[Samba] Samba PDC

tms3 at tms3.com tms3 at tms3.com
Thu Jan 13 10:36:41 MST 2011 

2011/1/14 TAKAHASHI Motonobu <monyo at monyo.com>:
>
>>
>> 2011/1/13 Robert Fitzpatrick <lists at webtent.net>:
>>>
>>>>
>>>> If your Samba's version is 3.3.2 - 3.3.4, then the additional settings
>>>> below are needed:
>>>>
>>>>        HKLM\System\CCS\Services\Netlogon\Parameters
>>>>            DWORD  RequireSignOrSeal = 0
>>>>            DWORD  RequireStrongKey = 0
>>>>
>>>
>>> I am using Samba 3.5.6 and the registry entries above are as you show
>>> currently.
>>
>> As I mentioned,
>>
>> -----
>> If your Samba's version is 3.3.5 - and the registries above are set,
>> remove them and try again.
>> -----
>>
>> You must set these 2 entries below:
>>
>> -----
>>        HKLM\System\CCS\Services\LanmanWorkstation\Parameters
>>            DWORD  DomainCompatibilityMode = 1
>>            DWORD  DNSNameResolutionRequired = 0
>> -----
>>
>> You must not set these 2 entries below:
>>
>> -----
>>            DWORD  RequireSignOrSeal = 0
>>            DWORD  RequireStrongKey = 0
>> -----
>>
>> In my knowledge, your error messages:
>>
>> [2011/01/13 09:24:48.031223,  0]
>> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>>  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
>> Rejecting auth request from client COLUMBUS-LAPTOP machine account
>> COLUMBUS-LAPTOP$
>>
>> occurs if you do not correctly set these 4 entries.
>> If you still have problem, I recommend to examine with simple settings
>> (not to use LDAP) like:
>>
>> -----
>> [global]
>>   workgroup = WEBTENT
>>  domain logons = yes
>>  add machine script = useradd %u
>>
>> [homes]
>>  writeable = yes
>>  browseable = no
>> -----
>>
>> If your Windows 7 can join to Samba domain with the settings above, at
>> least you could know that
>> Windows 7 registries are correctly set.
>
> Sorry, under FreeBSD, use
>
> -----
>    add machine script = /usr/sbin/pw useradd %u

For smbldap-tools
add machine script = /usr/local/sbin/smbldap-useradd -W '%u'
>
>
> -----
>
> instead of
>
> -----
>    add machine script = useradd %u
> -----
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list