[Samba] windows 7 unable to join domain
Alberto Moreno
portsbsd at gmail.com
Tue Jun 15 14:32:01 MDT 2010
On Tue, Jun 15, 2010 at 1:04 PM, delpheye <delpheye at gmail.com> wrote:
> results of testparm -v:
>
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[netlogon]"
> Processing section "[profiles]"
> Processing section "[public]"
> Processing section "[former.employees]"
> Processing section "[temp]"
> Processing section "[joadmin]"
> Processing section "[labs]"
> Processing section "[business]"
> Loaded services file OK.
> WARNING: You have some share names that are longer than 12 characters.
> These may not be accessible to some older clients.
> (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> dos charset = CP850
> unix charset = UTF-8
> display charset = LOCALE
> workgroup = DOMAIN.COM
> realm =
> netbios name = DOMAIN-FS
> netbios aliases =
> netbios scope =
> server string = Samba 3.3.8-0.51.el5
> interfaces =
> bind interfaces only = No
> config backend = file
> security = USER
> auth methods =
> encrypt passwords = Yes
> update encrypted = No
> client schannel = Auto
> server schannel = Auto
> allow trusted domains = Yes
> map to guest = Never
> null passwords = No
> obey pam restrictions = No
> password server = *
> smb passwd file = /var/lib/samba/private/smbpasswd
> private dir = /var/lib/samba/private
> passdb backend = ldapsam:ldap://127.0.0.1
> algorithmic rid base = 1000
> root directory =
> guest account = nobody
> enable privileges = Yes
> pam password change = No
> passwd program = /usr/bin/passwd '%u'
> passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*"
> %n\n "*updated successfully*"
> passwd chat debug = No
> passwd chat timeout = 2
> check password script =
> username map = /etc/samba/smbusers
> password level = 0
> username level = 0
> unix password sync = Yes
> restrict anonymous = 0
> lanman auth = No
> ntlm auth = Yes
> client NTLMv2 auth = No
> client lanman auth = No
> client plaintext auth = No
> preload modules =
> use kerberos keytab = No
> log level = 5
> syslog = 1
> syslog only = No
> log file =
> max log size = 5000
> debug timestamp = Yes
> debug prefix timestamp = No
> debug hires timestamp = No
> debug pid = No
> debug uid = No
> debug class = No
> enable core files = Yes
> smb ports = 445 139
> large readwrite = Yes
> max protocol = NT1
> min protocol = CORE
> min receivefile size = 0
> read raw = Yes
> write raw = Yes
> disable netbios = No
> reset on zero vc = No
> acl compatibility = auto
> defer sharing violations = Yes
> nt pipe support = Yes
> nt status support = Yes
> announce version = 4.9
> announce as = NT
> max mux = 50
> max xmit = 16644
> name resolve order = wins bcast hosts
> max ttl = 259200
> max wins ttl = 518400
> min wins ttl = 21600
> time server = No
> unix extensions = Yes
> use spnego = Yes
> client signing = auto
> server signing = No
> client use spnego = Yes
> client ldap sasl wrapping = plain
> enable asu support = No
> svcctl list =
> deadtime = 0
> getwd cache = Yes
> keepalive = 300
> lpq cache time = 30
> max smbd processes = 0
> paranoid server security = Yes
> max disk size = 0
> max open files = 10000
> socket options = TCP_NODELAY
> use mmap = Yes
> hostname lookups = No
> name cache timeout = 660
> ctdbd socket =
> cluster addresses =
> clustering = No
> load printers = Yes
> printcap cache time = 750
> printcap name = cups
> cups server =
> cups connection timeout = 30
> iprint server =
> disable spoolss = No
> addport command =
> enumports command =
> addprinter command =
> deleteprinter command =
> show add printer wizard = Yes
> os2 driver map =
> mangling method = hash2
> mangle prefix = 1
> max stat cache size = 256
> stat cache = Yes
> machine password timeout = 604800
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> rename user script =
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> shutdown script =
> abort shutdown script =
> username map script =
> logon script = logon.bat
> logon path = \\domain-fs\profiles\%u
> logon drive = H:
> logon home = \\domain-fs\%U
> domain logons = Yes
> init logon delayed hosts =
> init logon delay = 100
> os level = 64
> lm announce = Auto
> lm interval = 5
> preferred master = Yes
> local master = Yes
> domain master = Yes
> browse list = Yes
> enhanced browsing = Yes
> dns proxy = Yes
> wins proxy = No
> wins server =
> wins support = Yes
> wins hook =
> kernel oplocks = Yes
> lock spin time = 200
> oplock break wait time = 0
