[Samba] windows 7 clients complain that the trust relationship with the server has failed
Strong, Steve
sstrong at mtmercy.edu
Fri Jul 22 12:45:38 MDT 2011
I'm running my samba 3.5.9 server on CentOS 5.x. Windows 7 clients can add themselves to the domain, and local users on the client can map network drives (even ones they don't have access to and modify the contents!!!) and net view and net use commands work, but give the user too much access. XP clients can add themselves to the domain, authenticate users correctly and apply correct access rules to shared directories on the server.
I know this is a known issue and I've found several reputable sites on the web that suggest making the same set of changes to the Windows 7 registry:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
HKLM\System\CCS\Services\Netlogon\Parameters
DWORD RequireSignOnSeal = 0
DWORD RequireStrongKey = 0
below is my smb.conf file (and thanks!)
steve
ps: I'm also open to general advise regarding my samba configuration...
#======================= Global Settings =====================================
[global]
workgroup = cs.mtmercy.edu
server string = Mount Mercy CS Lab Samba Server -- Version = %v
netbios name = GRACE
log file = /var/log/samba/%m.log ;not in original version
max log size = 50 ;not in original version
passdb backend = tdbsam
security = user
interfaces = lo eth0 10.9.1.6/21
hosts allow = 127. 10.9.
encrypt passwords = yes
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -g machines %u
logon drive = H:
domain logons = yes
os level = 255
preferred master = yes
domain master = yes
local master = yes
#======================= Share Definitions =====================================
password server = grace.cs.mtmercy.edu
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = false
[netlogon]
comment = network logon service
path = /var/lib/samba/netlogon/scripts
browseable = No
read only = No
[Profiles]
comment = Roaming Profile Share
path = /usr/lib/samba/profiles
read only = No
browseable = No
guest ok = Yes
profile acls = Yes
[homes]
comment = home directories
browseable = no
writeable = yes
[printers]
comment = all printers
path = /usr/spool/samba
printable = yes
browseable = yes
guest ok = yes
writable = no
printable = yes
[common]
comment = read only directory for cs resources
path = /usr/share/common
public = yes
writeable = no
printable = no
write list = @faculty, @csfaculty
More information about the samba
mailing list