Koozali.org formerly Contribs.org

Contribs.org Forums => SME Server 9.x => Topic started by: wires12 on June 24, 2018, 12:36:10 AM

Title: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 24, 2018, 12:36:10 AM
I know this issue has been touched on in other threads but to the best of my ability has not been resolved.

Following the (out of date) instructions at https://wiki.contribs.org/Windows_10_Support to join a W10 client to a SME 9.2 server acting as a domain controller gives a flat out That domain couldn't be found. Check the domain name and try again error.

Going the more useful way of using Control Panel (type control panel in the search box next to the start box and press enter) the error message from the System section, Computer name, domain, and workgroup settings is more helpful.

An Active Directory Domain Controller (AD DC) for the domain s106 could not be contacted.

The details are:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name "s106" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "s106":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.s106

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.106.1

- One or more of the following zones do not include delegation to its child zone:

s106
. (the root zone)


This is apparently related to Windows update 1803. Not updating isn't really an option going forward and loss of domain functionality is a deal killer for me. I'll have to find another server solution if I can't join W10 machines to a stable version of SME as a domain controller. Hopefully I'm overlooking something, but if that something exists it should be described on the Wiki Windows_10_Support page.

What to do?

TIA!
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 24, 2018, 01:09:31 AM
Unless you go back to an earlier version of Win10 and don't run any updates until they solve it just have to wait for Mt MS to fix it, this does no just effect SME9.2 or linux for that matter.

https://social.technet.microsoft.com/Forums/en-US/59183715-0c04-44f7-b5ea-bb37da4125a5/unable-to-join-domain-with-new-windows-10-computers-build-1803?forum=win10itpronetworking

Read down to the reply on the 21 Jun by Karen_Hu
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 24, 2018, 01:24:30 AM
this does no just effect SME9.2 or linux for that matter.

So distributions with newer versions of Samba have the same problem?
Title: Re: W10 will not connect to SME 9.2 domain
Post by: Daniel B. on June 24, 2018, 02:06:11 AM
In fact, you only need 1709 or earlier to join the domain. Once joined, you can update to 1803 without problem. The problem is on windows' side. It's not clear yet if MS will fix it.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 24, 2018, 05:39:30 AM
In fact, you only need 1709 or earlier to join the domain. Once joined, you can update to 1803 without problem. The problem is on windows' side. It's not clear yet if MS will fix it.

Thank you!

While I have not tested this solution the problem will likely reoccur when one needs to leave the domain and rejoin in order to fix a broken relationship. Just managing a couple of hundred machines requires this step several times a year. Many times performed remotely. What then? Reinstall W10?

My concern is that M$ has no reason to fix this. Quite the contrary. If this pushes people to adopt the latest WINDOWS SERVER BAZILLION GOLD EDITION it's a win for them.

Not knowing all the stuff that goes on under the hood I assume SME 9.2 is running Samba 3.6. I wonder if Samba 4 suffers the same issue? If not and SME wants to stay relevant I'd imagine time is short to get Samba 4 implemented. Samba 4 has been out 6-7 years. I don't know the SME user base but I'd find it amazing if most SME servers don't have Windows clients and if those networks have more than 4-5 machines don't use domain logins. Unless I'm very wrong this is a big issue that is just starting to come to most user's attention.

I have to replace several networks this year and hoping M$ solves the problem or having to play upgrade games is not an option. I love the functionality of SME but lacking this capability it won't be viable for my customers. I hope there is a fix or a suggestion for a new/different distro. What I, and I'd assume many, really need is domain logins, SMB shares, backup and user management. Roaming profiles are a plus. I have a hard time believing that in 2018 many are using the "Internet Appliance" features like router, web server, email server and the like. In my experience those roles have moved to dedicated devices and the Cloud for security and enhanced functionality.

