TO SAY AS OF MAI 2015
There are two way to get Windows 8 into a NETBIOS/samba3 dot style domain.
- Join Windows 7 and upgrade to 8/8.1 – works perfectly.
2a. second method is basically tampering with DNS name resolution temporarily in the network interface settings. There’s a link down in the comments. I can confirm Havrlas method works fine. 🙂 thanks again
2b. for now just an idea, but what about just stopping the DNS-Client in Computer/Manage/Services … haven’t tried that yet, but I will on the next occasion, if it comes before migrating to S4AD.
EDITED JULY 16, 2013
former post name: Windows 8 failing to join certain Samba domains
Usually, Windows 8 can indeed easily be integrated into classic Samba environments, say improved NT4 domains. And, yes, Microsoft has indeed dropped native NT4 support and deliberately developed some sort of compatibility mode to support Samba, it seems.
To enable Samba 3 domain membership, three registry keys have to be changed by the user, whereof we already know two from Windows Seven. The first one, named DomainCompatibilityMode, is quite obvious by it’s name, though its name doesn’t exactly imply how that works. The second one, DNSNameResolutionRequired, is to a lesser degree obscure, but still, its name doesn’t tell us for what exactly DNS names do or do not need to be resolved (sure, DNS is needed to find AD DCs, but that can’t be the whole truth about this regkey). The third one is new since Windows 8, and it’s a rather rude one. It’s a change in the Workstation Service dependencies which results in SMB2 support being disabled as a whole. This requirement results from shortcomings in the SMB2 support in Samba 3.6. While SMB2 support in Samba is considered helpful for Windows 7, it is not compatible to Windows 8’s more advanced implementation. This is at least the case when connecting to a DC, resulting in two options, which are to turn off SMB2 either on the server side (“max protocol = nt1”) or on the client side via the described registry key change.
The whole set of registry changes is available here as a .reg file ready to import with regedit.exe (take care to save with Windows line endings when using too much Unix). Have a look at the respective areas in your registry after importing the file. I have added the original value of DependOnService next to the changed one to facilitate restoring later. It’s a multi value key. Don’t mess it up, as that would keep the Workstation Service from starting, resulting in a loss of access to all network shares.
This works for most Samba 3 domains, but unfortunately, it doesn’t for all. Should you be so unlucky to run a domain which (perhaps more than a decade ago) had been chosen to include a dot in its name, well, either some smart guy comes up with another bald workaround, or for now, as it looks like, you’re lost. Period.
How’s that possible, I wondered for while, then remembered the two distinct error messages resulting from failing attempts to join and tried again using two inexistent names, one with dots and one without. And that’s it – failing to join an inexistent domain containing a dot, I’m getting told the DC cannot be discovered using DNS, quite clearly, while the attempt to join an inexistent domain named without a dot tells me the DC weren’t found, plus the hint, that this name looks like a legacy domain name.
My conclusion is, Microsoft did some cleanup and has dropped some portions of code that were there to detect what kind of domain we are dealing with, and because this information is needed in a pretty early stage of the joining procedure, they instead derive it from the users input, assuming that names containing a dot are usually to be considered DNS resolvable and therefore a typical AD environment, whereas plain names are most likely NETBIOS names.
As this assumption is not always true, we must say, it looks like Windows 8 will not be able to join certain classic Samba domains whos names are not following the naming conventions underlying the assumptions codified inside Microsoft’s Windows 8 network stack, unless somebody finds a way to override looking for Active Directory domains if the Domain name does contain one or more dots.
EDIT: GOOGLED LINKS AS OF JULY 16
Summary: no solution in sight yet.