Required Settings for Samba NT4 Domains

From SambaWiki
Revision as of 15:34, 9 July 2015 by Mmuehlfeld (talk | contribs) (Mmuehlfeld moved page Registry changes for NT4-style domains to Required settings for NT4-style domains: Renaming document, to better reflect settings for joining NT4 domains (Win10 also requires a smb.conf change))

When do I need Registry changes?

Samba usually doesn't require any changes on your Windows OS.

So please read very carefully on the sections below why and when you should do them!

If your situation or problem isn't mentioned here, then it's highly recommented to NOT do any registry changes!



Joining to a Samba NT4-style domain

This changes are only necessary if you want to join a Windows7 and later or Server 2008 and later to a Samba NT4-style domain!

It's not required and not recommended if you run Samba as AD DC!

If you try to join any of the mentioned OS you'll encounter an error

The following error occourred attempting to join the domain „.....“:

The specified domain either does not exist or could not be contacted.

The following registry change work with any Samba version that isn't already discontinued:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]

"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

Do the changes manually in regedit.exe or save the above in a plain text file with Notepad/Editor (not Word/Wordpad/OpenOffice/LibreOffice/...!) and name it sambafix.reg. Make sure, that the file has the ending .reg. Then you can import it directly to your registry by double-clicking, if you have the sufficient permissions.

After the next reboot you can join the machine to your domain, but you may still encounter an error:

Changing the Primary Domain DNS name of this computer to "" failed. The name will remain ".....".
The error was:

The specified domain either does not exist or could not be contacted

But this error can safely be ignored or, if you run Windows 7, silenced by a hotfix, that was published by Microsoft: KB2171571: You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain.



IMPORTANT: Registry changes that should never be done!

There are many pages on the internet, which suggest to change the values of RequireSignOrSeal and RequireStrongKey. This is NOT recommended by the Samba team, as it will break interoperability with other Windows and Samba versions!

If you have already changed these parameters, turn them back to 1 as shown below and reboot:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CCS\Services\Netlogon\Parameters]

"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001