I have an NT4 style domain running on Samba. With a new installation of 1803 Pro I am unable to join the PC to the domain. If I try I get a popup saying "An Active Directory Domain Controller (AD DC) for the domain XXXX could not be contacted". My 1709 machines have no problems joining the domain once SMB1.0 has been enabled in the Add/Remove Features part of Programmes and Settings, and the relevant registry keys have been set. Googling around I see it is the same for people who have an SBS2003 domain bot no solution. (SBS2003 went EoL 4 years ago.) Does anyone know a way round the issue? Changing to an AD domain is not an option.
SMB 1.0 has been enabled The problem seems to be it is looking for an AD DC rather than an old style PDC. The full detail of the message is: But this works with 1709. An SRV record should only be needed for AD. If I add the SRV record the message changes a bit but in essence is the same. Cannot find an AD DC. I just want it to find a PDC.
Still no luck for me. I have "Enable insecure guest logons" via gpedit and registry settings. I have the samba NT4 style domain controller set with "server max protocol=SMB2" BTW, did you know that is you connect to a SMB1 share you will not be able to open any sockets with the application on that share with win10 1803? I also have the following reg keys Code: Windows Registry Editor Version 5.00 ; ; ;[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters] ; Enable NT-Domain compatibility mode ; Default: ; [value not present] ; "DomainCompatibilityMode"=- ;"DomainCompatibilityMode"=dword:00000001 ; Disable required DNS name resolution ; Default: ; [value not present] ; "DNSNameResolutionRequired"=- ;"DNSNameResolutionRequired"=dword:00000000 ; Disable Mutual authentication, no Kerberos, can fall back to NTLMv2 ; Disable Integrity, SMB signing is not required ; Disable Privacy, no SMBv3 must be used ; Default: ; [value not present] ; "\\\\*\\netlogon"=- ;[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] ;"\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" ;; Domain Compatibility Mode and DNS Name Resolution [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword:00000000 "DomainCompatibilityMode"=dword:00000001 ;; Hardened Paths to access Netlogon Directory [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\netlogon"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" ;; Hardened Paths to access sysvol Directory [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\sysvol"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths] "\\\\*\\sysvol"="RequireMutualAuthentication=0,RequireIntegrity=0,RequirePrivacy=0"
Windows 10 could join the "Classic Domain" before version 1803. Even with smb1 enabled on 1803 you cannot join a classic domain now.
I think M$ is trying to force folks into upgrading or migrating away from such a legacy/insecure server based OS's/M$ Domain Controllers. Its not surprising to me at all that it eventually stop working. Time to upgrade. ~MC
There is a thread about it on samba's mailing list : hxxps://lists.samba.org/archive/samba/2018-May/215796.html It seems like M$ dropped the support for NT4-style domain from the 1803 upgrade. If you still want to use this kind of domain, you can revert back to windows 7, and use wufuc if your CPU is not supported.
Unfortunately it is the distro implementation that I use. Some rapid development work is going to be needed to get AD DC's to work in the distro because of the knockon effects on DNS and the user accounts.