[Samba] Win7 client, Samba PDC

Bastien Semene bsemene at cyanide-studio.com
Thu May 6 09:13:52 MDT 2010 

The samba wiki tolds to only modify DomainCompatibilityMode and 
DNSNameResolutionRequired keys : http://wiki.samba.org/index.php/Windows7

Le 06/05/2010 16:59, Steve Wolfe a écrit :
> I'm trying to set up Samba as a PDC for some Win7 clients, and could use
> some help.  I can successfully join the domain, with the message "Changing
> the primary domain DNS name of this computer to "" failed.", but I am still
> told that it was successful.
>
> However, when I try to log in, I am told  "The trust relationship between
> this workstation and the primary domain failed".  Looking in
> /var/log/samba/pi-69.log, I see:
>
> [2010/05/06 08:45:45,  0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>    _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client PI-69 machine account PI-69$
> [2010/05/06 08:45:45,  0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>    _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client PI-69 machine account PI-69$
>
> Trying:
>
> smbpasswd -x pi-69$
> userdel -r pi-69$
> useradd pi-69$
> smbpasswd -a -m pi-69$
>
> does no good.
>
> Client has :
>
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
> “RequireSignOrSeal”=dword:00000000
> “RequireStrongKey”=dword:00000000
>
> and
>
> [HKLM\System\CCS\Services\LanmanWorkstation\Parameters]
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
>
> Config/specs:
>
> Samba version 3.4.7-58.fc12
> Widows 7 64-bit professional clients
>
> smb.conf:
> [global]
> netbios name = PinnacleFS
> workgroup = PinnacleDom
> logon drive= P:
> logon home = \\PinnacleFS\%u
> locking = yes
> server string = PDC
> hosts allow=10.0.0.0/255.255.255.0
> load printers = no
> log file = /var/log/samba/%m.log
> security=user
> encrypt passwords=yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = yes
> os level = 128
> domain master = yes
> prefered master = yes
> domain logons = yes
> logon script = login.bat
> dns proxy = no
>
>    idmap uid = 16777216-33554431
>     idmap gid = 16777216-33554431
>     template shell = /bin/false
>     winbind use default domain = no
>
> [homes]
>     comment = Home Directories
>     browseable = no
>     writable = yes
>      create mode = 0700
>      directory mode = 0700
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
>   [netlogon]
>     comment = Network Logon Service
>     path = /home/netlogon
>     guest ok = yes
>     writable = no
>     share modes = no
> [Profiles]
>      browseable = no
>      guest ok = yes
>      create mode = 0700
>      directory mode = 0700
>      default case = lower
>      case sensitive = no
>
> [Apps]
>          path=/home/apps
>          force user=apps
>          force group=apps
>    

-- 
Bastien Semene
Administrateur Réseau&  Système

Cyanide Studio - FRANCE

More information about the samba mailing list