[Samba] Windows 7 and a Samba PDC? Fixed by magic
Martin Hochreiter
linuxbox at wavenet.at
Mon Sep 13 23:56:59 MDT 2010
Am 2010-09-13 20:31, schrieb Berni Elbourn:
> I don't believe this! Suddenly Domain users can login again. Roaming
> profiles, login scripts, mapped drives the lot.
>
> I still see the same errors in the logs:
>
> [2010/09/13 18:49:43, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client W7 machine account W7$
> <snip>
> [2010/09/13 18:50:14, 1] smbd/vfs.c:932(check_reduced_name)
> reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
> <snip>
>
> Seems Windows 7 is a bit fragile. :-( And just to be sure I have
> removed and re-added the system to the domain - still works. I could
> cry!
>
> Berni
>
Hello Berni!
The "netr_ServerAuthenticate3" message does not affect a domain users
login (i am searching for a solution concerning the machine
reject problem".
When you have followed the samba - windows 7 - wiki (the registry
entries) then windows 7 domain users should have no problem
logging on and (if correctly configured) accessing the servers share.
Some thoughts to your problem:
I learned that sometimes windows 7 is "loosing" this settings.
HKLM\System\CCS\Services\Netlogon\Parameters
DWORD RequireSignOrSeal = 1
DWORD RequireStrongKey = 1
especially the "RequireStrongKey" and that leads to a loss of the trustship.
Additionally windows 7 is acting very strange when using roaming profiles.
We have XX machines where user x can logon without any problems with its
roaming profile
and then suddenly 1 or 2 machines refusing the profile.
(you see in the samba log, that win7 is completely fetching the files of
the profile and then
it decides not to use them and refuses the profile) - you can solve that
be completely discarding
the users information on that machine (deleting the cached profile
files, deleting everything in
the registry with the username of the user AND delete everything with
the users full SID in it)
regards
Martin
More information about the samba
mailing list