[Samba] Windows 7 domain issues

Kevin Keane subscription at kkeane.com
Wed Nov 25 04:55:12 MST 2009 

> -----Original Message-----
> From: samba-bounces at lists.samba.org [mailto:samba-
> bounces at lists.samba.org] On Behalf Of Alex Ferrara
> Sent: Tuesday, November 24, 2009 8:33 PM
> To: samba at lists.samba.org
> Subject: [Samba] Windows 7 domain issues
> 
> I am running Windows 7 Professionaly 64-bit with domain membership to a
> Samba domain. I have noticed some weird behaviour.

Personally, I have sworn off Samba as a PDC, and am desperately waiting for Samba 4 with Active Directory. The PDC architecture is by now more than 10 years old. Trying to use Windows 7 without Active Directory (and in particular without Group Policies) really limits the usefulness. AD was quite useful with XP, and even more so with Vista. Windows 7, I find, really requires Group Policies. I am using Samba as a domain-member file server; it really shines in that role.

> 1) For some reason, dhcp3-server does not add the forward dns entry
> into bind9. This works perfectly with Windows 7 if it is not a domain
> member, or other operating systems (XP, OS/X and Linux). I know this
> isn't specifically a Samba issue, but I thought I should mention it.

Windows 7 has different network security policies depending on whether you are on a public, private or domain network. I believe that this is because Windows 7 in a domain will by default insist on secure DNS updates. You can turn that off (with a group policy. Or probably by editing the registry directly if you find the right setting).

> 2) Strange entries in log files. Authentication for user [AC2161$] ->
> [AC2161$] FAILED with error NT_STATUS_PASSWORD_EXPIRED. I did run the
> Windows 7 64bit RC and after about 1 month, the trust relationship
> broke down and I would have to re-join the domain to make it work
> again. This could be related.

Windows 7 by default requires 128 bit encryption for SMB traffic; my guess is that that is the problem. You can turn that off.

> 3) Password issues. I use a LDAP backend, and use LAM to manage the
> directory. If I set a password in LAM, it generates the UNIX and SMB
> passwords, and then stores them in LDAP. This works perfectly for XP
> but not for Windows 7. Logons persist to use the old password, and I
> have a feeling that the password being used is a cached password.

The same as item 2.

More information about the samba mailing list