> ldap admin dn = cn=root,dc=domain,dc=com
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = no
> ldap replication sleep = 1000
> ldap suffix = dc=domain,dc=com
> ldap ssl = no
> ldap ssl ads = No
> ldap timeout = 15
> ldap connection timeout = 2
> ldap page size = 1024
> ldap user suffix = ou=Users
> ldap debug level = 0
> ldap debug threshold = 10
> eventlog list =
> add share command =
> change share command =
> delete share command =
> config file =
> preload =
> lock directory = /var/lib/samba
> pid directory = /var/run
> utmp directory =
> wtmp directory =
> utmp = No
> default service =
> message command =
> get quota command =
> set quota command =
> remote announce =
> remote browse sync =
> socket address = 0.0.0.0
> homedir map = auto.home
> afs username map =
> afs token lifetime = 604800
> log nt token command =
> time offset = 0
> NIS homedir = No
> registry shares = No
> usershare allow guests = No
> usershare max shares = 0
> usershare owner only = Yes
> usershare path = /var/lib/samba/usershares
> usershare prefix allow list =
> usershare prefix deny list =
> usershare template share =
> panic action =
> host msdfs = Yes
> passdb expand explicit = No
> idmap backend = tdb
> idmap alloc backend =
> idmap cache time = 604800
> idmap negative cache time = 120
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> template homedir = /home/%D/%U
> template shell = /bin/false
> winbind separator = \
> winbind cache time = 300
> winbind reconnect delay = 30
> winbind enum users = No
> winbind enum groups = No
> winbind use default domain = No
> winbind trusted domains only = No
> winbind nested groups = Yes
> winbind expand groups = 1
> winbind nss info = template
> winbind refresh tickets = No
> winbind offline logon = No
> winbind normalize names = No
> winbind rpc only = No
> comment =
> path =
> username =
> invalid users =
> valid users =
> admin users =
> read list =
> write list =
> printer admin =
> force user =
> force group =
> read only = Yes
> acl check permissions = Yes
> acl group control = No
> acl map full control = Yes
> create mask = 0744
> force create mode = 00
> security mask = 0777
> force security mode = 00
> directory mask = 0755
> force directory mode = 00
> directory security mask = 0777
> force directory security mode = 00
> force unknown acl user = No
> inherit permissions = No
> inherit acls = No
> inherit owner = No
> guest only = No
> administrative share = No
> guest ok = No
> only user = No
> hosts allow =
> hosts deny =
> allocation roundup size = 1048576
> aio read size = 0
> aio write size = 0
> aio write behind =
> ea support = No
> nt acl support = Yes
> profile acls = No
> map acl inherit = No
> afs share = No
> smb encrypt = auto
> block size = 1024
> change notify = Yes
> directory name cache size = 100
> kernel change notify = Yes
> max connections = 0
> min print space = 0
> strict allocate = No
> strict sync = No
> sync always = No
> use sendfile = No
> write cache size = 0
> max reported print jobs = 0
> max print jobs = 1000
> printable = No
> printing = cups
> cups options =
> print command =
> lpq command = %p
> lprm command =
> lppause command =
> lpresume command =
> queuepause command =
> queueresume command =
> printer name =
> use client driver = No
> default devmode = Yes
> force printername = No
> printjob username = %U
> default case = lower
> case sensitive = Auto
> preserve case = Yes
> short preserve case = Yes
> mangling char = ~
> hide dot files = Yes
> hide special files = No
> hide unreadable = No
> hide unwriteable files = No
> delete veto files = No
> veto files =
> hide files =
> veto oplock files =
> map archive = Yes
> map hidden = No
> map system = No
> map readonly = yes
> mangled names = Yes
> store dos attributes = No
> dmapi support = No
> browseable = Yes
> blocking locks = Yes
> csc policy = manual
> fake oplocks = No
> locking = Yes
> oplocks = Yes
> level2 oplocks = Yes
> oplock contention limit = 2
> posix locking = Yes
> strict locking = Auto
> share modes = Yes
> dfree cache time = 0
> dfree command =
> copy =
> include =
> preexec =
> preexec close = No
> postexec =
> root preexec =
> root preexec close = No
> root postexec =
> available = Yes
> volume =
> fstype = NTFS
> set directory = No
> wide links = Yes
> follow symlinks = Yes
> dont descend =
> magic script =
> magic output =
> delete readonly = No
> dos filemode = No
> dos filetimes = Yes
> dos filetime resolution = No
> fake directory create times = No
