Difference between revisions of "Required Settings for Samba NT4 Domains"

(win2k8 update)
(share some of my configuration settings, they add a major improvement in domain login speed and allow to use samba as time server)
Line 44: Line 44:
  
 
--[[User:stwestbrook, Gd|Gd]] 15:47, 29 November 2009 (EDT)
 
--[[User:stwestbrook, Gd|Gd]] 15:47, 29 November 2009 (EDT)
 +
 +
 +
== Windows 7 Preformance and Time Registry settings ==
 +
 +
I want to share some of my configuration settings, they add a major improvement in domain login speed and allow to use samba as time server under Windows 7 Professional:
 +
 +
        echo 'Windows Registry Editor Version 5.00
 +
       
 +
        ; Win7_Samba3DomainMember
 +
        [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
 +
        "DNSNameResolutionRequired"=dword:00000000
 +
        "DomainCompatibilityMode"=dword:00000001
 +
       
 +
        ; Speedup settings
 +
        [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
 +
        "SlowLinkDetectEnabled"=dword:00000000
 +
        "DeleteRoamingCache"=dword:00000001
 +
        "WaitForNetwork"=dword:00000000
 +
        "CompatibleRUPSecurity"=dword:00000001
 +
       
 +
        ; Can drive you nuts
 +
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
 +
        "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
 +
       
 +
        unix2dos Win7_Samba3DomainMember_jelledj.reg
 +
 +
        echo '@echo off
 +
        echo.
 +
        echo WARNING: Do not close this window!!!
 +
        echo.
 +
        c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
 +
        echo.
 +
        echo WARNING: You may now close this window!!!
 +
        echo.' | tee SeSystemTimePrivilege_jelledj.bat
 +
       
 +
        unix2dos SeSystemTimePrivilege_jelledj.bat
 +
 +
        echo '@echo off
 +
        echo.
 +
        echo WARNING: Do not close this window!!!
 +
        echo.
 +
        "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
 +
        echo.
 +
        echo WARNING: You may now close this window!!!
 +
        echo.' | tee rktools_jelledj.bat
 +
       
 +
        unix2dos rktools_jelledj.bat
 +
 +
        echo '@echo off
 +
        echo.
 +
        echo WARNING: Do not close this window!!!
 +
        echo.
 +
        NET USE Y: /DELETE
 +
        NET USE Y: \\server\documenten /PERSISTENT:YES
 +
        NET TIME \\server /SET /YES
 +
        echo.
 +
        echo WARNING: You may now close this window!!!
 +
        echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
 +
       
 +
        unix2dos /srv/storage/samba/netlogon/netlogon.bat
 +
       
 +
        setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
 +
        chmod g+r /srv/storage/samba/netlogon/netlogon.bat
 +
       
 +
        cat /srv/storage/samba/netlogon/netlogon.bat
 +
        su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj
 +
 +
--[[User:Tuxcrafter|Tuxcrafter]] 15:12, 18 January 2011 (CST)

Revision as of 21:12, 18 January 2011

Samba versions supporting Windows7 Domain Logon

Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions:

  • Samba 3.4
  • Samba 3.3

We successfully tested Windows 7 Ultimate (Build 2600) with Samba 3.4.0 and Samba 3.3.7.


Windows 7 Registry settings

There are currently two registry settings required to be added on the Windows 7 client prior to joining a Samba Domain. These are:

        HKLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

Samba also ships with a registry patchfile that users can apply directly. The patchfile can be found in recent Samba sourcecode: $SOURCE/docs-xml/registry/Win7_Samba3DomainMember.reg or in Samba Bugzilla here: https://bugzilla.samba.org/attachment.cgi?id=4988&action=view

Make sure to either reboot Windows 7 or restart the LanmanWorkstation service after setting these entries.

You will receive one warning about DNS domain name configuration after the join has succeeded:

   "Changing the Primary Domain DNS name of this computer to "" failed.
    The name will remain "MYDOM".  The error was:
    
    The specified domain either does not exist or could not be contacted" 

This warning can be ignored or silenced with setting other registry keys.

Update: There is a hotfix available from Microsoft to address this, see this http://support.microsoft.com/kb/2171571 Knowledge Base article for details

Do not edit any other registry parameters (NETLOGON) that have been seen in the wild. If you have already modified your Windows 7 registry, please make sure to reset the keys to their default values.

If you have changed the NETLOGON Parameters, make sure and turn them back to '1' as shown below:

       HKLM\System\CCS\Services\Netlogon\Parameters
           DWORD  RequireSignOrSeal = 1
           DWORD  RequireStrongKey = 1


--Gd 15:47, 29 November 2009 (EDT)


Windows 7 Preformance and Time Registry settings

I want to share some of my configuration settings, they add a major improvement in domain login speed and allow to use samba as time server under Windows 7 Professional:

       echo 'Windows Registry Editor Version 5.00
       
       ; Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
       
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
       
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
       unix2dos Win7_Samba3DomainMember_jelledj.reg
       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat
       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat
       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj

--Tuxcrafter 15:12, 18 January 2011 (CST)