I have had to make painful transitions in server technology before as companies failed or software didn't keep up. I hope this is not another of those times. Compounding the problem this time will be that I'll have to replace the server OS on all the servers I manage instead of rotating through them as their replacement cycle comes up. I truly hope this will not to be the resolution of this problem. I really like SME and don't want to have to change!
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 24, 2018, 09:37:41 AM
Yes it does affect Smaba4. Plenty of discussions around re the issue.

eg nearest and dearest:  https://www.clearos.com/clearfoundation/social/community/windows-10-issue-with-samba-domains-and-filesharing-in-clearos
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 24, 2018, 05:34:03 PM
Yes it does affect Smaba4. Plenty of discussions around re the issue.

eg nearest and dearest:  https://www.clearos.com/clearfoundation/social/community/windows-10-issue-with-samba-domains-and-filesharing-in-clearos

Thanks for the link! Very interesting and helpful!

However unless I'm missing something it does not seem to make the point of Samba 4 not being a solution moving forward. Indeed that seems to be the path they are taking. From the top post; I am afraid ClearOS 6.x will not support a direct solution for Windows 1803 joining the Samba domain as 6.x only supports samba 3.x. ... The developers are currently working on a solution for ClearOS 7.x which runs samba 4.x. It *may* be possible to then use another box running 7.x as the directory server but the migration path but the upgrade path is currently uncertain.

Currently I'm testing the options on the Windows side outlined in the fine link you provided (would have been nice to have something like that here but I understand the difference between paid and not) and a CentOS 7 + Samba 4 installation and using Windows tools for user management.

I understand that Samba 4 is a big leap and it's entanglements with LDAP, DNS and the like will cause problems for many "Internet Appliance" parts of SME and it's brethren. Having made the trek from Netwinder then Cobalt Cube I understand the appeal of a all in one box but I haven't seen anyone use that functionality in years. Amazingly good routers are inexpensive, capable and give a extra layer of security. Email has become so complex and dangerous that hosting it on a file server containing your IP and users is a bit insane. So where does that leave a product like SME? Are people still using it as a router and email server on the same instance as file sharing and user management?

To me, and I'd assume many others, a file sharing, user management (domains) box with backup that could have some plugins for other tasks would be a wonderful thing.

Sorry if this is a bit far afield but when the road turns in an unexpected way you sometimes have to reevaluate the path.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on June 24, 2018, 05:56:34 PM
Some form of Samba 4 would be in SME v10

Note there is big difference between standard file sharing et al as per Samba 3.x/4.x and the full Samba 4 + AD support.

Converting to S4 'as is' should not be that difficult. Running it as AD is... see the bug tracker for Gregs efforts in that direction. Full AD means a major rewrite of a large amount of code.

A few other points of note... we hadn't tested updating to Samba 4 on v9 as there were no packages available. RHEL finally built some for RHEL 6/SME v9 later last year I think. They have tested so check on the W10 issues... again see the bug tracker.

It would probably be possible to properly update to these on v9 (see the bug tracker) but it won't fix the W10 issue which is of M$s own making (and yes I'm sure they are making lots if $$$$ out of this little mistake!)

Yes it would be great to have v10 + Samba 4 + other goodness, but it needs time, bodies and lots of help.

Regrettably lots of people say we should do this that or the other, but when we ask for them to pitch in they never seem to have time or experience (we really need you time... we can help you with experience)

Personally I use SME for all sorts. Email, web, files, voip server, media etc. Real servers, VMs and cloud VMs, but have the benefit of having dumped Windows clients years ago. Best decision I ever made :-)

So, if you want to continue using SME please come and help and make it the distro you want.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: janet on June 24, 2018, 07:32:55 PM
wires12

Also see this
https://forums.contribs.org/index.php/topic,53631.0.html
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on June 24, 2018, 07:45:49 PM
Also look at these:

https://bugs.contribs.org/buglist.cgi?quicksearch=samba%204&list_id=86169

And this on integrating Samba 4 + AD

https://wiki.contribs.org/SAMBA_4_-_Misc_Development_Topics

In simple terms there are now Samba 4 rpms for standard file sharing available for SME v9, but this won't fix the W10 problem which is due to a bug in W10 leaving us as helpless as anyone else.

There has been work done on integrating full fat Samba 4 + AD into SME v10 by Greg but it still needs a mahoosive amount of work.

Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 24, 2018, 07:59:27 PM
Thank you Reet and Janet! I had looked at the Samba4 for SME 9.x thread before posting but there is new info there! I'll be reading more!

Meanwhile time to roller skate!
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on June 24, 2018, 08:07:24 PM
I hope you and others do take an interest, and actively join in. Nothing will happen if you don't......

Moving to the basic Samba 4 probably won't be a big issue.

However, there could be huge benefits from the full AD version, but that requires a lot of work and some serious "under the hood" changes.

However, amongst lots of other stuff, full AD has issues with properly supporting LDAP. Another can of worms ! Could be a long road.... :-)

There is more in the devinfo mailing archives.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 27, 2018, 04:37:25 PM
Looks like Mr MS has been hard at it..see last comment and latest update

https://social.technet.microsoft.com/Forums/windows/en-US/4c2a029b-327a-4ad7-a2ce-7bd4fcc25226/windows-10-after-update-1803-odbc-sql-server-connect-problem?forum=win10itprogeneral

2018-06 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4284848)

Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 28, 2018, 05:03:07 PM
I installed the KB4284848 update on a 1803 updated machine. I had great hopes but unless I'm missing something the update was no help for the W10 will not connect to SME 9.2 domain problem. The error message in the thread starter remains the same.

Attempts to clear the error include:
* Set fixed IPv4 address on the client PC with the SME server as secondary DNS
* Added SME server IP address to WINS tab in Advanced TCP/IP Settings
* Set network to private
* Turned on network discovery
* Turned off firewall
* Reboots and waiting

Has anyone had success with this update?
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 29, 2018, 12:07:22 AM
Nope, fail. Clean install of a 1803 iso to a prox VM, was only able to map a drive, shared ibay on a 9.2 box after entering credentials.

Updated with all updates including the latest and greatest, behaviour not changed, same error message as you have shown.

SMB1 is now back and can be activated from the Turn Windows Features on or off, once done its back to the 1709 behaviour, not what you are after but small mercies.

Above is all with standard sme9.2, will also have a whirl with a samba4 setup (not holding breath)

Time to visit the local hardware store and buy a big hammer.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on June 29, 2018, 12:26:05 AM
Time to visit the local hardware store and buy a big hammer.

I can send you one! I have a box full...
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on June 29, 2018, 12:45:02 AM
Box full of spanners here  :lol: :lol: :lol:

http://www.distrowatch.org/

Whilst I watch you lot enjoy the pleasures of Windoze, I'm having a :pint:

(Sorry - nothing like kicking your friends when they are down.....)
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 29, 2018, 12:47:38 AM
You always were an old barstard :-)  meant in the nicest Oz way :-)
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on June 29, 2018, 01:03:19 AM
You always were an old barstard :-)  meant in the nicest Oz way :-)

Not even a bar could keep me standing right now :lol:

Hugs
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on June 29, 2018, 11:45:41 AM
Win10 1803 latest updates, as is, network browsing is problamatic as is doesn't work, doesn't list a sme9.2 or sme10a3 servers that are on network, am able to map network drives both sme9.2 and my win10home with a shared folder, unable to connect to a sme10a3 server


Win10 1803 latest update, enable smb1 and accessing sme9.2 shares and sme10 shares no problems, browsing networks also appears to be functioning.

So basicly new update solves some issues but win10 is still basicly borked :-)

Title: Re: W10 will not connect to SME 9.2 domain
Post by: jwmw on July 06, 2018, 12:25:49 PM
In conclusion (today 6. July 2018):

correct?
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on July 06, 2018, 12:36:52 PM
In conclusion (today 6. July 2018):
correct?

Unless M$ comes out with another update, and cant see why they wouild, thats it.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on September 08, 2018, 08:12:21 PM
Unless M$ comes out with another update, and cant see why they wouild, thats it.

Yep, that is it for me.

It looks like I'll have some legacy SME boxes out for the next couple of years. But moving forward my next round of deployment is Synology NAS boxes. FreeNAS was a close runner up but the interface is quite complex and one has to use M$ tools for users, groups and shares where that is integrated into the Synology DSM web interface. We will save a few $$$ since for most of our deployments the Synology hardware is cheaper than the servers we were building.

To move forward in this segment Active Directory is a must. I wish I could wait for SME 10 but that ship has sailed for now.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on September 08, 2018, 08:35:59 PM
Regrettably that will be the same for many users, especially in enterprise where M$ is ubiquitous.

