[Samba] Problems Windows 7 64 Bit joining a Samba + Ldap domain
Claudio Prono
claudio.prono at atpss.net
Wed Sep 29 09:09:56 MDT 2010
Hello all,
I am doing some tests with Windows 7 and a Samba Domain, but into a
working SAMBA domain, where windows XP joins without problems, when i
try with 7 i recieve an error like "The trust relationship between this
workstation and the primary domain failed.". I use OpenSuSE 11.3 with
samba 3.5.4-5.1.2 and openldap 2.4.21-9.1.
My config of samba:
[global]
workgroup = MEDIATEST.LOCAL
netbios name = MEDIADC
map to guest = Bad User
passdb backend = ldapsam:ldap://afs-test.mediaservice-test.pri
log level = 2
printcap name = cups
add user script = /usr/sbin/ldapsmb -a -u "%u" -smbacct
--makehomedir --homedir /home/%u -f
delete user script = /usr/sbin/ldapsmb -d -u "%u" -f
add group script = /usr/sbin/ldapsmb -a -g "%g" -f
delete group script = /usr/sbin/ldapsmb -d -g "%g" -f
add user to group script = /usr/sbin/ldapsmb -j -u "%u" -g "%g" -f
delete user from group script = /usr/sbin/ldapsmb -r -u "%u" -g
"%g" -f
add machine script = "/usr/sbin/ldapsmb -a -i -wks %u -f"
logon path = \\afs\mediaservice-test.pri\users\%U\.msprofile
logon drive = P:
logon home = \\afs\mediaservice-test.pri\%U\.9xprofile
domain logons = Yes
os level = 99
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Administrator,dc=mediaservice-test,dc=pri
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Machines
ldap passwd sync = yes
ldap suffix = dc=mediaservice-test,dc=pri
ldap ssl = no
ldap user suffix = ou=people
usershare allow guests = Yes
idmap backend = ldap:ldap://afs-test.mediaservice-test.pri
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
browseable = No
[profiles]
comment = Network Profiles Service
path = %H
read only = No
create mask = 0600
directory mask = 0700
store dos attributes = Yes
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
I have modified this registry keys on Windows 7 with no luck:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters
DWORD RequireSignOrSeal”= 1
DWORD RequireStrongKey= 1
I have also tried to sync the date and time of the server and the client
with the same timeserver.
Here is the smb log:
[2010/09/29 16:00:12.002747, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/29 16:00:12.050876, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/29 16:00:12.051737, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2010/09/29 16:00:12.055201, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: pasquale-nb$
[2010/09/29 16:00:12.058927, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [PASQUALE-NB$] ->
[PASQUALE-NB$] -> [pasquale-nb$] succeeded
[2010/09/29 16:00:54.035612, 0] lib/util_sock.c:474(read_fd_with_timeout)
[2010/09/29 16:00:54.036172, 0]
lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.
[2010/09/29 16:01:37.612787, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/29 16:01:37.614813, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/29 16:01:37.615403, 2] lib/smbldap.c:950(smbldap_open_connection)
smbldap_open_connection: connection opened
[2010/09/29 16:01:37.628754, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: pasquale-nb$
[2010/09/29 16:01:37.641996, 2]
../libcli/auth/credentials.c:306(netlogon_creds_server_check_internal)
credentials check failed
[2010/09/29 16:01:37.642095, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client PASQUALE-NB machine account PASQUALE-NB$
[2010/09/29 16:01:37.646000, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: pasquale-nb$
[2010/09/29 16:01:37.647148, 2]
../libcli/auth/credentials.c:306(netlogon_creds_server_check_internal)
credentials check failed
[2010/09/29 16:01:37.647215, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client PASQUALE-NB machine account PASQUALE-NB$
If can be useful, when i have added the machine to the domain, i have
got an error with the DNS.
Any help is very appreciated.
Cordially,
Claudio Prono.
--
--------------------------------------------------------------------------------
Claudio Prono OPST
System Developer
Gsm: +39-349-54.33.258
@PSS Srl Tel: +39-011-32.72.100
Via San Bernardino, 17 Fax: +39-011-32.46.497
10141 Torino - ITALY http://atpss.net/disclaimer
--------------------------------------------------------------------------------
PGP Key - http://keys.atpss.net/c_prono.asc
More information about the samba
mailing list