[Samba] Samba PDC

TAKAHASHI Motonobu monyo at monyo.com
Thu Jan 13 10:07:09 MST 2011


2011/1/14 TAKAHASHI Motonobu <monyo at monyo.com>:
> 2011/1/13 Robert Fitzpatrick <lists at webtent.net>:
>>> If your Samba's version is 3.3.2 - 3.3.4, then the additional settings
>>> below are needed:
>>>
>>>        HKLM\System\CCS\Services\Netlogon\Parameters
>>>            DWORD  RequireSignOrSeal = 0
>>>            DWORD  RequireStrongKey = 0
>>>
>>
>> I am using Samba 3.5.6 and the registry entries above are as you show
>> currently.
>
> As I mentioned,
>
> -----
> If your Samba's version is 3.3.5 - and the registries above are set,
> remove them and try again.
> -----
>
> You must set these 2 entries below:
>
> -----
>        HKLM\System\CCS\Services\LanmanWorkstation\Parameters
>            DWORD  DomainCompatibilityMode = 1
>            DWORD  DNSNameResolutionRequired = 0
> -----
>
> You must not set these 2 entries below:
>
> -----
>            DWORD  RequireSignOrSeal = 0
>            DWORD  RequireStrongKey = 0
> -----
>
> In my knowledge, your error messages:
>
> [2011/01/13 09:24:48.031223,  0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client COLUMBUS-LAPTOP machine account
> COLUMBUS-LAPTOP$
>
> occurs if you do not correctly set these 4 entries.
> If you still have problem, I recommend to examine with simple settings
> (not to use LDAP) like:
>
> -----
> [global]
>   workgroup = WEBTENT
>  domain logons = yes
>  add machine script = useradd %u
>
> [homes]
>  writeable = yes
>  browseable = no
> -----
>
> If your Windows 7 can join to Samba domain with the settings above, at
> least you could know that
> Windows 7 registries are correctly set.

Sorry, under FreeBSD, use

-----
  add machine script = /usr/sbin/pw useradd %u
-----

instead of

-----
  add machine script = useradd %u
-----

---
TAKAHASHI Motonobu <monyo at samba.gr.jp>


More information about the samba mailing list