Tony Greg and I saw this coming a several years back and we pushed hard to try and get S4 integrated into SME (so it is properly click and go). You can see all the work he did. It was phenomenal, and few know just how complicated it was and how much time he put into it.

However, he needed help, and decisions were needed on some core changes that needed to happen (DNS & other stuff)

Neither were forthcoming and he stopped work, mainly through frustration.

What a waste.

Regrettably, due to his work and other things in his life, he won't be doing any more. Even worse, he knows S4 better than anyone round here.

Unfortunately some of the lack of help was interwound with the disruption caused by a certain user, which meant several people kept right out of the way.

The upshot is that, IMHO, the absence of S4 AD is the effective final stab in the heart of SME.

Tony Greg and I thought it was a great opportunity to push SME forward at a time when we were told several times it was 'impossible' (we first looked not long affer the first S4 code came out) Greg proved them wrong (the core actually works and he did it first - we believe some of his code was actually forked and used elsewhere) but the world passed us by.

Maybe one day I'll write a chapter in my memoirs about all this :-)

Sad days.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: wires12 on September 08, 2018, 09:04:42 PM
It is sad.

I feel like I have done what i could, donate and assist to the limits of my abilities. But for most of my time SME just worked. It enabled me to focus on the places I could add value to my client's endeavors.

It sounds like barring a miracle SME joins those other worthy private and community efforts that have pushed Linux into the workplace and the lives of many but faded too soon. Netwinder, Cobalt, Net Integrator, Celestix, Freesco and the list goes on. I remember seeing boxed E-Smith software at the local CompUSA store...

I'd like to thank you, Tony, Greg and the rest of the community for your efforts. S4 was a big climb and that you got close is an accomplishment. After dealing with some of the piss poor implementations during my search "proper click and go" is still elusive. Hopefully some of that forked genius will show up somewhere!
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on September 08, 2018, 09:45:22 PM
Yup... been a lot of faithful supporters and it feels tragic to let them down. I feel helpless and hugely frustrated.

Greg was the coder. Tony & I just beat him up about it :-)

The core stuff all worked but really it needed some core SME design changes.

There is nothing to stop it being developed.... time and effort. But active devs are rare now. That annoying user singlehandedly lost us a lot of momentum, and good people who didn't need the arguments over nothing.

TBH it breaks my heart. I'm lucky that I don't need AD so it bothers me not. However, I know how important it is for many.

I've even been trying to help out messing with a S4 docker image on SME to see if we can find any temporary solutions. I've even used  a Window 7 VM to test with (10 was a step to far).... talk about selling my soul :-)

No idea where things will go now.

Anyone who wants to play Windows & S4 let me know. I have a docker image you can install on SME and mess with.

Title: Re: W10 will not connect to SME 9.2 domain
Post by: SchulzStefan on September 12, 2018, 02:24:11 PM
Is there a linux distro out there, where a WIN10 client is able to connect (incl. AD) to a domain of the tux machine?

I'm not a programmer nor a specialist. So, hopefully nobody gets me wrong while posting and asking, if this is already known. Additionally I'm not quite sure, if this matches the point.

https://social.technet.microsoft.com/Forums/en-US/59183715-0c04-44f7-b5ea-bb37da4125a5/unable-to-join-domain-with-new-windows-10-computers-build-1803?forum=win10itpronetworking

and:

https://gallery.technet.microsoft.com/Windows-1803-Unable-to-6a546929
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on September 12, 2018, 07:24:54 PM
Is there a linux distro out there, where a WIN10 client is able to connect (incl. AD) to a domain of the tux machine?

Undoubtedly.

Any Linux distro that can run full Samba 4 with AD enabled should work.

The problem is if you find something that has an easy set up like SME, will it be open source/free?

The issue is configuration.....  not for the faint hearted.

SME does not have a problem with Samba 4 itself per se, but making it work automagically with everything else is another story.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: SchulzStefan on September 14, 2018, 09:33:24 PM
Yes - the topic is "connecting WIN10 to SME9.2". I didn't set up a SME9.2 in a virtual Box but I believe, this guide could work also for the latest WIN10 build and for a SME9.2 server. Anyway, I could manage to add the WIN10-Workstation to an SME10 workgroup and I'm able to connect ibays to the workstation. Not working is the AD.

