[Samba] Samba PDC
TAKAHASHI Motonobu
monyo at monyo.com
Thu Jan 13 10:07:09 MST 2011
2011/1/14 TAKAHASHI Motonobu <monyo at monyo.com>:
> 2011/1/13 Robert Fitzpatrick <lists at webtent.net>:
>>> If your Samba's version is 3.3.2 - 3.3.4, then the additional settings
>>> below are needed:
>>>
>>> HKLM\System\CCS\Services\Netlogon\Parameters
>>> DWORD RequireSignOrSeal = 0
>>> DWORD RequireStrongKey = 0
>>>
>>
>> I am using Samba 3.5.6 and the registry entries above are as you show
>> currently.
>
> As I mentioned,
>
> -----
> If your Samba's version is 3.3.5 - and the registries above are set,
> remove them and try again.
> -----
>
> You must set these 2 entries below:
>
> -----
> HKLM\System\CCS\Services\LanmanWorkstation\Parameters
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
> -----
>
> You must not set these 2 entries below:
>
> -----
> DWORD RequireSignOrSeal = 0
> DWORD RequireStrongKey = 0
> -----
>
> In my knowledge, your error messages:
>
> [2011/01/13 09:24:48.031223, 0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client COLUMBUS-LAPTOP machine account
> COLUMBUS-LAPTOP$
>
> occurs if you do not correctly set these 4 entries.
> If you still have problem, I recommend to examine with simple settings
> (not to use LDAP) like:
>
> -----
> [global]
> workgroup = WEBTENT
> domain logons = yes
> add machine script = useradd %u
>
> [homes]
> writeable = yes
> browseable = no
> -----
>
> If your Windows 7 can join to Samba domain with the settings above, at
> least you could know that
> Windows 7 registries are correctly set.
Sorry, under FreeBSD, use
-----
add machine script = /usr/sbin/pw useradd %u
-----
instead of
-----
add machine script = useradd %u
-----
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba
mailing list