[Samba] Machine account reject - additional troubleshooting
Martin Hochreiter
linuxbox at wavenet.at
Sun Sep 12 10:53:08 MDT 2010
knows more about that windows 7 - samba 3.5.4 - ldap problem
> than pleaaassse state something...
>
> Hi Martin,
>
> I'm afraid that I don't any information to offer you. But I want to add
> that our setup is very similar to yours. Samba DC with an OpenLDAP
> backend (except our version of Samba is 3.4.8). Client machines are a mix
> of Windows XP and Windows 7. And we are seeing the same error messages in
> the logs. Your comment regarding changing the domain admin username and
> password is troubling. I'll have to see if we have the same issue on
> Monday.
>
> -Bryan
>
>
>
Hello Brian!
Thats one of my big problems with that issue of windows7 and samba - no
one has really at least a good explanation
whats happening here ..
(Unfortunately it is not the the only problem with win 7 - roaming
profile behaviour makes me cracy ... but that is another story)
I don't really know the consequences of the machine recjects - the users
can work normally, what
I do see is that sometimes domain admin password changes are not
propagated to that machines
and that the windows 7 firewall is not recognizing the net as "Domain
network".
I think that the machine password change (the automatic change) failure
- clients loose there trustship
- can have to do with that problem.
But thats "all" impactes, beside the fact that the machine is not in the
domain because the controller refuses it.
I will try to play around with the "LAN Manager authentication level"
and "Minium session security for NTLM SSP"
tomorrow (http://www.tomshardware.com/forum/75-63-windows-samba-issue) -
maybe these two GP settings
have an impact on that.
(My last suspision is, that win7 is doing the machine authentication in
a different [encryption)] way as the XP machine are doing
that as XP machines do not have that problem)
The other thing is, that I had a little conversation with Greg Dickie
who is running obviously the same setting as I do
and he solved the problems by simply making the ldap client entries
visible to the linux system as normal users
(getent passwd) ... but I do have this settings since I am using samba-ldap.
Second story is that I read a few times on some boards in the net, that
this issue maybe related to samba-ldap
combinations only - what make me think that something is wrong about
the way passwords are stored in ldap.
So, enough of my thoughts to that problem - maybe my ideas to that could
help someone leading us to
solve that problem
regards
Martin
More information about the samba
mailing list