[Samba] Samba 3 PDC > 3.3.4 broken with Win 7 RTM

Allen Chen achen at harbourfrontcentre.com
Mon Aug 10 09:53:32 MDT 2009 

Ken Bass wrote:
> I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta.
>
> After searching the archives I modified the required registry settings 
> listed in other emails. I upgraded my Samba from the stock Centos 5.3 
> version to 3.3.7. Joining the domain worked, but I was unable to log 
> in. I would get a 'Trust relationship denied' type error when trying 
> to log in as a user of the domain. Everything works with XP/Vista.
>
> I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which 
> says it was rolled into version 3.3.5 and  relates to Microsoft/Samba 
> interoperability actually broke stuff with the RTM or what.
>
> The error message from 3.3.7 I noticed with debug logging was:
>
> [2009/08/07 19:05:40,  0] 
> rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555)
>  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. 
> Rejecting auth request from client XX-PC machine account XX-PC$
>      netr_ServerAuthenticate2: struct netr_ServerAuthenticate2
>          out: struct netr_ServerAuthenticate2
>              return_credentials       : *
>                  return_credentials: struct netr_Credential
>                      data                     : 0000000000000000
>              negotiate_flags          : *
>                  negotiate_flags          : 0x400041ff (1073758719)
>                         1: NETLOGON_NEG_ACCOUNT_LOCKOUT
>                         1: NETLOGON_NEG_PERSISTENT_SAMREPL
>                         1: NETLOGON_NEG_ARCFOUR   
>                         1: NETLOGON_NEG_PROMOTION_COUNT
>                         1: NETLOGON_NEG_CHANGELOG_BDC
>                         1: NETLOGON_NEG_FULL_SYNC_REPL
>                         1: NETLOGON_NEG_MULTIPLE_SIDS
>                         1: NETLOGON_NEG_REDO
>                         1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL
>                         0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC
>                         0: NETLOGON_NEG_GENERIC_PASSTHROUGH
>                         0: NETLOGON_NEG_CONCURRENT_RPC
>                         0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL
>                         0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL
>                         1: NETLOGON_NEG_128BIT    
>                         0: NETLOGON_NEG_TRANSITIVE_TRUSTS
>                         0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS
>                         0: NETLOGON_NEG_PASSWORD_SET2
>                         0: NETLOGON_NEG_GETDOMAININFO
>                         0: NETLOGON_NEG_CROSS_FOREST_TRUSTS
>                         0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION
>                         0: NETLOGON_NEG_RODC_PASSTHROUGH
>                         0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS
>                         1: NETLOGON_NEG_SCHANNEL               
> result                   : NT_STATUS_ACCESS_DENIED
After some testing, I got this:
Samba 3.3.6 + win 7 = can join domain, but can not login (after change 
the 4 values of registry)
Samba 3.3.4 + win 7 = working (after change the 4 values of registry)
(LDAP is the backend)

Allen

More information about the samba mailing list