.5 compiled from source running on Debian Stretch.

In regards to the NT_STATUS_NO_LOGON_SERVERS error rejoining the
domain from the afflicted servers may help. Also check that your WINS
support is properly setup.

Chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Thank you, Gaiseric, for this invaluable input.

Preliminary results: (1) smbclient to any nonworking system gives the
same 'no logon server' error as before, while using to a working member
or the PDC give the expected output.  (2) net rpc testjoin from a
working member returns an OK, while from a nonworking member returns
nothing.

When I get in front of the domain, I will run diffs on the output of
testparm from working and nonworking systems, then report the results.

Thanks again.

Dale


On 07/28/2017 2:38 PM, Gaiseric Vandal via samba wrote:

>
> my member file server  sanitized samba config .  (samba 4.4.14) I have
> the idmapping entries to force consistency between machines.
>
>
> Can you try "smbclient -L \\someserver" from various samba machines?  
> That make shake out if there is some version incompatibility.
>
> Can you try "net rpc testjoin" on a member server?
>
> Can you run "testparm -v" on a problem server and compare to a good
> server?   Defaults may have changed.
>
> ----------------------------------------------------------
>
>
> #======================= Global Settings
> =====================================
> [global]
>
> #  5/28/17 - disable nt pipe support
> nt pipe support = no
>
> syslog = 3
>
> # 10/8/16 for badlock idr
>         client signing = auto
>         client ipc signing = auto
> #
>
>    workgroup = MYDOMAIN
>
> # server string is the equivalent of the NT Description field
>
>    server string = FileServer1
>
> # set the netbios name in case change unix host name
>     netbios name = FILESERVER1
>
> # Security mode. Defines in which mode Samba will operate. Possible
> # values are share, user, server, domain and ads. Most people will want
> # user level security. See the Samba-HOWTO-Collection for details.
>    security = domain
>
> #IDMAPPING
>
>     idmap config * : backend  = tdb
>     idmap config * : range =  5000-6000
>
>
>     idmap config MYDOMAIN : backend  = nss
>     idmap config MYDOMAIN : range = 100-2000
>
>
> # winbind use default domain = yes
> # winbind trusted domains only = yes
> log level = 5
>
>
> winbind enum users = Yes
> winbind enum groups = Yes
> #winbind rpc only = yes
>
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> ;   hosts allow = 192.168.1. 192.168.2. 127.
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
>    load printers = yes
>
> # you may wish to override the location of the printcap file
> ;   printcap name = /etc/printcap
>
> # on SystemV system setting printcap name to lpstat should allow
> # you to automatically obtain a printer list from the SystemV spool
> # system
> ;   printcap name = lpstat
>
> # It should not be necessary to specify the print system type unless
> # it is non-standard. Currently supported print systems include:
> # bsd, cups, sysv, plp, lprng, aix, hpux, qnx
> ;   printing = cups
>
> # Uncomment this if you want a guest account, you must add this to
> /etc/passwd
> # otherwise the user "nobody" is used
> ;  guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
>    log file = /var/samba/log/log.%m
>
> # Put a capping on the size of the log files (in Kb).
>    max log size = 50
>
> # Use password server option only with security = server
> # The argument list may include:
> #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> #   password server = *
> ;   password server = <NT-Server-Name>
>
> # Use the realm option only with security = ads
> # Specifies the Active Directory realm the host is part of
> ;   realm = MY_REALM
>
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>    #passdb backend = smbpasswd
>    passdb backend = tdbsam
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting.
> # Note: Consider carefully the location in the configuration file of
> #       this line.  The included file is read at that point.
> ;  include = /usr/sfw/lib/smb.conf.%m
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
>
> # Browser Control Options:
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
> ;   local master = no
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
> ;   os level = 33
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> ;   domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on
> startup
> # and gives it a slightly higher chance of winning the election
> ;   preferred master = yes
>
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations.
> ;   domain logons = yes
>
> # if you enable domain logons then you may want a per-machine or
> # per user logon script
> # run a specific logon batch file per workstation (machine)
> ;   logon script = %m.bat
> # run a specific logon batch file per username
> ;   logon script = %U.bat
>
> # Where to store roving profiles (only for Win95 and WinNT)
> #        %L substitutes for this servers netbios name, %U is username
> #        You must uncomment the [Profiles] share below
> ;   logon path = \\%L\Profiles\%U
>
> # Windows Internet Name Serving Support Section:
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS
> Server
> ;   wins support = yes
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> #    Note: Samba can be either a WINS Server, or a WINS Client, but
> NOT both
> ;   wins server = w.x.y.z
>    wins server = 192.168.x.x
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one    WINS Server on the network. The default is NO.
> ;   wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The default is NO.
>    dns proxy = no
>
>
> #============================ Share Definitions
> ==============================
>
> ...
>
> [archived_projects]
>         path = /ArchiveProjectsPool1
>         #valid users = @engr, ssc
>         read only = No
>         hide special files = Yes
>         map archive = No
>         guest ok = yes
>
>
>
> [dept]
>         msdfs root = yes
>         path = /DataPool1/Dept
>         # valid users = @group1,someuser
>         read only = No
>         hide special files = Yes
>         map archive = No
>         inherit permissions = Yes
>         inherit acls = Yes
>        vfs objects = zfsacl
>         nfs4:acedup = merge
>         nfs4:chown = yes
>         nfs4: mode = special
>         mapread only = no
>         ea support = yes
>         store dos attributes = yes
>         create mask = 0770
>         force create mode = 0600
>         directory mask = 0775
>         force directory mode = 0600
>         zfsacl: acesort = dontcare
> ,...
> # Un-comment the following and create the netlogon directory for
> Domain Logons
> ; [netlogon]
> ;   comment = Network Logon Service
> ;   path = /usr/local/sambanetlogon
> ;   guest ok = yes
> ;   writable = no
> ;   share modes = no
>
>
