[Samba] Windows 7 samba 4 domain join problem

jared.m.jacobson at L-3com.com jared.m.jacobson at L-3com.com
Thu Sep 12 16:09:03 MDT 2013 

Embarrassingly, it turns out that I had opened the wrong port for microsoft-ds (UDP port 445 instead of the TCP 445 it should be).  As soon as I corrected that, the workstation joined the domain just fine.

Jared



-----Original Message-----
From: Daniel Müller [mailto:mueller at tropenklinik.de] 
Sent: Tuesday, September 10, 2013 11:52 PM
To: Jacobson, Jared M @ CSG - CSW; samba at lists.samba.org
Subject: AW: [Samba] Windows 7 samba 4 domain join problem

No you do not need to change any registry settings with samba 4 and windows 7.
Is your dns working?
First of all on your linux box try a  smbclient -L localhost -U% Or more like this to be shure administrator is enabled and working:
[root at s4master ~]# smbclient  //s4master/netlogon -Uadministrator Enter administrator's password:
Domain=[TPLK] OS=[Unix] Server=[Samba 4.0.7]
smb: \> ls
  .                                   D        0  Fri Aug 23 08:16:23 2013
  ..                                  D        0  Fri Aug 23 11:14:25 2013

                65503 blocks of size 33553920. 65502 blocks available
smb: \>

If in any case it refuses you can try to enable "administrator":
samba-tool user enable administrator
or list all known users to be shure:
samba-tool user list

Good luck
Daniel







-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von jared.m.jacobson at L-3com.com
Gesendet: Dienstag, 10. September 2013 16:27
An: samba at lists.samba.org
Betreff: Re: [Samba] Windows 7 samba 4 domain join problem

Thanks for your help.

 

I tried configuring the Windows 7 registry settings listed here, even though it says it shouldn't be necessary for an Active Directory domain:
https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains.
The client acts exactly the same.

 

Are there other registry settings somewhere else, or is this some other problem?

 

Jared

 

From: luisforchesatto at gmail.com [mailto:luisforchesatto at gmail.com]
Sent: Friday, September 06, 2013 6:25 AM
To: Jacobson, Jared M @ CSG - CSW
Subject: Re: [Samba] Windows 7 samba 4 domain join problem

 

Greetings Jared. 

 

Let's start the troubleshoot with Win7. Normally you need to modofy it's registry to Win7 work with Samba. Was it done?

 

Att.

 

2013/9/5 <jared.m.jacobson at l-3com.com>

I stood up a samba 4 (4.0.9) Active Directory domain controller on a Red Hat Enterprise Linux 6.3 server, configured in accordance with the Samba AD DC HOWTO <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> , and tailored to the domain name I want.  I'm trying to join a Windows 7 Enterprise Edition client to the domain.  Windows responds with "Your computer could not be joined to the domain because the following error has occurred: The network path was not found."

 

I used wireshark to capture the message exchange.  ... here's a summary of the messages exchanged (C = Win 7 client, S = samba server, pretending client IP is 192.168.0.3, server IP is 192.168.0.4, server name is server, client name is client, and domain name is domain.name):



...

13.   C->S: CLDAP search request "<ROOT>" baseobject
a.       Filter: DnsDomain=domain.name && Host=CLIENT && User=CLIENT &&
AAC=80:01:00:00 && NtVer=0x20000016
b.      Attributes: netlogon
14.   S->C: CLDAP serchresentry
a.       Type: netlogon
b.      Opcode: LOGON_SAM_USER_UNKNOWN_EX

Based on this exchange, it looks like the Win 7 client is trying to use the username CLIENT (message 13) rather than the "Administrator"
username I put in when attempting to join the domain, and the server is rejecting that user because it doesn't know that user.

Is it normal for the Win 7 client to use the computer name for the username, here?  Did I miss something in the HOWTO?  Am I supposed to add the client computer name to the Active Directory before trying to join the domain?



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list