Here's what I followed/did:

1. Took the alpha3 SME10 iso

2. Grabbed the last i386 test-iso from M$ which is Build 17134.rs4_release.180410-1804

3. In virtualbox (host archlinux) I installed two guests. SME with two nics (one bridged, one intnet), the WIN10 with one nic and intnet. No promiscous mode anywhere.

4. In the SME-box I followed this: https://wiki.contribs.org/Windows_10_Support#notes_about_Window_10_and_SME_Server_10:

config setprop smb ServerMaxProtocol NT1
expand-template /etc/smb.conf
service smb restart

The server is configured as Server and Gateway, Workgroup and Domain Controller is enabled, Roaming profiles are off. There's a test user, a group and an ibay.

5. I did not use any registry-patch from the SME side.

6. I installed WIN10 with a different user as the test user in the SME box. The user is per default a WIN10 admin. I disabled any firewall.

7. I followed this: https://www.schkerke.com/wps/2015/06/windows-10-unable-to-connect-to-samba-shares/

and:

8. https://www.linuxliteos.com/forums/network/can%27t-access-samba-shares-from-windows-10-client/
The latest build of WIN10 offers only two boxes to tick.

After re-booting the WIN10 workstation I was able to connect to the ibay as an SME user and also to add the WIN10 box to the workgroup of the SME10 server. The file-explorer of WIN10 shows correctly the SME server by the name of the server, the home of the user by the users name and the Primary ibay. Drive mapping of the ibay is working as expected.

Maybe it helps someone. Maybe all this is already known... I couldn't find information to this in one piece.

regards,
stefan

Edit: Sorry if the post is displaced, please move it to a better forum/sub-forum.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on September 14, 2018, 09:47:54 PM
Stefan,

Your first point was 'is there a distro out there....' which I answered.

Second, the thread was actually really about domain logons to SME 9.x, not just browsing which I believe is still possible with SMB 1 installed on Windows.

Third, your test was on SME 10, not 9 as per the topic which you quoted.....

You are comparing chalk and cheese :-)

Title: Re: W10 will not connect to SME 9.2 domain
Post by: SchulzStefan on September 15, 2018, 09:27:51 AM
Stefan,

Your first point was 'is there a distro out there....' which I answered.

Second, the thread was actually really about domain logons to SME 9.x, not just browsing which I believe is still possible with SMB 1 installed on Windows.

Third, your test was on SME 10, not 9 as per the topic which you quoted.....

You are comparing chalk and cheese :-)

Yes - I you're right. I was in a kind of tunnel  8) Therefore I suggest to move this to a more appropriate place in the forum. I didn't want to hijack the thread, sorry.

BTW I read in several different forums, that the last WIN10 update makes even a samba4 server invisible in the network. I saw this behaviour in the setup of my VM enviroment. The registry patch for WIN10 didn't help. So, maybe it helps at least to connect WIN10 to a samba server and get to the data.
Title: Re: W10 will not connect to SME 9.2 domain
Post by: ReetP on September 15, 2018, 10:21:43 AM
No worries :-)

If you have definitive links on a Samba 4 issue post them if they are relevant.

I'm not convinced a S4 server becomes invisible !!!!
Title: Re: W10 will not connect to SME 9.2 domain
Post by: john56 on October 04, 2018, 04:25:32 PM
After several weeks, i find how to join a domain with the last windows 10.
I've use a registry modification to do it.

Here it is : AllowSingleLabelDnsDomain.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"DisablePasswordChange"=dword:00000000
"MaximumPasswordAge"=dword:0000001e
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  6e,00,65,00,74,00,6c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"SignSecureChannel"=dword:00000001
"Update"="no"
"AllowSingleLabelDnsDomain"=dword:00000001

Title: Re: W10 will not connect to SME 9.2 domain
Post by: Daniel B. on October 04, 2018, 04:49:20 PM
AllowSingleLabelDnsDomain Shouldn't be needed and doesn't fixe NT domain joining. The issue is fixed by KB4458469
Title: Re: W10 will not connect to SME 9.2 domain
Post by: TerryF on October 05, 2018, 12:23:01 AM
Yes, latest MS updates and Feature update seem to have returned functionality for SME9.2, a sme10 install can be seen but no login offered. More testing needed