[Samba] Windows 7 and a Samba PDC?

Berni Elbourn berni at elbournb.fsnet.co.uk
Fri Sep 10 01:30:50 MDT 2010


Hi,

I would be extremely grateful if you could cast your eye over my problem 
with getting Windows 7 PC back onto on a Samba domain?

I have the current version from lenny-backports: 2:3.4.8~dfsg-2~bpo50+1, 
the client is windows 7 Ultimate. logins and profiles and nelogon 
scripts all seemed to work back in Feb 2010 using the instructions here:

http://wiki.samba.org/index.php/Windows7

However this week it seems the machine trust is now broken. Removing and 
re-adding the windows 7 client to the domain claims to succeed on the 
windows side but this error is logged in log.smbd:

[2010/09/09 11:19:17,  0] 
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
Rejecting auth request from client WINDOWS7 machine account WINDOWS7$

And pc logins fail like this:

[2010/09/09 11:37:01,  1] smbd/service.c:1063(make_connection_snum)
   windows7 (::ffff:192.168.2.106) connect to service profiles initially 
as user elbournb (uid=1000, gid=100) (pid 4383)
[2010/09/09 11:37:02,  0] smbd/nttrans.c:2119(call_nt_transact_ioctl)
   call_nt_transact_ioctl(0x900eb): Currently not implemented.
[2010/09/09 11:37:02,  1] smbd/service.c:1063(make_connection_snum)
   windows7 (::ffff:192.168.2.106) connect to service profiles initially 
as user windows7$ (uid=1017, gid=1017) (pid 4383)
[2010/09/09 11:37:02,  1] smbd/vfs.c:932(check_reduced_name)
   reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
[2010/09/09 11:37:02,  1] smbd/vfs.c:932(check_reduced_name)
   reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
[2010/09/09 11:37:09,  1] smbd/service.c:1063(make_connection_snum)
   windows7 (::ffff:192.168.2.106) connect to service elbournb initially 
as user elbournb (uid=1000, gid=100) (pid 4383)
[2010/09/09 11:37:15,  1] smbd/service.c:1240(close_cnum)
   windows7 (::ffff:192.168.2.106) closed connection to service profiles
[2010/09/09 11:37:21,  1] smbd/service.c:1240(close_cnum)
   windows7 (::ffff:192.168.2.106) closed connection to service profiles
[2010/09/09 11:37:21,  1] smbd/service.c:1240(close_cnum)
   windows7 (::ffff:192.168.2.106) closed connection to service elbournb

testparm shows:

[global]
     workgroup = ECS
     netbios name = SAMBA
     server string =
     interfaces = 192.168.2.0/255.255.255.0
     map to guest = Bad User
     passdb backend = smbpasswd
     passwd program = /usr/bin/passwd %u
     passwd chat = *new*password* %n\n *new*password* %n\n *updated*
     passwd chat debug = Yes
     username map = /etc/samba/smbusers
     unix password sync = Yes
     name resolve order = host lmhosts wins bcast
     time server = Yes
     unix extensions = No
     printcap name = cups
     add machine script = /usr/sbin/useradd  -c Machine -d 
/var/lib/nobody -s /bin/false %m$
     logon script = login.bat
     logon path = \\%L\profiles\%U
     logon drive = H:
     logon home = \\%L\%U\.9xprofile
     domain logons = Yes
     os level = 65
     preferred master = Yes
     domain master = Yes
     wins proxy = Yes
     wins support = Yes
     kernel oplocks = No
     ldap suffix = dc=example,dc=com
     ldap ssl = no
     create mask = 0664
     directory mask = 0775
     cups options = raw
     oplocks = No
     level2 oplocks = No
     strict locking = No
     dos filemode = Yes

[profiles]
	comment = Network Profiles Service
	path = /home/smb/ntprofiles
	read only = No
	create mask = 0600
	directory mask = 0700
	hide files = /desktop.ini/
	csc policy = disable

I have tried using a different name for the PC - same error:

[2010/09/09 16:50:31,  0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
Rejecting auth
request from client W7 machine account W7$

WindowsXP domain PCs still work just fine with this configuration.

What have I done wrong, please?

Many thanks,

Berni


More information about the samba mailing list