I'm trying to set up Samba as a PDC for some Win7 clients, and could use
some help. I can successfully join the domain, with the message "Changing
the primary domain DNS name of this computer to "" failed.", but
I am still
told that it was successful.
However, when I try to log in, I am told "The trust relationship between
this workstation and the primary domain failed". Looking in
/var/log/samba/pi-69.log, I see:
[2010/05/06 08:45:45, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$
[2010/05/06 08:45:45, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$
Trying:
smbpasswd -x pi-69$
userdel -r pi-69$
useradd pi-69$
smbpasswd -a -m pi-69$
does no good.
Client has :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
?RequireSignOrSeal?=dword:00000000
?RequireStrongKey?=dword:00000000
and
[HKLM\System\CCS\Services\LanmanWorkstation\Parameters]
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Config/specs:
Samba version 3.4.7-58.fc12
Widows 7 64-bit professional clients
smb.conf:
[global]
netbios name = PinnacleFS
workgroup = PinnacleDom
logon drive= P:
logon home = \\PinnacleFS\%u
locking = yes
server string = PDC
hosts allow=10.0.0.0/255.255.255.0
load printers = no
log file = /var/log/samba/%m.log
security=user
encrypt passwords=yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 128
domain master = yes
prefered master = yes
domain logons = yes
logon script = login.bat
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mode = 0700
directory mode = 0700
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
browseable = no
guest ok = yes
create mode = 0700
directory mode = 0700
default case = lower
case sensitive = no
[Apps]
path=/home/apps
force user=apps
force group=apps
On Thu, 2010-05-06 at 08:59 -0600, Steve Wolfe wrote:> > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon > \Parameters] > ?RequireSignOrSeal?=dword:00000000 > ?RequireStrongKey?=dword:00000000on my win2008 server joined to samba domain these are ...01
The samba wiki tolds to only modify DomainCompatibilityMode and DNSNameResolutionRequired keys : http://wiki.samba.org/index.php/Windows7 Le 06/05/2010 16:59, Steve Wolfe a ?crit :> I'm trying to set up Samba as a PDC for some Win7 clients, and could use > some help. I can successfully join the domain, with the message "Changing > the primary domain DNS name of this computer to "" failed.", but I am still > told that it was successful. > > However, when I try to log in, I am told "The trust relationship between > this workstation and the primary domain failed". Looking in > /var/log/samba/pi-69.log, I see: > > [2010/05/06 08:45:45, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client PI-69 machine account PI-69$ > [2010/05/06 08:45:45, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting > auth request from client PI-69 machine account PI-69$ > > Trying: > > smbpasswd -x pi-69$ > userdel -r pi-69$ > useradd pi-69$ > smbpasswd -a -m pi-69$ > > does no good. > > Client has : > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] > ?RequireSignOrSeal?=dword:00000000 > ?RequireStrongKey?=dword:00000000 > > and > > [HKLM\System\CCS\Services\LanmanWorkstation\Parameters] > DWORD DomainCompatibilityMode = 1 > DWORD DNSNameResolutionRequired = 0 > > Config/specs: > > Samba version 3.4.7-58.fc12 > Widows 7 64-bit professional clients > > smb.conf: > [global] > netbios name = PinnacleFS > workgroup = PinnacleDom > logon drive= P: > logon home = \\PinnacleFS\%u > locking = yes > server string = PDC > hosts allow=10.0.0.0/255.255.255.0 > load printers = no > log file = /var/log/samba/%m.log > security=user > encrypt passwords=yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = yes > os level = 128 > domain master = yes > prefered master = yes > domain logons = yes > logon script = login.bat > dns proxy = no > > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template shell = /bin/false > winbind use default domain = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > create mode = 0700 > directory mode = 0700 > > # Un-comment the following and create the netlogon directory for Domain > Logons > [netlogon] > comment = Network Logon Service > path = /home/netlogon > guest ok = yes > writable = no > share modes = no > [Profiles] > browseable = no > guest ok = yes > create mode = 0700 > directory mode = 0700 > default case = lower > case sensitive = no > > [Apps] > path=/home/apps > force user=apps > force group=apps >-- Bastien Semene Administrateur R?seau& Syst?me Cyanide Studio - FRANCE
Doh! Thank you. Setting those back fixed the problem. On Thu, May 6, 2010 at 9:10 AM, Evan Ingram <evan.ingram at cariss.co.uk>wrote:> On Thu, 2010-05-06 at 08:59 -0600, Steve Wolfe wrote: > > > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon > > \Parameters] > > ?RequireSignOrSeal?=dword:00000000 > > ?RequireStrongKey?=dword:00000000 > > on my win2008 server joined to samba domain these are ...01 > >