I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta.
After searching the archives I modified the required registry settings
listed in other emails. I upgraded my Samba from the stock Centos 5.3
version to 3.3.7. Joining the domain worked, but I was unable to log in.
I would get a 'Trust relationship denied' type error when trying to log
in as a user of the domain. Everything works with XP/Vista.
I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which
says it was rolled into version 3.3.5 and relates to Microsoft/Samba
interoperability actually broke stuff with the RTM or what.
The error message from 3.3.7 I noticed with debug logging was:
[2009/08/07 19:05:40, 0]
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555)
_netr_ServerAuthenticate2: netlogon_creds_server_check failed.
Rejecting auth request from client XX-PC machine account XX-PC$
netr_ServerAuthenticate2: struct netr_ServerAuthenticate2
out: struct netr_ServerAuthenticate2
return_credentials : *
return_credentials: struct netr_Credential
data : 0000000000000000
negotiate_flags : *
negotiate_flags : 0x400041ff (1073758719)
1: NETLOGON_NEG_ACCOUNT_LOCKOUT
1: NETLOGON_NEG_PERSISTENT_SAMREPL
1: NETLOGON_NEG_ARCFOUR
1: NETLOGON_NEG_PROMOTION_COUNT
1: NETLOGON_NEG_CHANGELOG_BDC
1: NETLOGON_NEG_FULL_SYNC_REPL
1: NETLOGON_NEG_MULTIPLE_SIDS
1: NETLOGON_NEG_REDO
1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
0: NETLOGON_NEG_GENERIC_PASSTHROUGH
0: NETLOGON_NEG_CONCURRENT_RPC
0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
1: NETLOGON_NEG_128BIT
0: NETLOGON_NEG_TRANSITIVE_TRUSTS
0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
0: NETLOGON_NEG_PASSWORD_SET2
0: NETLOGON_NEG_GETDOMAININFO
0: NETLOGON_NEG_CROSS_FOREST_TRUSTS
0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
0: NETLOGON_NEG_RODC_PASSTHROUGH
0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
1: NETLOGON_NEG_SCHANNEL
result : NT_STATUS_ACCESS_DENIED
Ken Bass wrote:> I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta. > > After searching the archives I modified the required registry settings > listed in other emails. I upgraded my Samba from the stock Centos 5.3 > version to 3.3.7. Joining the domain worked, but I was unable to log > in. I would get a 'Trust relationship denied' type error when trying > to log in as a user of the domain. Everything works with XP/Vista. > > I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which > says it was rolled into version 3.3.5 and relates to Microsoft/Samba > interoperability actually broke stuff with the RTM or what. > > The error message from 3.3.7 I noticed with debug logging was: > > [2009/08/07 19:05:40, 0] > rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) > _netr_ServerAuthenticate2: netlogon_creds_server_check failed. > Rejecting auth request from client XX-PC machine account XX-PC$ > netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 > out: struct netr_ServerAuthenticate2 > return_credentials : * > return_credentials: struct netr_Credential > data : 0000000000000000 > negotiate_flags : * > negotiate_flags : 0x400041ff (1073758719) > 1: NETLOGON_NEG_ACCOUNT_LOCKOUT > 1: NETLOGON_NEG_PERSISTENT_SAMREPL > 1: NETLOGON_NEG_ARCFOUR > 1: NETLOGON_NEG_PROMOTION_COUNT > 1: NETLOGON_NEG_CHANGELOG_BDC > 1: NETLOGON_NEG_FULL_SYNC_REPL > 1: NETLOGON_NEG_MULTIPLE_SIDS > 1: NETLOGON_NEG_REDO > 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL > 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC > 0: NETLOGON_NEG_GENERIC_PASSTHROUGH > 0: NETLOGON_NEG_CONCURRENT_RPC > 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL > 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL > 1: NETLOGON_NEG_128BIT > 0: NETLOGON_NEG_TRANSITIVE_TRUSTS > 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS > 0: NETLOGON_NEG_PASSWORD_SET2 > 0: NETLOGON_NEG_GETDOMAININFO > 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS > 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION > 0: NETLOGON_NEG_RODC_PASSTHROUGH > 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS > 1: NETLOGON_NEG_SCHANNEL > result : NT_STATUS_ACCESS_DENIEDAfter some testing, I got this: Samba 3.3.6 + win 7 = can join domain, but can not login (after change the 4 values of registry) Samba 3.3.4 + win 7 = working (after change the 4 values of registry) (LDAP is the backend) Allen
Hi, I am looking forward to successfully join and logon a Windows 7 RTM to a Samba 3 domain. After a little googling and experimenting I came to conclusion that only version 3.3.4 of samba can accept such clients : - http://www.1stbyte.com/2009/05/31/join-windows-7-to-samba-pdc/ - http://ubuntuforums.org/showthread.php?t=1225500 Furthermore, Microsoft seems to have broken even compatibility with their own NT4 server: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8b4dd460-dd57-41da-b541-6933cd4d2531?prof=required&wa=wsignin1.0 In the meantime I have tested with 3.4.0, 3.3.6, 3.2.5 and 3.3.4 - only 3.3.4 successfully allowed logons. Something must have regressed right after 3.3.4. Thank you, Costin Gusa