[Samba] windows 7 machine account fails to authenticate against samba PDC

Wed Feb 3 12:15:14 MST 2010

it looks like from the log entries that the samba can't find an account 
for the machine.  The machine-  if it is a domain member-   does need to 
have an account.  Were you able to join the machine to the domain?  if 
so there should be both a samba (windows) account (verify with "pdbedit 
-Lv") and a unix account (verify with "getent passwd.")


On 02/03/10 12:42, graham wrote:
> Gaiseric Vandal wrote on 03/02/2010 17:27:
>> What samba version?
>
> version 3.4.5
>
>
> > After you login from Win 7 can you actually open
>> and save files?
>
> yes. I'm not familiar enough with smb etc. to understand why the 
> machine itself is trying to authenticate in addition to the user, and 
> whether it matters.
>
>
>> It does seem like it is trying to reauthenticate as an
>> active directory client.
>>
>> Maybe config samba to only listen on port 139 and not 445 ("smb ports"
>> in smb.conf.) That might force the Win 7 client to treat the samba
>> server as a "NT4" server. I believe port 445 is for Smb-over-tcp while
>> 139 is for smb-over-netbios-over-tcp.
>
> I do have that set.
> For completeness, the [global] config is:
>     workgroup = SMBDOMAIN
>     netbios name = SAMBASERVER
>     server string =
>     map to guest = Bad User
>     username map = /etc/samba/username-map
>     restrict anonymous = 1
>     log level = 1
>     smb ports = 139
>     name resolve order = wins lmhosts
>     time server = Yes
>     printcap name = cups
>     add machine script = /usr/sbin/useradd -d /dev/null -g sambausers 
> -c Machine -s /bin/false %u
>     logon script = logon.bat
>     logon path =
>     logon home =
>     domain logons = Yes
>     os level = 65
>     preferred master = Yes
>     domain master = Yes
>     wins support = Yes
>
>
>
>
>> On 02/03/10 12:09, graham wrote:
>>> Hello all,
>>>
>>> I've added my windows7 client to the domain (samba running as pdc),
>>> having applied the registry changes identified here
>>> (http://wiki.samba.org/index.php/Windows7).
>>>
>>> Partial success - domain users can login and see shares etc, BUT:
>>>
>>> 1 - the registry settings in ntlogon/NTConfig.POL are not applied. Am
>>> I right in thinking that windows 7 ignores this policy?
>>> And if so I therefore need to put the appropriate registry settings
>>> into a logon script?
>>>
>>>
>>> 2 - every time a domain user logs in to the windows7 host smbd reports
>>> an error:
>>>
>>> [2010/02/02 19:07:51, 0]
>>> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>>> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
>>> Rejecting auth request from client WIN7HOST machine account WIN7HOST$
>>> [2010/02/02 19:07:52, 0] auth/auth_sam.c:355(check_sam_security)
>>> check_sam_security: make_server_info_sam() failed with
>>> 'NT_STATUS_NO_SUCH_USER'
>>>
>>> This only occurs for the windows7 client (not XP clients).
>>> What does this mean, is it a problem, and how do I fix it?!
>>>
>>>
>>> 3 - periodic errors reported by nmbd:
>>> Packet send failed to 192.168.10.8(138) ERRNO=Operation not permitted
>>>
>>> That's the ipaddress of the windows7 client.
>>> Actually, looking back in the logs I see this has occasionally
>>> happened for all but one of the xp clients too.
>>> Again, what does this error mean, is it a problem, how would I fix it?
>>>
>>>
>>> 4 - windows7 client bombards the server on port 389 (ldap)
>>> No idea why, no other (xp) clients do this. I'm guessing it /might/ be
>>> part of question 2 above ,ie. maybe the win7 client is trying to
>>> authenticate against ldap??
>>>
>>> rgds all,
>>> graham.
>>>
>>
>
>