[Samba] windows 7 machine account fails to authenticate against samba PDC
graham
graham8499 at ymail.com
Wed Feb 3 10:42:19 MST 2010
Gaiseric Vandal wrote on 03/02/2010 17:27:
> What samba version?
version 3.4.5
> After you login from Win 7 can you actually open
> and save files?
yes. I'm not familiar enough with smb etc. to understand why the machine
itself is trying to authenticate in addition to the user, and whether it
matters.
> It does seem like it is trying to reauthenticate as an
> active directory client.
>
> Maybe config samba to only listen on port 139 and not 445 ("smb ports"
> in smb.conf.) That might force the Win 7 client to treat the samba
> server as a "NT4" server. I believe port 445 is for Smb-over-tcp while
> 139 is for smb-over-netbios-over-tcp.
I do have that set.
For completeness, the [global] config is:
workgroup = SMBDOMAIN
netbios name = SAMBASERVER
server string =
map to guest = Bad User
username map = /etc/samba/username-map
restrict anonymous = 1
log level = 1
smb ports = 139
name resolve order = wins lmhosts
time server = Yes
printcap name = cups
add machine script = /usr/sbin/useradd -d /dev/null -g sambausers -c
Machine -s /bin/false %u
logon script = logon.bat
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
> On 02/03/10 12:09, graham wrote:
>> Hello all,
>>
>> I've added my windows7 client to the domain (samba running as pdc),
>> having applied the registry changes identified here
>> (http://wiki.samba.org/index.php/Windows7).
>>
>> Partial success - domain users can login and see shares etc, BUT:
>>
>> 1 - the registry settings in ntlogon/NTConfig.POL are not applied. Am
>> I right in thinking that windows 7 ignores this policy?
>> And if so I therefore need to put the appropriate registry settings
>> into a logon script?
>>
>>
>> 2 - every time a domain user logs in to the windows7 host smbd reports
>> an error:
>>
>> [2010/02/02 19:07:51, 0]
>> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
>> Rejecting auth request from client WIN7HOST machine account WIN7HOST$
>> [2010/02/02 19:07:52, 0] auth/auth_sam.c:355(check_sam_security)
>> check_sam_security: make_server_info_sam() failed with
>> 'NT_STATUS_NO_SUCH_USER'
>>
>> This only occurs for the windows7 client (not XP clients).
>> What does this mean, is it a problem, and how do I fix it?!
>>
>>
>> 3 - periodic errors reported by nmbd:
>> Packet send failed to 192.168.10.8(138) ERRNO=Operation not permitted
>>
>> That's the ipaddress of the windows7 client.
>> Actually, looking back in the logs I see this has occasionally
>> happened for all but one of the xp clients too.
>> Again, what does this error mean, is it a problem, how would I fix it?
>>
>>
>> 4 - windows7 client bombards the server on port 389 (ldap)
>> No idea why, no other (xp) clients do this. I'm guessing it /might/ be
>> part of question 2 above ,ie. maybe the win7 client is trying to
>> authenticate against ldap??
>>
>> rgds all,
>> graham.
>>
>
More information about the samba
mailing list