[Samba] windows 7 unable to join domain

delpheye delpheye at gmail.com
Mon Jun 14 19:05:39 MDT 2010


I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5.  I currently have
many Windows XP clients associated with the domain and behaving correctly.
However, I am unable to join a Windows 7 PC.  I receive "The specified
network name is no longer available."

I've verified that DNS is configured correctly, and as stated XP machines
have no problem joining.

Per some googling, I've turned off both:

*- Network security:Minimum session security for NTLM SSP (including RPC
based) Clients*
- *Network security:Minimum session security for NTLM SSP (including RPC
based) Servers*

and changed "*Network Security LAN Manager authentication level*" to "*Send
LM & NTLM – use NTLMv2 session security if negotiated*" in the Local
Security Policies.

These are the errors I receive at log level 5:

-- from log.winbindd-idmap
[2010/06/14 19:56:29,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2481)
  ldapsam_getgroup: Did not find group, filter was
[2010/06/14 19:56:29,  4] winbindd/winbindd_dual.c:fork_domain_child(1439)
  child daemon request 53
[2010/06/14 19:56:29,  3]
  [ 9876]: gid 99 to sid
[2010/06/14 19:56:29,  4] passdb/pdb_ldap.c:ldapsam_getgroup(2481)
  ldapsam_getgroup: Did not find group, filter was

-- from log.wb-DOMAIN
[2010/06/14 19:57:04,  2] winbindd/winbindd.c:remove_client(744)
  final write to client failed: Broken pipe

-- from log.smbd
[2010/06/14 19:57:04,  3] smbd/process.c:smbd_process(1952)
  receive_message_or_smb failed: NT_STATUS_ACCESS_DENIED, exiting

My smb.conf is as follows:

workgroup = DOMAIN.COM
netbios name = domain-fs
passdb backend = ldapsam:ldap://
printcap name = cups
printing = cups
security = domain
log level = 5
name resolve order = wins bcast hosts

ldap ssl = off
ldap admin dn = cn=root,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers

ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"

logon path = \\domain-fs\profiles\%u
logon drive = H:
logon home = \\domain-fs\%U
#logon script = %U.bat
logon script = logon.bat

domain master = Yes
domain logons = Yes
os level = 35
preferred master = Yes

idmap uid = 10000-20000
idmap gid = 10000-20000

passwd program = /usr/bin/passwd '%u'
unix password sync = yes
passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*" %n\n
"*updated successfully*"
enable privileges = yes
username map = /etc/samba/smbusers

wins support = Yes

comment = Home Directories
valid users = %S
browseable = no
writable = yes

comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
writable = no

comment = Network Profiles Share
path = /data/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = no
guest ok = no
printable = no
hide files = /desktop.ini/outlook*.lnk/*Briefcase*/

In LDAP, the Domain Computers GID is 515 and not 99 as suggested by the
above error but I do not know why it is looking for that particular GID.

Any ideas?  My google-fu has become ineffective on this problem.


More information about the samba mailing list