[Samba] Samba PDC

Daniel Müller mueller at tropenklinik.de
Thu Jan 13 23:55:14 MST 2011 

For some reasons and tried it many times. I did not have any problems
joining windows 7 with samba 3.2.15 and up with:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Para
meters] 
"DomainCompatibilityMode"=dword:00000001 
"DNSNameResolutionRequired"=dword:00000000 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\] 
“LmCompatibilityLevel”=dword:00000000 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] 
"Update"="no" 
"DisablePasswordChange"=dword:00000000 
"MaximumPasswordAge"=dword:0000001e 
"RequireSignOrSeal"=dword:00000001 
"RequireStrongKey"=dword:00000001 
"SealSecureChannel"=dword:00000001 
"SignSecureChannel"=dword:00000001




-----------------------------------------------
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von tms3 at tms3.com
Gesendet: Donnerstag, 13. Januar 2011 18:37
An: TAKAHASHI Motonobu
Cc: Samba; Robert Fitzpatrick
Betreff: Re: [Samba] Samba PDC

2011/1/14 TAKAHASHI Motonobu <monyo at monyo.com>:
>
>>
>> 2011/1/13 Robert Fitzpatrick <lists at webtent.net>:
>>>
>>>>
>>>> If your Samba's version is 3.3.2 - 3.3.4, then the additional settings
>>>> below are needed:
>>>>
>>>>        HKLM\System\CCS\Services\Netlogon\Parameters
>>>>            DWORD  RequireSignOrSeal = 0
>>>>            DWORD  RequireStrongKey = 0
>>>>
>>>
>>> I am using Samba 3.5.6 and the registry entries above are as you show
>>> currently.
>>
>> As I mentioned,
>>
>> -----
>> If your Samba's version is 3.3.5 - and the registries above are set,
>> remove them and try again.
>> -----
>>
>> You must set these 2 entries below:
>>
>> -----
>>        HKLM\System\CCS\Services\LanmanWorkstation\Parameters
>>            DWORD  DomainCompatibilityMode = 1
>>            DWORD  DNSNameResolutionRequired = 0
>> -----
>>
>> You must not set these 2 entries below:
>>
>> -----
>>            DWORD  RequireSignOrSeal = 0
>>            DWORD  RequireStrongKey = 0
>> -----
>>
>> In my knowledge, your error messages:
>>
>> [2011/01/13 09:24:48.031223,  0]
>> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>>  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
>> Rejecting auth request from client COLUMBUS-LAPTOP machine account
>> COLUMBUS-LAPTOP$
>>
>> occurs if you do not correctly set these 4 entries.
>> If you still have problem, I recommend to examine with simple settings
>> (not to use LDAP) like:
>>
>> -----
>> [global]
>>   workgroup = WEBTENT
>>  domain logons = yes
>>  add machine script = useradd %u
>>
>> [homes]
>>  writeable = yes
>>  browseable = no
>> -----
>>
>> If your Windows 7 can join to Samba domain with the settings above, at
>> least you could know that
>> Windows 7 registries are correctly set.
>
> Sorry, under FreeBSD, use
>
> -----
>    add machine script = /usr/sbin/pw useradd %u

For smbldap-tools
add machine script = /usr/local/sbin/smbldap-useradd -W '%u'
>
>
> -----
>
> instead of
>
> -----
>    add machine script = useradd %u
> -----
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list