[Samba] windows 7 clients complain that the trust relationship with the server has failed

Strong, Steve sstrong at mtmercy.edu
Fri Jul 22 12:45:38 MDT 2011

I'm running my samba 3.5.9 server on CentOS 5.x.  Windows 7 clients can add themselves to the domain, and local users on the client can map network drives (even ones they don't have access to and modify the contents!!!) and net view and net use commands work, but give the user too much access.  XP clients can add themselves to the domain, authenticate users correctly and apply correct access rules to shared directories on the server.

I know this is a known issue and I've found several reputable sites on the web that suggest making the same set of changes to the Windows 7 registry:

            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

            DWORD  RequireSignOnSeal = 0
            DWORD  RequireStrongKey = 0

below is my smb.conf file (and thanks!)


ps: I'm also open to general advise regarding my samba configuration...

#======================= Global Settings =====================================


   workgroup = cs.mtmercy.edu
                server string = Mount Mercy CS Lab Samba Server -- Version = %v
                netbios name = GRACE

                log file = /var/log/samba/%m.log             ;not in original version
                max log size = 50                                              ;not in original version

                passdb backend = tdbsam
                security = user
                interfaces = lo eth0
                hosts allow = 127. 10.9.
                encrypt passwords = yes

                add user script = /usr/sbin/useradd -m %u
                delete user script = /usr/sbin/userdel -r %u
                add group script = /usr/sbin/groupadd %g
                delete group script = /usr/sbin/groupdel %g
                add user to group script = /usr/sbin/usermod -G %g %u
                add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -g machines %u

                logon drive = H:
                domain logons = yes
                os level = 255
                preferred master = yes
                domain master = yes
                local master = yes

#======================= Share Definitions =====================================

   password server = grace.cs.mtmercy.edu
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = false

                comment = network logon service
                path = /var/lib/samba/netlogon/scripts
                browseable = No
                read only = No

                comment = Roaming Profile Share
                path = /usr/lib/samba/profiles
                read only = No
                browseable = No
                guest ok = Yes
                profile acls = Yes

                comment = home directories
                browseable = no
                writeable = yes

                comment = all printers
                path = /usr/spool/samba
                printable = yes
                browseable = yes
                guest ok = yes
                writable = no
                printable = yes

                comment = read only directory for cs resources
                path = /usr/share/common
                public = yes
                writeable = no
                printable = no
                write list = @faculty, @csfaculty

More information about the samba mailing list