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> ;[Profiles]
> ;    path = /usr/local/samba/profiles
> ;    browseable = no
> ;    guest ok = yes
>
>
> # NOTE: If you have a BSD-style print system there is no need to
> # specifically define each individual printer
> [printers]
>    comment = All Printers
>    path = /var/spool/samba
>    browseable = no
> # Set public = yes to allow user 'guest account' to print
>    guest ok = no
>    writable = no
>    printable = yes
>
> # This one is useful for people to share files
> ;[tmp]
> ;   comment = Temporary file space
> ;   path = /tmp
> ;   read only = no
> ;   public = yes
>
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> ;[public]
> ;   comment = Public Stuff
> ;   path = /home/samba
> ;   public = yes
> ;   writable = no
> ;   printable = no
> ;   write list = @staff
>
> # Other examples.
> #
> # A private printer, usable only by fred. Spool data will be placed in
> fred's
> # home directory. Note that fred must have write access to the spool
> directory,
> # wherever it is.
> ;[fredsprn]
> ;   comment = Fred's Printer
> ;   valid users = fred
> ;   path = /homes/fred
> ;   printer = freds_printer
> ;   public = no
> ;   writable = no
> ;   printable = yes
>
> # A private directory, usable only by fred. Note that fred requires write
> # access to the directory.
> ;[fredsdir]
> ;   comment = Fred's Service
> ;   path = /usr/somewhere/private
> ;   valid users = fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
>
> # a service which has a different directory for each machine that
> connects
> # this allows you to tailor configurations to incoming machines. You
> could
> # also use the %U option to tailor it by user name.
> # The %m gets replaced with the machine name that is connecting.
> ;[pchome]
> ;  comment = PC Directories
> ;  path = /usr/pc/%m
> ;  public = no
> ;  writable = yes
>
> # A publicly accessible directory, read/write to all users. Note that
> all files
> # created in the directory by users will be owned by the default user, so
> # any user with access can delete any other user's files. Obviously this
> # directory must be writable by the default user. Another user could
> of course
> # be specified, in which case all files would be owned by that user
> instead.
> ;[public]
> ;   path = /usr/somewhere/else/public
> ;   public = yes
> ;   only guest = yes
> ;   writable = yes
> ;   printable = no
>
> # The following two entries demonstrate how to share a directory so
> that two
> # users can place files there that will be owned by the specific
> users. In this
> # setup, the directory should be writable by both users and should
> have the
> # sticky bit set on it to prevent abuse. Obviously this could be
> extended to
> # as many users as required.
> ;[myshare]
> ;   comment = Mary's and Fred's stuff
> ;   path = /usr/somewhere/shared
> ;   valid users = mary fred
> ;   public = no
> ;   writable = yes
> ;   printable = no
> ;   create mask = 0765
> -------------------------------------------------------
>
>
> On 07/28/17 14:57, Dale Schroeder via samba wrote:
>> There have been a rash of NT4 threads lately on this list, so I will
>> try to resurrect my problem once more and hope that someone is looking.
>>
>> I believe that there has to be more to it than the parameters listed
>> below, because I've tried those parameters, the max/min protocol
>> parameter options, and every other incantation postulated on this
>> list.  Regardless of what I've tried, member servers above 4.2.x
>> absolutely will not allow access to shares with the stated fixes.
>> [Please note that this problem started pre-badlock patches,
>> immediately after upgrading to 4.3.x.]
>>
>> For me, (1) an NT4 PDC (ver. 4.6.5) with a share, allows access from
>> linux and Windows 7 clients; however, (2) shares on 4.6.5 member
>> servers are inaccessible (NT_STATUS_NO_LOGON_SERVERS error).  (3)
>> Shares on member servers running 4.2.x are accessible from linux and
>> Win7.
>>
>> Is there anyone at all who is willing to share their 'working' NT4
>> global config?  I would appreciate it very much.
>>
>> Thanks,
>> Dale
>>
>>
>> On 07/21/2017 8:15 AM, Gaiseric Vandal via samba wrote:
>>> In October,  when samba was patched for "badlock" I had to set the
>>> following
>>>
>>>
>>>         client signing = auto
>>>         client ipc signing = auto
>>>          server signing = auto
>>>
>>>
>>> otherwise some of the signing behavior was defaulting on on. You may
>>> want to try turning some of the signing options to auto or off.
>>>
>>> I am also using NT1 as the min and max server and client protocol.  
>>> SMB 2.x causes problems.
>>>
>>> I am running Samba 4.4.14 on my domain controllers and key file
>>> servers.  I think Samba 4.2.x is end-of-life so at some point there
>>> will be some windows update that will break compatibility.    I had
>>> Samba 3.6.x running last year and I couldn't keep it working anymore.
>>>
>>>
>>>
>>>
>>> On 07/21/17 08:32, Manon JEANJEAN via samba wrote:
>>>> Hello again,
>>>>
>>>> False Server max protocol = NT1 doesn't work because all my server
>>>> fell there are 20 minutes.
>>>> So it's necessary to find a new idea.
>>>>
>>>> Thank you.
>>>>
>>>> -----Message d'origine-----
>>>> De : Manon JEANJEAN via samba [mailto:[hidden email]]
>>>> Envoyé : vendredi 21 juillet 2017 11:47
>>>> À : [hidden email]
>>>> Objet : Re: [Samba] Incompatibility Windows 7
>>>>
>>>> Hello everybody
>>>>
>>>> Ok Marco, I'm reassured to look you have the same problem.
>>>> My friend speak of NTML for my problem, it can help me?
>>>> What is NTML?
>>>>
>>>> Thank you
>>>>
>>>>
>>>>> -----Message d'origine-----
>>>>> De : Marco Gaiarin via samba [mailto:[hidden email]] Envoyé :
>>>>> vendredi 21 juillet 2017 11:27 À : [hidden email] Objet : Re:
>>>>> [Samba] Incompatibility Windows 7
>>>>> Mandi! Manon JEANJEAN via samba
>>>>   > In chel di` si favelave...
>>>>
>>>>> I'm still in these situation, a samba4 NT-like domains with
>>>>> windows 7 pro clients.
>>>>> The error reads : There are currently no log on servers available to
>>>>> service the log on request
>>>>> I'm hitting this also i, recurring but ''random''; apart
>>>>> effectively troubled box (eg, a box that boot bad, do an automatic
>>>>> rollback from a restore point and so lost the machine account) i
>>>>> hit errors like these, normally in twin with user password change
>>>>> troubles.
>>>>> Tipically it sufficies to look at windows updates, most of the
>>>>> time the box have some update stuck or half-installed, and so a
>>>>> windows update runnign and a reboot fix the trouble.
>>>>> All these sort of troubles start last autumn by the infamous
>>>>> KB3167679 update, that broke for a month or so NT domains.
>>>>
>>>>> Rowland, i've not set:
>>>>     Server max protocol = NT1
>>>>
>>>>   >but, as stated, these trouble are spot and random...
>>>>
>>>
>>>
>>
>>
>>
>
>



