I'm trying to motivate a clean install Windows 10 (1903) to join the Domain, setup in a clean installed and updated ClearOS system.
I did the registry trick
(reg file)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\NETLOGON"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
"\\\\*\\SYSVOL"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
"\\\\{TESTDOMEIN}\\netlogon"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
I added SMB 1.0 support
But still Windows says the Domain can't be found.
To be sure, I added the settings and the windows process in the png's.
Am I making some newby mistake? Or does this thing not work anymore?
The world wide google gives mixed information about this.
I just want to use this to logon the clients and use the flexshares. Preferably without SMB1 btw.
I did the registry trick
(reg file)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
"\\\\*\\NETLOGON"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
"\\\\*\\SYSVOL"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
"\\\\{TESTDOMEIN}\\netlogon"="RequireMutualAuthentication=0, RequireIntegrity=0,RequirePrivacy=0"
I added SMB 1.0 support
But still Windows says the Domain can't be found.
To be sure, I added the settings and the windows process in the png's.
Am I making some newby mistake? Or does this thing not work anymore?
The world wide google gives mixed information about this.
I just want to use this to logon the clients and use the flexshares. Preferably without SMB1 btw.
Share this post:
Accepted Answer
From the Add a Windows Workstation to a Samba Domain HowTo, you are missing two registry changes. Those are the two key ones. The ones you have just allow logon scripts to work. There should be no need to enable SMB1.
Also, in the last registry change you listed you should remove the braces round TESTDOMEIN.
Also, in the last registry change you listed you should remove the braces round TESTDOMEIN.
Responses (2)
-
Accepted Answer
Your home share automatically maps, I believe. For the rest you have to use a login script. That is not quite so easy as you need some sort of "memberof" comand to test for group memberships. There used to be one available from the Microsoft SDN but I don't think it has been around for years. You can google for solutions. Remember that once a user has mapped his shares and checked the "Reconnect at sign-in" box, the shares will map for evermore. IIRC, the logon command should be placed in /var/samba/netlogon/. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »