tms3 at tms3.com
2010-Jun-17 17:01 UTC
[Samba] Adding Domain User Accounts to Windows 7 Clients (Samba3.4.8 PDC)
SNIP> > > Does anybody have any ideas?I've run into this. It's a real bear. I've found that a proper WINS setup is very useful, but more important is to find out what is going on during the wire transactions. Google the appropriate one of these tools for your platform: NM33_x64.exe NM33_x86.exe install it and see what's occuring during the transactions. Post THE RELEVANT stuff and I might be able to parse it (post 100's of lines of stuff and I probably won't bother looking at it). Cheers,> > > > Thanks, > Bryan Walton > > On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: >> >> Hi, >> >> I've searched the logs and google trying to find a fix for my problem >> and have so far not succeeded. >> >> I've got a Samba PDC (Debian Lenny), running Samba 3.4.8 from Debian >> Backports. It is using an OpenLdap backend. We have encountered >> little >> to no problems over the last several years. And of course, we have to >> upgrade to Windows 7 (64-bit), from XP-64. So, here we are. >> >> Following the wiki here: http://wiki.samba.org/index.php/Windows7 I >> have >> made the registry changes mentioned on this page. >> >> I can successfully join the Windows 7 client to our Samba PDC. >> Furthermore, domain users are able to login, by using the following >> syntax: domain\username and password. Finally, users are able to >> access >> domain shares without difficulty. >> >> However, I am unable to successfully add domain user accounts to the >> client. When I attempt this, I receive the following error: >> >> "The user could not be added because the following error has occurred: >> >> The trust relationship between the workstation and the primary domain >> failed." >> >> Can anybody help pinpoint my error? >> >> My samba PDC logs show the following: >> >> Jun 15 12:11:31 nishnabotna smbd[2746]: [2010/06/15 12:11:31, 0] >> auth/auth_sam.c:355(check_sam_security) >> Jun 15 12:11:31 nishnabotna smbd[2746]: check_sam_security: >> make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' >> Jun 15 12:11:32 nishnabotna smbd[2746]: [2010/06/15 12:11:32, 0] >> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) >> Jun 15 12:11:32 nishnabotna smbd[2746]: _netr_ServerAuthenticate3: >> netlogon_creds_server_check failed. Rejecting auth request from client >> CALLENDER machine account CALLENDER$ >> >> And perhaps to state the obvious, the user I'm attempting to add does >> exist on the network. By the way, I'm getting this error when trying >> to >> add ANY domain user account to Windows 7 clients. >> >> I would appreciate any input you might offer. >> >> Thanks, >> Bryan Walton >> >> -- >> Bryan K. Walton Division of Physiologic Imaging >> Systems Administrator University of Iowa Hospitals and Clinics >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
tms3 at tms3.com
2010-Jun-17 17:04 UTC
[Samba] Adding Domain User Accounts to Windows 7 Clients (Samba3.4.8 PDC)
SNIP> > > On Thu, Jun 17, 2010 at 12:54 PM, Walton, Bryan K > <bryan-walton at uiowa.edu> wrote: >> >> Does anybody have any ideas? >> > > I precreate my machine accounts via LAM > (http://www.ldap-account-manager.org/) and that seems to work. I have > had a little of the NT_STATUS_NO_SUCH_USER for machine accounts but I > think I have that solved.Ah, good point. If you are using smbldap_tools, what version?> > > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
tms3 at tms3.com
2010-Jun-17 22:29 UTC
[Samba] Adding Domain User Accounts to Windows 7 Clients (Samba3.4.8 PDC)
> > --- Original message --- > Subject: Re: [Samba] Adding Domain User Accounts to Windows 7 > Clients (Samba3.4.8 PDC) > From: "Walton, Bryan K" <bryan-walton at uiowa.edu> > To: <samba at lists.samba.org> > Date: Thursday, 17/06/2010 2:53 PM > > On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: >> >> >> However, I am unable to successfully add domain user accounts to the >> client. When I attempt this, I receive the following error: >> >> "The user could not be added because the following error has occurred: >> >> The trust relationship between the workstation and the primary domain >> failed." > > Hi everybody, thanks for your replies. I've found the problem, I > believe, and have a work around. About 15 minutes ago, I stumbled > across > this web page: > > http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7d0bb953-3514-4475-8f00-5f624f5f6b00 > > As it turns out, a "new feature" of Windows 7 is that you cannot > directly add domain users as local users. Instead, you must add > desired > domain users to local groups, achieving the desired result. I have > verfied that this works without difficulty. > > In the past, I was able to add domain user acocunts as local accounts, > but it appears that Microsoft no longer allows this with Windows 7.Ummm, no that is incorrect. If you would like I will send you a screen shot. This method you describe is what I've used to admin W2K3 member servers to a Samba3-LDAP domain. As long as it works...> > > > Thanks again, > Bryan > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba