Koozali.org: home of the SME Server

Smeserver 10 and Windows 2012 server

Offline Raphaël

  • *
  • 38
  • +0/-0
Smeserver 10 and Windows 2012 server
« on: July 13, 2021, 07:31:48 PM »
Hello.

We have upgraded Smeserver from V9.2 to V10.
I cannot join a windows server 2012 r2, in workstation mode, to the sme10 domain.
No particular error, just that it doesn't want to.
I imported the reg samba, v7 (and v8 in case) but....
Any idea how to debug?
Thanks in advance.
Raphaël Larronde

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #1 on: July 13, 2021, 10:32:23 PM »
First I would ask you about your support for this particular OS.....

Do you have 'paid for' extended support?? If not then check the EOL dates.

Next please read about SMB3 (this applies to your other thread too) - that is NOT the same as Samba 3 or Samba 4.

https://docs.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-3-security-enhancements-in-windows-server-2012/ba-p/424221

And then as Koozali SME is based on CentOS 7 it might be worth a look at connecting your server to a CentOS 7 box.

https://www.linuxquestions.org/questions/linux-server-73/wins-server-2012-domain-controller-dns-server-in-centos-7-a-4175574373/

https://www.unixmen.com/setting-samba-primary-domain-controller-centos-7/

Note - none of this is guaranteed. I doubt anyone else here has the same OS to be able to test with. I don't even have a Windows 'Pro' Desktop with domain logon facilities!!

So you are probably going to have to do some legwork yourself.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #2 on: July 14, 2021, 09:00:46 AM »
Hello.
First of all, let me clarify that, like surely many other people in this forum, I am a Sme user, in my case as a domain controller for a school where I intervene on my free time.
I'm asking for a lead to help me and if it's not possible, well, it's not possible.
Thank you for yours links,  I will look at them carefully.
Precisions, Windows Server 2012 is an SME client in my case, not a domain controler
Sincerely.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #3 on: July 14, 2021, 09:43:22 AM »
Quote
I'm asking for a lead to help me and if it's not possible, well, it's not possible.

That's what we are trying to do, but as it is unlikely others have the same OS, which is probably unsupported in your case, it is really hard to say much in this instance. We don't have the code to test & replicate.

I have given you some leads but you'll have to do some reading yourself.

Some logs may help.

If you can see some errors then come back and tell us and we might be able to help a bit more.

Also, check the smeserver-wsdd contrib for network browsing.

I fully took on board the fact it is a server as a client. My point was I don't personally even have a 'stock' Windows desktop to test with, let alone a Windows server....!!
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #4 on: July 14, 2021, 12:29:01 PM »
Only have win10 home so cant help much...have no problems mapping drives and shares etc from my sme10 server, have wsdd installed on the server which helps..and smb1 is disabled on the win10 PC

Sorry thats all I have...
--
qui scribit bis legit

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #5 on: July 14, 2021, 09:08:01 PM »
Thank'd for all.
WIndows 10 and 7 join the domain without problems.
I continue my tests.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #6 on: July 14, 2021, 09:24:39 PM »
WIndows 10 and 7 join the domain without problems.

So seems definitely a W 2012 R2 issue.

Can you browse shares?

What do your Windows and SME logs tell you?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #7 on: July 14, 2021, 09:35:22 PM »
Thank'd for all.
WIndows 10 and 7 join the domain without problems.
I continue my tests.

The only thing I can think of then is to make sure 2012r2 SMB settings are per this MS doc

https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
--
qui scribit bis legit

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #8 on: July 14, 2021, 10:00:21 PM »
First, can you browse & connect?

SMB3 works....

Second, Domain Authent.....
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #9 on: July 15, 2021, 09:00:45 AM »
SMB1 is disabled
SMB3 is Ok
I can navigate in the network.
I'm going to test with a fresh install of Sme10, without restoring anything.
We will then see

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #10 on: July 15, 2021, 11:27:58 AM »
Sound like some funky issue with domain authent then.

You really need to check your Windows logs - the error will likely be in there. There may be something in the v10 logs too - you need to look.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #11 on: July 15, 2021, 12:17:54 PM »
Sound like some funky issue with domain authent then.

You really need to check your Windows logs - the error will likely be in there. There may be something in the v10 logs too - you need to look.

