Unable to join a domain with windows 7 beta1

[Larry Velez]

This may be completely off base here, but I noticed that Windows 7 has a concept of different classifications for the networks you connect to.  It seems to default to an 'untrusted/unknown' type which allows only "local access" to the network, which seems to mean communication on your own subnet only.

I have noticed one behavior that seems to be a bug where the wireless connection on a laptop will default back to 'local access only' after a reboot even if it is manually set correctly.

I'm thinking that there is a chance that this new "security" subsystem might be misidentifying the samba server as 'not local', or worse that it only trusts Windows machines.

Just throwing some ideas out there for troubleshooting.


----- Original Message -----
From: samba-technical-bounces+larry=sinu.com at lists.samba.org <samba-technical-bounces+larry=sinu.com at lists.samba.org>
To: samba-technical at lists.samba.org <samba-technical at lists.samba.org>
Sent: Tue Jan 13 22:50:51 2009
Subject: Re: Unable to join a domain with windows 7 beta1


I'm getting the exact same results.  The message says,
'The following error occurred attempting to join the domain "xxx":

The specified domain either does not exist or could not be contacted'

At first I thought this was due to stricter security policy defaults in
Windows 7, but after setting these to the same values as the XP clients that
have no problem, it still fails.  The policy items I was playing with were:
Domain member: Require strong (Windows 2000 or later) session key
Microsoft network client: Send unencrypted password to connect to
third-party SMB servers

Samba server is 3.2.7-0.23.fc9 on Fedora 9.  Client is Windows 7 Beta build
7000.

It's strange because I'm not even getting any hits in the samba logs when
the client tries to join, so it appears that it's not even making it to
smbd, but it is definitely resolving the DC name correctly because if I type
in an incorrect value for the Domain field in the client and try to join,
the error is different.


Jouko Markkanen-2 wrote:
>
>>> What is the error message it gives ?
>  >
>> unfortunalty I didn't notice the error code. After that I broke my system
>> as
>> I tried to update to the latest version of samba4 from Debian
>> experimental
>> and I'm not able to reproduce the error right now.
>>
>> I have no time to investigate further atm but as soon as I have some free
>> time I will try to repair my s4 install and redo the tests with win7.
>
> I have the same problem too, maybe I can provide some additional
> information.
>
> First, about the environment:
> I ran into it while trying to join a Win7 beta (build 7000)  clien to
> the samba 3.0 domain I'm running at home, and recreated the same
> situation with a clean lab environment. I tried first with an Ubuntu
> 8.04 and distro provided samba packages (3.0.28) and then with Ubuntu
> 8.10 and it's samba 3.2.3. The server is running in the same subnet (ie.
> broadcast domain) as the Win7 client.
>
> What happens:
> When I try to join the domain, windows asks for domain admin
> credentials, which I enter. Then it pauses for a while, and gives an
> error: "The following error occurred attempting to join the domain
> "TESTDOM": The specified domain either does not exist or could not be
> contacted."
>
> What I've tried:
> The error message gave an idea that there is something wrong with name
> resolution. This, however does not seem to be the problem. nbtstat -c
> shows correct entries for <1B> and <1C> name type for the domain (with
> the samba server's ip). I even tried to put them to LMHOSTS as #PRE and
> enable LMHOSTS lookups (or it was enabled by default), and added the
> DC's name entry too, but that didn't help.
> By capturing packets on the network (I couldn't open Olivier's dump as I
> don't have wireshark/pcap installed on the laptop I'm currenlty on) I
> could see that windows starts with a DNS query for AD ldap server (SRV
> record), and get's a negative response from DNS. Then it does the NBT
> name resolution, and gets answered. After that it does a SMB logon
> request (to both the samba server's unicast as well as subnet broadcast
> addresses) with null username, and gets "user unknown" response. After
> that, it does a SMB logon request using WIN7$ username (the computer's
> hostname is WIN7), and gets a success. Then it starts all over from the
> DNS query and goes thru all for the second time, and stops.
>
> I have also tried the FAQ replies for how to join a Vista client
> (allowing NTLMv1), but that didn't help (althought I haven't needed
> those with vista clients either with current samba versions).
>
> - J
>
>
>

--
View this message in context: http://www.nabble.com/Unable-to-join-a-domain-with-windows-7-beta1-tp21422605p21450874.html
Sent from the Samba - samba-technical mailing list archive at Nabble.com.