[Samba] Win7 client, Samba PDC
Bastien Semene
bsemene at cyanide-studio.com
Thu May 6 09:13:52 MDT 2010
The samba wiki tolds to only modify DomainCompatibilityMode and
DNSNameResolutionRequired keys : http://wiki.samba.org/index.php/Windows7
Le 06/05/2010 16:59, Steve Wolfe a écrit :
> I'm trying to set up Samba as a PDC for some Win7 clients, and could use
> some help. I can successfully join the domain, with the message "Changing
> the primary domain DNS name of this computer to "" failed.", but I am still
> told that it was successful.
>
> However, when I try to log in, I am told "The trust relationship between
> this workstation and the primary domain failed". Looking in
> /var/log/samba/pi-69.log, I see:
>
> [2010/05/06 08:45:45, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client PI-69 machine account PI-69$
> [2010/05/06 08:45:45, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client PI-69 machine account PI-69$
>
> Trying:
>
> smbpasswd -x pi-69$
> userdel -r pi-69$
> useradd pi-69$
> smbpasswd -a -m pi-69$
>
> does no good.
>
> Client has :
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
> “RequireSignOrSeal”=dword:00000000
> “RequireStrongKey”=dword:00000000
>
> and
>
> [HKLM\System\CCS\Services\LanmanWorkstation\Parameters]
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
>
> Config/specs:
>
> Samba version 3.4.7-58.fc12
> Widows 7 64-bit professional clients
>
> smb.conf:
> [global]
> netbios name = PinnacleFS
> workgroup = PinnacleDom
> logon drive= P:
> logon home = \\PinnacleFS\%u
> locking = yes
> server string = PDC
> hosts allow=10.0.0.0/255.255.255.0
> load printers = no
> log file = /var/log/samba/%m.log
> security=user
> encrypt passwords=yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = yes
> os level = 128
> domain master = yes
> prefered master = yes
> domain logons = yes
> logon script = login.bat
> dns proxy = no
>
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> template shell = /bin/false
> winbind use default domain = no
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> create mode = 0700
> directory mode = 0700
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> [netlogon]
> comment = Network Logon Service
> path = /home/netlogon
> guest ok = yes
> writable = no
> share modes = no
> [Profiles]
> browseable = no
> guest ok = yes
> create mode = 0700
> directory mode = 0700
> default case = lower
> case sensitive = no
>
> [Apps]
> path=/home/apps
> force user=apps
> force group=apps
>
--
Bastien Semene
Administrateur Réseau& Système
Cyanide Studio - FRANCE
More information about the samba
mailing list