Tue Apr 26 13:47:46 ICT 2016

Preparing Windows 7 to join Samba 3

A Windows 7 workstation cannot join a domain controled by Samba 3 without some initial preparation work. The following relaxes some of the security features introduced in Windows 7.
  1. Edit the group policy: In Computer/Windows Settings/Security Settings/Local Policies/Security Options:
    • set Network Security: LAN Manager Auth. Level to Send LM&NTLM use NTLMv2 session sec. if negociated;
    • unchek Required 128b encryption for both Network Security: Minimum session... clients and server.
  2. Open the registry editor and modify the following (or save the following code in a .reg file and double-click it):
    Windows Registry Editor Version 5.00
    
    ; Win7/Samba 3.4.x - Workstation Share
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lanmanserver\parameters]
    "AutoShareWks"=dword:00000001
    
    ; Win7/Samba 3.4.x - Compat
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lanmanworkstation\parameters]
    "DNSNameResolutionRequired"=dword:00000000
    "DomainCompatibilityMode"=dword:00000001
    ; AllowPlain ....
    ; RequireSecuritySignature"=dword:00000000
    
    ; Win7/Samba 3.4.x - Compat
    ; http://us.generation-nt.com/answer/samba-rejecting-auth-request-client-xxx-machine-account-win7-help-206090182.html#206092242
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netlogon\parameters]
    "DisablePasswordChange"=dword:00000001
    "RequireSignOrSeal"=dword:00000001
    "RequireStrongKey"=dword:00000001
    
    ;Turn off last user logged in stuff.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "dontdisplaylastusername"=dword:00000001
    
    ;Disable the security center stuff annoyances
    ; [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
    ; "Start"=dword:00000003
    
    ; Speedup settings
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
    "SlowLinkDetectEnabled"=dword:00000000
    "DeleteRoamingCache"=dword:00000001
    "WaitForNetwork"=dword:00000000
    "CompatibleRUPSecurity"=dword:00000001
    
    ; Can drive you nuts
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=dword:00000000
    "LocalAccountTokenFilterPolicy"=dword:00000001
    
    ;Stupid keys that make the windows 7 sysprep crap out.
    [HKEY_LOCAL_MACHINE\SYSTEM\Setup]
    "RestartSetup"=dword:00000000
    "SetupType"=dword:00000000
    "SystemSetupInProgress"=dword:00000000
    "SetupPhase"=dword:00000000
    "CmdLine"=""
    "OOBEInProgress"=dword:00000000
    

Posted by Olivier | Permanent link | File under: administration, samba, ms_windows