Required Settings for Samba NT4 Domains
Samba versions supporting Windows7 Domain Logon
Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions:
- Samba 3.4
- Samba 3.3
We successfully tested Windows 7 Ultimate (Build 2600) with Samba 3.4.0 and Samba 3.3.7.
Windows 7 Registry settings
There are currently two registry settings required to be added on the Windows 7 client prior to joining a Samba Domain. These are:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Samba also ships with a registry patchfile that users can apply directly. The patchfile can be found in recent Samba sourcecode: $SOURCE/docs-xml/registry/Win7_Samba3DomainMember.reg or in Samba Bugzilla here: https://bugzilla.samba.org/attachment.cgi?id=4988&action=view
Make sure to either reboot Windows 7 or restart the LanmanWorkstation service after setting these entries.
You will receive one warning about DNS domain name configuration after the join has succeeded:
"Changing the Primary Domain DNS name of this computer to "" failed.
The name will remain "MYDOM". The error was:
The specified domain either does not exist or could not be contacted"
This warning can be ignored or silenced with setting other registry keys.
Update: There is a hotfix available from Microsoft to address this, see this http://support.microsoft.com/kb/2171571 Knowledge Base article for details
Do not edit any other registry parameters (NETLOGON) that have been seen in the wild. If you have already modified your Windows 7 registry, please make sure to reset the keys to their default values.
If you have changed the NETLOGON Parameters, make sure and turn them back to '1' as shown below:
HKLM\System\CCS\Services\Netlogon\Parameters
DWORD RequireSignOrSeal = 1
DWORD RequireStrongKey = 1
--Gd 15:47, 29 November 2009 (EDT)
Windows 7 Preformance and Time Registry settings
I want to share some of my configuration settings, they add a major improvement in domain login speed and allow to use samba as time server under Windows 7 Professional:
echo 'Windows Registry Editor Version 5.00
; Win7_Samba3DomainMember
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
; Speedup settings
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001
; Can drive you nuts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
unix2dos Win7_Samba3DomainMember_jelledj.reg
echo '@echo off
echo.
echo WARNING: Do not close this window!!!
echo.
c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
echo.
echo WARNING: You may now close this window!!!
echo.' | tee SeSystemTimePrivilege_jelledj.bat
unix2dos SeSystemTimePrivilege_jelledj.bat
echo '@echo off
echo.
echo WARNING: Do not close this window!!!
echo.
"C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
echo.
echo WARNING: You may now close this window!!!
echo.' | tee rktools_jelledj.bat
unix2dos rktools_jelledj.bat
echo '@echo off
echo.
echo WARNING: Do not close this window!!!
echo.
NET USE Y: /DELETE
NET USE Y: \\server\documenten /PERSISTENT:YES
NET TIME \\server /SET /YES
echo.
echo WARNING: You may now close this window!!!
echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
unix2dos /srv/storage/samba/netlogon/netlogon.bat
setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
chmod g+r /srv/storage/samba/netlogon/netlogon.bat
cat /srv/storage/samba/netlogon/netlogon.bat
su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj
--Tuxcrafter 15:12, 18 January 2011 (CST)