> vfs objects =
> msdfs root = No
> msdfs proxy =
>
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> browseable = No
>
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = Yes
>
> [profiles]
> comment = Network Profiles Share
> path = /data/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> hide files = /desktop.ini/outlook*.lnk/*Briefcase*/
> store dos attributes = Yes
> browseable = No
>
> [public]
> path = /data/public
> valid users = "@Domain Users"
> read only = No
> create mask = 0755
> guest ok = Yes
>
> [former.employees]
> path = /data/former.employees
> valid users = "@Domain Users"
> read only = No
> create mask = 0755
> guest ok = Yes
>
> [temp]
> path = /data/temp
> valid users = "@Domain Users"
> read only = No
> create mask = 0755
> guest ok = Yes
>
>
> [joadmin]
> comment = Jo Admin
> path = /data/jo-admin
> valid users = joxxx
> write list = "@domain users"
> read only = No
> create mask = 0775
> directory mask = 0775
>
> [labs]
> comment = Labs Data
> path = /data/labs
> valid users = "@Domain Users"
> write list = "@Domain Users"
> read only = No
> create mask = 0775
> directory mask = 0770
> guest ok = Yes
>
> [business]
> comment = Business Docs
> path = /data/Business
> valid users = "@Business Users"
> read only = No
> create mask = 0775
> directory mask = 0775
>
>
> On Tue, Jun 15, 2010 at 12:52 PM, Alberto Moreno <portsbsd at gmail.com> wrote:
>>
>> On Tue, Jun 15, 2010 at 10:40 AM, Alberto Moreno <portsbsd at gmail.com>
>> wrote:
>> > On Tue, Jun 15, 2010 at 9:57 AM, <tms3 at tms3.com> wrote:
>> >>
>> >>
>> >>
>> >> On Tuesday 15/06/2010 at 9:17 am, Alberto Moreno wrote:
>> >>
>> >> On Mon, Jun 14, 2010 at 11:45 PM, <tms3 at tms3.com> wrote:
>> >>
>> >>
>> >>
>> >> --- Original message ---
>> >> Subject: Re: [Samba] windows 7 unable to join domain
>> >> From: Alberto Moreno <portsbsd at gmail.com>
>> >> To: <samba at lists.samba.org>
>> >> Date: Monday, 14/06/2010 11:03 PM
>> >>
>> >> On Mon, Jun 14, 2010 at 6:11 PM, <tms3 at tms3.com> wrote:
>> >>
>> >>
>> >>
>> >>
>> >> SNIP
>> >>
>> >> I'm currently running Samba3x-3.3.8-0.51 on CentOS 5.5. I currently
>> >> have
>> >> many Windows XP clients associated with the domain and behaving
>> >> correctly.
>> >> However, I am unable to join a Windows 7 PC. I receive "The specified
>> >> network name is no longer available."
>> >>
>> >> I've verified that DNS is configured correctly, and as stated XP
>> >> machines
>> >> have no problem joining.
>> >>
>> >> http://wiki.samba.org/index.php/Windows7
>> >>
>> >> There's a reg file that comes with the source code. Not sure about
>> >> binary
>> >> packages.
>> >>
>> >> Cheers,
>> >>
>> >> SNIP
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/options/samba
>> >>
>> >>
>> >> Like tms3 told u, we have to make some changes to the register before
>> >> we join ms 7 to the domain, I already did and works, no issue.
>> >>
>> >> Another thing I see in your smb.conf:
>> >>
>> >> security = DOMAIN.
>> >>
>> >> In my little knowledge about samba, if u have a PDC it must say:
>> >>
>> >> security = user.
>> >>
>> >> Went u add a BDC it must say:
>> >>
>> >> security = DOMAIN.
>> >>
>> >> I disagree on the last point.
>> >>
>> >> Security = user is default, so no entry necessary.
>> >>
>> >> For PDC I use:
>> >>
>> >> os level = 64
>> >> preferred master = Yes
>> >> domain logons =Yes
>> >> domain master = Yes
>> >>
>> >> For BDC I use (if on separate nodes)
>> >>
>> >> �� os level = 64
>> >> preferred master = Yes
>> >> domain logons =Yes
>> >> domain master = no
>> >>
>> >> If on same node
>> >>
>> >> os level = 60
>> >> preferred master = Auto
>> >> domain logons =Yes
>> >> domain master = no
>> >>
>> >>
>> >> "In domain security mode, the Samba server has a machine account
>> >> (domain security trust account) and causes all authentication requests
>> >> to be passed through to the domain controllers. The Samba server is
>> >> made into a domain member server by using the following directives in
>> >> smb.conf."
>> >>
>> >> "security = domain"
>> >>
>> >> Hi.
>> >>
>> >> I point this because on his smb.conf file he us using security=domain,
>> >> by default like u say is =user.
>> >>
>> >> Oh, not trying to be a snit, just that if you use sec=domain then the
>> >> BDC
>> >> will call the PDC for authing. It will work, it's just that it kinda
>> >> (IMHO)
>> >> makes the BDC sorta useless. And over WAN links wastes bandwidth.
>> >>
>> >> Cheers,
>> >>
>> >>
>> >> Thanks!!!
