I'm running a PDC on Samba 3.60. Just freshly upgraded it from Samba 3.028a with the purpose of supporting Windows 7. However though all the existing users and computers are running fine, I'm stumped trying to join a new Windows 7 machine to it. I have applied the DomainCompatibility registry fix. When I try to join a Windows 7 workstation I will get this message : The join operation was not successful. This could be because an existing computer account having the name "NOTREALNAME" was previously created using a different set of credentials. Use a different computer name, or contact your administrator to remove any stale conflicting account. Access is denied.
On Tue, Aug 16, 2011 at 02:52:49PM +0800, John Huong wrote:> I'm running a PDC on Samba 3.60. Just freshly upgraded it from Samba > 3.028a with the purpose of supporting Windows 7. However though all > the existing users and computers are running fine, I'm stumped trying > to join a new Windows 7 machine to it. I have applied the > DomainCompatibility registry fix. > > When I try to join a Windows 7 workstation I will get this message : > > > The join operation was not successful. This could be because an > existing computer account having the name "NOTREALNAME" was previously created > using a different set of credentials. Use a different computer name, or > contact your administrator to remove any stale conflicting account. > > Access is denied.Please send a full debug level 10 log of smbd during this attempt together with a network trace and your smb.conf file, even if the data is large. See http://wiki.samba.org/index.php/Client_specific_Log and http://wiki.samba.org/index.php/Capture_Packets. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
Strange I believe the user already had the rights. Anyway will run the suggested command and try again. On Thu, Aug 18, 2011 at 4:10 PM, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:> On Thu, Aug 18, 2011 at 03:34:47PM +0800, John Huong wrote: >> Ok here are the files. > > [2011/08/18 15:09:32.136554, 10] rpc_server/samr/srv_samr_nt.c:3678(can_create) > ?STELLA-PC$ does not exist, can create it > [2011/08/18 15:09:32.136583, ?5] rpc_server/samr/srv_samr_nt.c:3772(_samr_CreateUser2) > ?_samr_CreateUser2: acmesupport can add this account : False > > You need to assign "acmesupport" the privilege to join > machines: > > net sam rights grant acmesupport SeMachineAccountPrivilege > > should do it. > > Volker > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen >
Ok it works. However I find it strange that Windows 7 does not automatically allow the Domain Admins group to run administrative tasks although I can see Domain Admins is listed under the Administrators group of the Windows 7 PC. Had to assign the individual admin users to be under the Administrators group. On Thu, Aug 18, 2011 at 4:22 PM, John Huong <jahuong at gmail.com> wrote:> Strange I believe the user already had the rights. Anyway will run the > suggested command and try again. > > On Thu, Aug 18, 2011 at 4:10 PM, Volker Lendecke > <Volker.Lendecke at sernet.de> wrote: >> On Thu, Aug 18, 2011 at 03:34:47PM +0800, John Huong wrote: >>> Ok here are the files. >> >> [2011/08/18 15:09:32.136554, 10] rpc_server/samr/srv_samr_nt.c:3678(can_create) >> ?STELLA-PC$ does not exist, can create it >> [2011/08/18 15:09:32.136583, ?5] rpc_server/samr/srv_samr_nt.c:3772(_samr_CreateUser2) >> ?_samr_CreateUser2: acmesupport can add this account : False >> >> You need to assign "acmesupport" the privilege to join >> machines: >> >> net sam rights grant acmesupport SeMachineAccountPrivilege >> >> should do it. >> >> Volker >> >> -- >> SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen >> phone: +49-551-370000-0, fax: +49-551-370000-9 >> AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen >> >
On Fri, Aug 19, 2011 at 4:58 PM, John Huong <jahuong at gmail.com> wrote:> Ok it works. However I find it strange that Windows 7 does not > automatically allow the Domain Admins group to run administrative > tasks although I can see Domain Admins is listed under the > Administrators group of the Windows 7 PC.UAC? If you disable it, does it work? -- natxo