[Samba] Win7 client, Samba PDC

Steve Wolfe bafenator at gmail.com
Thu May 6 08:59:55 MDT 2010 

I'm trying to set up Samba as a PDC for some Win7 clients, and could use
some help.  I can successfully join the domain, with the message "Changing
the primary domain DNS name of this computer to "" failed.", but I am still
told that it was successful.

However, when I try to log in, I am told  "The trust relationship between
this workstation and the primary domain failed".  Looking in
/var/log/samba/pi-69.log, I see:

[2010/05/06 08:45:45,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$
[2010/05/06 08:45:45,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client PI-69 machine account PI-69$

Trying:

smbpasswd -x pi-69$
userdel -r pi-69$
useradd pi-69$
smbpasswd -a -m pi-69$

does no good.

Client has :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:00000000
“RequireStrongKey”=dword:00000000

and

[HKLM\System\CCS\Services\LanmanWorkstation\Parameters]
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0

Config/specs:

Samba version 3.4.7-58.fc12
Widows 7 64-bit professional clients

smb.conf:
[global]
netbios name = PinnacleFS
workgroup = PinnacleDom
logon drive= P:
logon home = \\PinnacleFS\%u
locking = yes
server string = PDC
hosts allow=10.0.0.0/255.255.255.0
load printers = no
log file = /var/log/samba/%m.log
security=user
encrypt passwords=yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 128
domain master = yes
prefered master = yes
domain logons = yes
logon script = login.bat
dns proxy = no

  idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
    create mode = 0700
    directory mode = 0700

# Un-comment the following and create the netlogon directory for Domain
Logons
 [netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no
[Profiles]
    browseable = no
    guest ok = yes
    create mode = 0700
    directory mode = 0700
    default case = lower
    case sensitive = no

[Apps]
        path=/home/apps
        force user=apps
        force group=apps

More information about the samba mailing list