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Incompatibility Windows 7

Samba - General mailing list
In reply to this post by Samba - General mailing list
On 07/28/2017 3:30 PM, Sonic wrote:

> In case this helps here's some smb.conf parameters (many not at the
> defaults) being used in a shop where most clients are Windows 7 domain
> members. There is one XP domain member and also one NT4 Server domain
> member (was the original PDC) running Exchange 5.5. All systems work
> just superb. No changes to min/max protocols.
>
> The Samba member server (handles all file and print sharing):
> ================================
> server role = MEMBER SERVER
> security = domain
> smb ports = 445 139
> client ipc signing = Auto
> client signing = Auto
> server signing = Auto
> raw NTLMv2 auth = Yes
> ntlm auth = Yes
> wins server = <ip address of PDC>
> ================================
>
> The PDC (no file or print sharing, only a PDC running in an LXC):
> ================================
> server role = CLASSIC PRIMARY DOMAIN CONTROLLER
> security = user
> smb ports = 445 139
> raw NTLMv2 auth = Yes
> ntlm auth = Yes
> client use spnego = No
> wins support = yes
> ================================
>
> As you're not trying to support NT4 you may not need to go to the
> extremes I show, but it's nice to know it works.
>
> Both above are Samba 4.6.5 compiled from source running on Debian Stretch.
>
> In regards to the NT_STATUS_NO_LOGON_SERVERS error rejoining the
> domain from the afflicted servers may help. Also check that your WINS
> support is properly setup.
>
> Chris
Thanks for the input, Chris.  I will compare to your config file.

Rejoining the domain is not possible because when I try that, I get a
similar error message - failed to find DC for domain.  It seems that the
working and nonworking members are talking different languages.

Dale



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
12
Loading...