[Samba] Win7 client, Samba PDC
Steve Wolfe
bafenator at gmail.com
Thu May 6 08:59:55 MDT 2010
I'm trying to set up Samba as a PDC for some Win7 clients, and could use
some help. I can successfully join the domain, with the message "Changing
the primary domain DNS name of this computer to "" failed.", but I am still
told that it was successful.
However, when I try to log in, I am told "The trust relationship between
this workstation and the primary domain failed". Looking in
/var/log/samba/pi-69.log, I see:
[2010/05/06 08:45:45, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$
[2010/05/06 08:45:45, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$
Trying:
smbpasswd -x pi-69$
userdel -r pi-69$
useradd pi-69$
smbpasswd -a -m pi-69$
does no good.
Client has :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:00000000
“RequireStrongKey”=dword:00000000
and
[HKLM\System\CCS\Services\LanmanWorkstation\Parameters]
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Config/specs:
Samba version 3.4.7-58.fc12
Widows 7 64-bit professional clients
smb.conf:
[global]
netbios name = PinnacleFS
workgroup = PinnacleDom
logon drive= P:
logon home = \\PinnacleFS\%u
locking = yes
server string = PDC
hosts allow=10.0.0.0/255.255.255.0
load printers = no
log file = /var/log/samba/%m.log
security=user
encrypt passwords=yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 128
domain master = yes
prefered master = yes
domain logons = yes
logon script = login.bat
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[homes]
comment = Home Directories
browseable = no
writable = yes
create mode = 0700
directory mode = 0700
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
browseable = no
guest ok = yes
create mode = 0700
directory mode = 0700
default case = lower
case sensitive = no
[Apps]
path=/home/apps
force user=apps
force group=apps
More information about the samba
mailing list