>> >>
>> >> Last thing, smbldap-tools using the base repo from Centos 5.5 depend
>> >> on Samba-3.0.x, u must build your own rpm to work with samba3x.
>> >>
>> >> My two cents.
>> >> --
>> >> LIving the dream...
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/options/samba
>> >>
>> >>
>> >>
>> >> --
>> >> LIving the dream...
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions: https://lists.samba.org/mailman/options/samba
>> >>
>> >>
>> >
>> > No problem my friend, we are here to learn, thanks for sharing.
>> >
>> > --
>> > LIving the dream...
>> >
>>
>> U say that u already have some XP clients on your domain, which meant
>> that works.
>>
>> U are trying to add a Windows 7 capable of being able to be part of a
>> Domain, like Ultimate Edition or compatible right? not a Home Edition.
>>
>> U are using ldap on centos, which is working? Because u have XP
>> clients inside the domain, they can see the PDC of your domain?
>>
>> Could u please give us the output of testparm+testparm of your PDC.
>>
>> Thanks!!!
>>
>> --
>> LIving the dream...
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
This is my smb.conf which I had setup this week, I have here Windows
XP+Windows 7 UE.
[global]
unix charset = UTF8
workgroup = BOMBOM
server string = PDC Server
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://172.16.5.152/
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %nn
*ReType*new*UNIX*password* %nn *
passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/usermap
password level = 6
unix password sync = Yes
log level = 1
log file = /var/log/samba/%m.log
max log size = 500
name resolve order = wins hosts bcast lmhost
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
show add printer wizard = No
add user script = /usr/sbin/smbldap-useradd -m %u
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %m
logon path =
logon home =
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=bombom,dc=com
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = yes
ldap suffix = dc=bombom,dc=com
ldap ssl = no
ldap user suffix = ou=Users
host msdfs = No
idmap backend = ldap:ldap://172.16.5.152
idmap uid = 10000-20000
idmap gid = 10000-20000
hosts allow = 172.16.0.0/16, 127.
hosts deny = 0.0.0.0
map acl inherit = Yes
map archive = No[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
locking = No
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[Public]
comment = Public Folder
path = /opt/public
read only = No
create mask = 0775
directory mask = 0775
guest ok = Yes
[IT]
path = /opt/it
valid users = @it
write list = @BOMBOM\it
force group = @BOMBOM\it
read only = No
force create mode = 0770
directory mask = 0770
[Account]
path = /opt/account
valid users = @account
write list = @BOMBOM\accounts
force group = @BOMBOM\account
read only = No
force create mode = 0770
directory mask = 0770
map readonly = no
store dos attributes = Yes
This is my account for the windows 7 client:
pdbedit -Lv bom-win7ue$
Unix username: bom-win7ue$
NT username: bom-win7ue$
Account Flags: [W ]
User SID: S-1-5-21-506473411-1786020119-2248725859-1002
Primary Group SID: S-1-5-21-506473411-1786020119-2248725859-515
Full Name: BOM-WIN7UE$
Home Directory:
HomeDir Drive:
Logon Script:
Profile Path:
Domain: BOMBOM
Account desc: Computer
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Mon, 14 Jun 2010 07:33:00 PDT
Password can change: Mon, 14 Jun 2010 07:33:00 PDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
net groupmap list
Domain Admins (S-1-5-21-506473411-1786020119-2248725859-512) -> Domain Admins
Domain Users (S-1-5-21-506473411-1786020119-2248725859-513) -> Domain Users
Domain Guests (S-1-5-21-506473411-1786020119-2248725859-514) -> Domain Guests
Domain Computers (S-1-5-21-506473411-1786020119-2248725859-515) ->
Domain Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
it (S-1-5-21-506473411-1786020119-2248725859-3007) -> it
account (S-1-5-21-506473411-1786020119-2248725859-3009) -> account
My domain groups are there.
smbclient -L \\pdc-srv -U test1
Enter test1's password:
Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (PDC Server)
Contabilidad Disk
Sistemas Disk
Public Disk Public Folder
netlogon Disk Network Logon Service
test1 Disk Home Directories
Domain=[BOMBOM] OS=[Unix] Server=[Samba 3.3.8-0.51.el5]
Server Comment
--------- -------
BOM-WIN7UE Windows 7 Domain
PIM-WINXPA vbWinXP
PDC-SRV PDC Server
Workgroup Master
--------- -------
BOMBOM PDC-SRV
I didn't disable anything from windows 7 like the firewall, I just
make the change to the register on windows 7 like the wiki told us,
restart windows 7 and done, I could add the client to the domain.
Hope this file help to find the issue, u could setup a vm with windows
7 and start from scratch.
See u latter!!!
--
LIving the dream...
More information about the samba
mailing list