[Samba] Windows 7 and a Samba PDC? Fixed by magic

Martin Hochreiter linuxbox at wavenet.at
Mon Sep 13 23:56:59 MDT 2010


  Am 2010-09-13 20:31, schrieb Berni Elbourn:
> I don't believe this! Suddenly Domain users can login again. Roaming 
> profiles, login scripts, mapped drives the lot.
>
> I still see the same errors in the logs:
>
> [2010/09/13 18:49:43,  0] 
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. 
> Rejecting auth request from client W7 machine account W7$
> <snip>
> [2010/09/13 18:50:14,  1] smbd/vfs.c:932(check_reduced_name)
>   reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
> <snip>
>
> Seems Windows 7 is a bit fragile. :-( And just to be sure I have 
> removed and re-added the system to the domain  - still works. I could 
> cry!
>
> Berni
>
Hello Berni!

The "netr_ServerAuthenticate3" message does not affect a domain users 
login (i am searching for a solution concerning the machine
reject problem".
When you have followed the samba - windows 7 - wiki (the registry 
entries) then windows 7 domain users should have no problem
logging on and (if correctly configured) accessing the servers share.

Some thoughts to your problem:
I learned that sometimes windows 7 is "loosing" this settings.

HKLM\System\CCS\Services\Netlogon\Parameters
            DWORD  RequireSignOrSeal = 1
            DWORD  RequireStrongKey = 1


especially the "RequireStrongKey" and that leads to a loss of the trustship.

Additionally windows 7 is acting very strange when using roaming profiles.
We have XX machines where user x can logon without any problems with its 
roaming profile
and then suddenly 1 or 2 machines refusing the profile.
(you see in the samba log, that win7 is completely fetching the files of 
the profile and then
it decides not to use them and refuses the profile) - you can solve that 
be completely discarding
the users information on that machine (deleting the cached profile 
files, deleting everything in
the registry with the username of the user AND delete everything with 
the users full SID in it)

regards
Martin



More information about the samba mailing list