[Samba] Samba 3 PDC > 3.3.4 broken with Win 7 RTM
Allen Chen
achen at harbourfrontcentre.com
Mon Aug 10 09:53:32 MDT 2009
Ken Bass wrote:
> I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta.
>
> After searching the archives I modified the required registry settings
> listed in other emails. I upgraded my Samba from the stock Centos 5.3
> version to 3.3.7. Joining the domain worked, but I was unable to log
> in. I would get a 'Trust relationship denied' type error when trying
> to log in as a user of the domain. Everything works with XP/Vista.
>
> I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which
> says it was rolled into version 3.3.5 and relates to Microsoft/Samba
> interoperability actually broke stuff with the RTM or what.
>
> The error message from 3.3.7 I noticed with debug logging was:
>
> [2009/08/07 19:05:40, 0]
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555)
> _netr_ServerAuthenticate2: netlogon_creds_server_check failed.
> Rejecting auth request from client XX-PC machine account XX-PC$
> netr_ServerAuthenticate2: struct netr_ServerAuthenticate2
> out: struct netr_ServerAuthenticate2
> return_credentials : *
> return_credentials: struct netr_Credential
> data : 0000000000000000
> negotiate_flags : *
> negotiate_flags : 0x400041ff (1073758719)
> 1: NETLOGON_NEG_ACCOUNT_LOCKOUT
> 1: NETLOGON_NEG_PERSISTENT_SAMREPL
> 1: NETLOGON_NEG_ARCFOUR
> 1: NETLOGON_NEG_PROMOTION_COUNT
> 1: NETLOGON_NEG_CHANGELOG_BDC
> 1: NETLOGON_NEG_FULL_SYNC_REPL
> 1: NETLOGON_NEG_MULTIPLE_SIDS
> 1: NETLOGON_NEG_REDO
> 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
> 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
> 0: NETLOGON_NEG_GENERIC_PASSTHROUGH
> 0: NETLOGON_NEG_CONCURRENT_RPC
> 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
> 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
> 1: NETLOGON_NEG_128BIT
> 0: NETLOGON_NEG_TRANSITIVE_TRUSTS
> 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
> 0: NETLOGON_NEG_PASSWORD_SET2
> 0: NETLOGON_NEG_GETDOMAININFO
> 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS
> 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
> 0: NETLOGON_NEG_RODC_PASSTHROUGH
> 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
> 1: NETLOGON_NEG_SCHANNEL
> result : NT_STATUS_ACCESS_DENIED
After some testing, I got this:
Samba 3.3.6 + win 7 = can join domain, but can not login (after change
the 4 values of registry)
Samba 3.3.4 + win 7 = working (after change the 4 values of registry)
(LDAP is the backend)
Allen
More information about the samba
mailing list