I've those error from the nas Synology when trying to join the domain (see the picture)
In the windows netsetup log it seems there's a problem of user Admin right.
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: Function exits with status of: 0x32

I continue to search
All the Debug Log :
07/15/2021 12:15:13:584 -----------------------------------------------------------------
07/15/2021 12:15:13:584 NetpValidateName: checking to see if 'SERVEURWIN' is valid as type 1 name
07/15/2021 12:15:13:584 NetpCheckNetBiosNameNotInUse for 'SERVEURWIN' [MACHINE] returned 0x0
07/15/2021 12:15:13:584 NetpValidateName: name 'SERVEURWIN' is valid for type 1
07/15/2021 12:15:13:630 -----------------------------------------------------------------
07/15/2021 12:15:13:630 NetpValidateName: checking to see if 'serveurwin' is valid as type 5 name
07/15/2021 12:15:13:630 NetpValidateName: name 'serveurwin' is valid for type 5
07/15/2021 12:15:13:646 -----------------------------------------------------------------
07/15/2021 12:15:13:646 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:13:709 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:13:709 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:20:990 -----------------------------------------------------------------
07/15/2021 12:15:20:990 NetpDoDomainJoin
07/15/2021 12:15:20:990 NetpDoDomainJoin: using current computer names
07/15/2021 12:15:20:990 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
07/15/2021 12:15:20:990 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
07/15/2021 12:15:20:990 NetpMachineValidToJoin: 'SERVEURWIN'
07/15/2021 12:15:20:990    OS Version: 6.3
07/15/2021 12:15:20:990    Build number: 9600 (9600.winblue_ltsb_escrow.210525-1607)
07/15/2021 12:15:20:990    SKU: Windows Server 2012 R2 Standard
07/15/2021 12:15:20:990    Architecture: 64-bit (AMD64)
07/15/2021 12:15:20:990 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
07/15/2021 12:15:20:990 NetpGetLsaPrimaryDomain: status: 0x0
07/15/2021 12:15:20:990 NetpMachineValidToJoin: status: 0x0
07/15/2021 12:15:20:990 NetpJoinDomain
07/15/2021 12:15:20:990    HostName: serveurwin
07/15/2021 12:15:20:990    NetbiosName: SERVEURWIN
07/15/2021 12:15:20:990    Domain: esh
07/15/2021 12:15:20:990    MachineAccountOU: (NULL)
07/15/2021 12:15:20:990    Account: esh\admin
07/15/2021 12:15:20:990    Options: 0x25
07/15/2021 12:15:20:990 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:20:990 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:20:990 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:20:990 NetpLoadParameters: status: 0x0
07/15/2021 12:15:20:990 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:21:052 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:21:052 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:21:052 NetpDsGetDcName: trying to find DC in domain 'esh', flags: 0x1020
07/15/2021 12:15:21:771 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:21:771 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:21:771 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:21:771 NetpLoadParameters: status: 0x0
07/15/2021 12:15:21:771 NetpDsGetDcName: found DC '\\SMESERVEUR' in the specified domain
07/15/2021 12:15:21:771 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
07/15/2021 12:15:21:771 NetpDisableIDNEncoding: using FQDN ESH from dcinfo
07/15/2021 12:15:21:771 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'ESH' succeeded
07/15/2021 12:15:21:771 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
07/15/2021 12:15:22:615 NetUseAdd to \\SMESERVEUR\IPC$ returned 50
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: Function exits with status of: 0x32
07/15/2021 12:15:22:615 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'ESH' returned 0x0
07/15/2021 12:15:22:615 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'ESH': 0x0
07/15/2021 12:15:22:615 NetpDoDomainJoin: status: 0x32
07/15/2021 12:15:22:630 -----------------------------------------------------------------
07/15/2021 12:15:22:630 NetpDoDomainJoin
07/15/2021 12:15:22:630 NetpDoDomainJoin: using current computer names
07/15/2021 12:15:22:630 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
07/15/2021 12:15:22:630 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
07/15/2021 12:15:22:630 NetpMachineValidToJoin: 'SERVEURWIN'
07/15/2021 12:15:22:630    OS Version: 6.3
07/15/2021 12:15:22:630    Build number: 9600 (9600.winblue_ltsb_escrow.210525-1607)
07/15/2021 12:15:22:630    SKU: Windows Server 2012 R2 Standard
07/15/2021 12:15:22:630    Architecture: 64-bit (AMD64)
07/15/2021 12:15:22:630 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
07/15/2021 12:15:22:630 NetpGetLsaPrimaryDomain: status: 0x0
07/15/2021 12:15:22:630 NetpMachineValidToJoin: status: 0x0
07/15/2021 12:15:22:630 NetpJoinDomain
07/15/2021 12:15:22:630    HostName: serveurwin
07/15/2021 12:15:22:630    NetbiosName: SERVEURWIN
07/15/2021 12:15:22:630    Domain: esh
07/15/2021 12:15:22:630    MachineAccountOU: (NULL)
07/15/2021 12:15:22:630    Account: esh\admin
07/15/2021 12:15:22:630    Options: 0x27
07/15/2021 12:15:22:630 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:22:630 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:22:630 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:22:630 NetpLoadParameters: status: 0x0
07/15/2021 12:15:22:630 NetpValidateName: checking to see if 'esh' is valid as type 3 name
07/15/2021 12:15:22:709 NetpCheckDomainNameIsValid [ Exists ] for 'esh' returned 0x0
07/15/2021 12:15:22:709 NetpValidateName: name 'esh' is valid for type 3
07/15/2021 12:15:22:709 NetpDsGetDcName: trying to find DC in domain 'esh', flags: 0x1020
07/15/2021 12:15:22:880 NetpLoadParameters: loading registry parameters...
07/15/2021 12:15:22:880 NetpLoadParameters: status: DNSNameResolutionRequired set to '0'
07/15/2021 12:15:22:880 NetpLoadParameters: status: DomainCompatibilityMode set to '1'
07/15/2021 12:15:22:880 NetpLoadParameters: status: 0x0
07/15/2021 12:15:22:880 NetpDsGetDcName: found DC '\\SMESERVEUR' in the specified domain
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
07/15/2021 12:15:22:880 NetpDisableIDNEncoding: using FQDN ESH from dcinfo
07/15/2021 12:15:22:880 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'ESH' succeeded
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
07/15/2021 12:15:22:880 NetUseAdd to \\SMESERVEUR\IPC$ returned 50
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: status of connecting to dc '\\SMESERVEUR': 0x32
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: Function exits with status of: 0x32
07/15/2021 12:15:22:880 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'ESH' returned 0x0
07/15/2021 12:15:22:880 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'ESH': 0x0
07/15/2021 12:15:22:880 NetpDoDomainJoin: status: 0x32


Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #12 on: July 15, 2021, 03:14:52 PM »
Have a really good search and read on this error:

Quote
NetpJoinDomainOnDs: Function exits with status of: 0x32

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation


Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #14 on: July 15, 2021, 05:33:58 PM »
Following this site https://www.beyondtrust.com/docs/ad-bridge/how-to/troubleshoot/domain-join/index.htm I have an error in returning SRV records.
By doing the command nslookup -q=srv _ldap._tcp. ADdomainToJoin.com
 - I get an error (see attachment)
 - Error similar to the one on a Synology NAS (see the other attachment)

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Windows 2012 server
« Reply #15 on: July 16, 2021, 05:28:19 AM »
SME 10 does not implement Active Directory. hence you can only use SME as a standalone samba server or need to enable nt1 protocol and max server protocol to nt1 to use nt4 style PDC. which is not encouraged as nt1 aka smb1 aka cifs  is deprecated.

if you need AD DC you need to configure your own samba server and then you can use SME as secondary server. 

a lot of the work to implement AD DC is available in bug tracker but has not made it for different reasons.
The most prevalent is lack of work force for doing the final
implementation, but few issues were also encountered like a major security one: losing posix ACL in SME samba if it was the AD DC while supported as a domain member, when no support for windows ACL is available in linux filesystems leading to different permissions to access to the same file depending if you access from samba, http, ftp, ssh or locally.

one workaround is to set you samba ad dc in a docker instance or a side vm and sme as domain member
« Last Edit: July 16, 2021, 05:34:02 AM by Jean-Philippe Pialasse »

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #16 on: July 16, 2021, 10:23:20 AM »
Bonjour Jean-Pierre.
Thanks for the clarification, I understand better why it does not and cannot work as it is.

Offline gieres

  • *
  • 213
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #17 on: July 16, 2021, 07:00:53 PM »
Bonjour Raphaël,
C'est Jean-Philippe !
Jean-Pierre, c'est quelqu'un d'autre...
Bonne fin de semaine.

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #18 on: July 17, 2021, 12:39:06 PM »
Oups.
Désolé  :-?

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Windows 2012 server
« Reply #19 on: July 22, 2021, 02:54:40 PM »
Hello.
I solved my problem, following the topic of Jean-Philippe.
By allowing the SMB1 protocol, no other simple solution for the moment.
Thank's.