Hi We have been trying with Samba 3.0.14a as well 3.0.25b to join longhorn server (latest version - June CTP longhorn version). We have configured Smb.conf with security = DOMAIN and we couldnt able to join longhorn. We also have tried with Samba 3.0.25b where we got the same result. Here are the smb.conf parameters used for Domain join [global] unix charset = LOCALE workgroup = LONGHORN2 netbios name = Samba3025 encrypt passwords = yes server string = Samba 3... security = DOMAIN password server = 172.168.7.77 #auth methods = ntdomain username map = /etc/samba/smbusers log level = 10 syslog = 0 log file = /var/log/samba/%m max log size = 50 Printcap name = CUPS local master = no stat cache = no kernel oplocks = no oplocks = no level2 oplocks = no default devmode = yes printing = cups map to guest = Never use spnego = yes client use spnego = No server signing = Auto client signing = Auto [SambaShare] comment = SambaShare path = /home/SambaShare writable = yes printable = no create mask = 0777 guest ok = yes guest only = yes posix locking = no oplocks = no level2 oplocks = no admin users = Administrator We can able to join 2K server both in Samba3.0.14a as well 3.0.25b. Kindly help us the reason for the failure of joining longhorn domain.
Hi, Are there any special conf parameter to be added for Samba joining Longhorn server? In longhorn, ntlmv2 is the default security level...Are there any issues with this security level? Kindly tell us whether anything missed out in the mentioned smb.conf parameter values for joining Samba to Longhorn server in security = DOMAIN.
I've the same problem here with Samba 3.0.28 and 3.2-test. Trying to join Windows 2008 Standard Edition RC1 leads to the interesting error "NT_STATUS_DOWNGRADE_DETECTED" after entering the administrator credentials. Setup with Samba on Debian Sarge and a new Windows Server 2008 RC1 installation. I've added the output of "net rpc join", the smb.conf and a network sniff.
Created attachment 3051 [details] used smb.conf
Created attachment 3052 [details] network sniff
Created attachment 3053 [details] debug level 10 output of net rpc join
Created attachment 3055 [details] sniff: domain join windows nt 4.0 sp6 workstation tried to join the win2008 ad from Windows NT 4.0 SP6 Workstation with success, but the domain user cannot login (sniff follows)
Created attachment 3056 [details] sniff: tried to logon with a domain user from win nt 4 sp6 after the successful domainjoin and rebooting the win nt 4.0 client I tried to login with a domain user. this times out and the message appears that the DC is not available...
Okay, thanks for those sniffs. NT4 and Samba stumble over the same thing: The Auth2 call gives this new error message. NT4 does not try this before the login attempt. I wonder if there's some security setting in 2008 server that allows "downlevel" domain connects. Furthermore, would 2008 allow our SamLogon (i.e. wbinfo -a) if we are joined as "security=ads"? Volker
recent samba versions can work as domain members. closing as fixed.