Strong, Steve
2011-Jul-22 18:45 UTC
[Samba] windows 7 clients complain that the trust relationship with the server has failed
I'm running my samba 3.5.9 server on CentOS 5.x. Windows 7 clients can add
themselves to the domain, and local users on the client can map network drives
(even ones they don't have access to and modify the contents!!!) and net
view and net use commands work, but give the user too much access. XP clients
can add themselves to the domain, authenticate users correctly and apply correct
access rules to shared directories on the server.
I know this is a known issue and I've found several reputable sites on the
web that suggest making the same set of changes to the Windows 7 registry:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
HKLM\System\CCS\Services\Netlogon\Parameters
DWORD RequireSignOnSeal = 0
DWORD RequireStrongKey = 0
below is my smb.conf file (and thanks!)
steve
ps: I'm also open to general advise regarding my samba configuration...
#======================= Global Settings ====================================
[global]
workgroup = cs.mtmercy.edu
server string = Mount Mercy CS Lab Samba Server -- Version = %v
netbios name = GRACE
log file = /var/log/samba/%m.log ;not in original
version
max log size = 50
;not in original version
passdb backend = tdbsam
security = user
interfaces = lo eth0 10.9.1.6/21
hosts allow = 127. 10.9.
encrypt passwords = yes
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -d /dev/null -s
/bin/false -g machines %u
logon drive = H:
domain logons = yes
os level = 255
preferred master = yes
domain master = yes
local master = yes
#======================= Share Definitions ====================================
password server = grace.cs.mtmercy.edu
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = false
[netlogon]
comment = network logon service
path = /var/lib/samba/netlogon/scripts
browseable = No
read only = No
[Profiles]
comment = Roaming Profile Share
path = /usr/lib/samba/profiles
read only = No
browseable = No
guest ok = Yes
profile acls = Yes
[homes]
comment = home directories
browseable = no
writeable = yes
[printers]
comment = all printers
path = /usr/spool/samba
printable = yes
browseable = yes
guest ok = yes
writable = no
printable = yes
[common]
comment = read only directory for cs resources
path = /usr/share/common
public = yes
writeable = no
printable = no
write list = @faculty, @csfaculty
TAKAHASHI Motonobu
2011-Jul-22 20:05 UTC
[Samba] windows 7 clients complain that the trust relationship with the server has failed
From: "Strong, Steve" <sstrong at mtmercy.edu> Date: Fri, 22 Jul 2011 13:45:38 -0500 (snip)> I know this is a known issue and I've found several reputable sites on the web that suggest making the same set of changes to the Windows 7 registry: > > HKLM\System\CCS\Services\LanmanWorkstation\Parameters > DWORD DomainCompatibilityMode = 1 > DWORD DNSNameResolutionRequired = 0 > > HKLM\System\CCS\Services\Netlogon\Parameters > DWORD RequireSignOnSeal = 0 > DWORD RequireStrongKey = 0No, only under HKLM\System\CCS\Services\LanmanWorkstation\Parameters should be set . See https://wiki.samba.org/index.php/Windows7 . --- TAKAHASHI Motonobu <monyo at samba.gr.jp>