[Samba] Problems Windows 7 64 Bit joining a Samba + Ldap domain

Hachi nutt at geotechnik.rwth-aachen.de
Mon Oct 4 03:24:29 MDT 2010 

Hello Claudio,

it might not fit your problem, but i had problems accessing Samba from 
Win 7 after XP was no problem.
It turned out, that Win 7 needs the domain-part, when you log in.
So $sambapc\$username as login-name worked.

At least it's worth a try.

kind regards,
Hachi

Am 29.09.2010 17:09, schrieb Claudio Prono:
> Hello all,
>
> I am doing some tests with Windows 7 and a Samba Domain, but into a
> working SAMBA domain, where windows XP joins without problems, when i
> try with 7 i recieve an error like "The trust relationship between this
> workstation and the primary domain failed.". I use OpenSuSE 11.3 with
> samba 3.5.4-5.1.2 and openldap 2.4.21-9.1.
>
> My config of samba:
>
> [global]
>          workgroup = MEDIATEST.LOCAL
>          netbios name = MEDIADC
>          map to guest = Bad User
>          passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
>          log level = 2
>          printcap name = cups
>          add user script = /usr/sbin/ldapsmb -a -u "%u" -smbacct
> --makehomedir --homedir /home/%u -f
>          delete user script = /usr/sbin/ldapsmb -d -u "%u" -f
>          add group script = /usr/sbin/ldapsmb -a -g "%g" -f
>          delete group script = /usr/sbin/ldapsmb -d -g "%g" -f
>          add user to group script = /usr/sbin/ldapsmb -j -u "%u" -g "%g" -f
>          delete user from group script = /usr/sbin/ldapsmb -r -u "%u" -g
> "%g" -f
>          add machine script = "/usr/sbin/ldapsmb -a -i -wks %u -f"
>          logon path = \\afs\mediaservice-test.pri\users\%U\.msprofile
>          logon drive = P:
>          logon home = \\afs\mediaservice-test.pri\%U\.9xprofile
>          domain logons = Yes
>          os level = 99
>          preferred master = Yes
>          domain master = Yes
>          wins support = Yes
>          ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
>          ldap group suffix = ou=group
>          ldap idmap suffix = ou=Idmap
>          ldap machine suffix = ou=Machines
>          ldap passwd sync = yes
>          ldap suffix = dc=mediaservice-test,dc=pri
>          ldap ssl = no
>          ldap user suffix = ou=people
>          usershare allow guests = Yes
>          idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
>          cups options = raw
>
> [homes]
>          comment = Home Directories
>          valid users = %S, %D%w%S
>          read only = No
>          inherit acls = Yes
>          browseable = No
>
> [profiles]
>          comment = Network Profiles Service
>          path = %H
>          read only = No
>          create mask = 0600
>          directory mask = 0700
>          store dos attributes = Yes
>
> [users]
>          comment = All users
>          path = /home
>          read only = No
>          inherit acls = Yes
>          veto files = /aquota.user/groups/shares/
>
> [groups]
>          comment = All groups
>          path = /home/groups
>          read only = No
>          inherit acls = Yes
>
> [printers]
>          comment = All Printers
>          path = /var/tmp
>          create mask = 0600
>          printable = Yes
>          browseable = No
>
> [print$]
>          comment = Printer Drivers
>          path = /var/lib/samba/drivers
>          write list = @ntadmin, root
>          force group = ntadmin
>          create mask = 0664
>          directory mask = 0775
>
> [netlogon]
>          comment = Network Logon Service
>          path = /var/lib/samba/netlogon
>          write list = root
>
> I have modified this registry keys on Windows 7 with no luck:
>
> HKLM\System\CCS\Services\LanmanWorkstation\Parameters
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters
> DWORD RequireSignOrSeal”= 1
> DWORD RequireStrongKey= 1
>
> I have also tried to sync the date and time of the server and the client
> with the same timeserver.
>
> Here is the smb log:
>
> [2010/09/29 16:00:12.002747,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2010/09/29 16:00:12.050876,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2010/09/29 16:00:12.051737,  2] lib/smbldap.c:950(smbldap_open_connection)
>    smbldap_open_connection: connection opened
> [2010/09/29 16:00:12.055201,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
>    init_sam_from_ldap: Entry found for user: pasquale-nb$
> [2010/09/29 16:00:12.058927,  2] auth/auth.c:304(check_ntlm_password)
>    check_ntlm_password:  authentication for user [PASQUALE-NB$] ->
> [PASQUALE-NB$] ->  [pasquale-nb$] succeeded
> [2010/09/29 16:00:54.035612,  0] lib/util_sock.c:474(read_fd_with_timeout)
> [2010/09/29 16:00:54.036172,  0]
> lib/util_sock.c:1432(get_peer_addr_internal)
>    getpeername failed. Error was Transport endpoint is not connected
>    read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
> peer.
> [2010/09/29 16:01:37.612787,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2010/09/29 16:01:37.614813,  2] smbd/sesssetup.c:1390(setup_new_vc_session)
>    setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
> all old resources.
> [2010/09/29 16:01:37.615403,  2] lib/smbldap.c:950(smbldap_open_connection)
>    smbldap_open_connection: connection opened
> [2010/09/29 16:01:37.628754,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
>    init_sam_from_ldap: Entry found for user: pasquale-nb$
> [2010/09/29 16:01:37.641996,  2]
> ../libcli/auth/credentials.c:306(netlogon_creds_server_check_internal)
>    credentials check failed
> [2010/09/29 16:01:37.642095,  0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>    _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client PASQUALE-NB machine account PASQUALE-NB$
> [2010/09/29 16:01:37.646000,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
>    init_sam_from_ldap: Entry found for user: pasquale-nb$
> [2010/09/29 16:01:37.647148,  2]
> ../libcli/auth/credentials.c:306(netlogon_creds_server_check_internal)
>    credentials check failed
> [2010/09/29 16:01:37.647215,  0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>    _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client PASQUALE-NB machine account PASQUALE-NB$
>
>
> If can be useful, when i have added the machine to the domain, i have
> got an error with the DNS.
>
> Any help is very appreciated.
>
> Cordially,
>
> Claudio Prono.
>
>

More information about the samba mailing list