[Samba] trust relationship between this workstation and the primary domain failed
clinton propst
clintonpropst at yahoo.com
Thu Apr 19 08:40:31 MDT 2012
Tcpdump from 2008 (works) and XP (not working) are different. I noticed 2008 and windows 7 (working) smbclients keep all SMB traffic between the smbclient and smbserver while XP and 2000 (not working) communicate SMB traffic between SMBserver and AD server as well as SMBserver and SMBclient. TCP dump from Samba server below:
2008 (working)
smbclient SMBnegprot (REQUEST) -> smbserver
smbserver SMBnegprot (REPLY) -> smbclient
smbclient SMBsessionsetupX (REQUEST) -> smbserver
smbserver SRV _ldap... and A lookup -> DNS
DNS -> smbserver
smbserver -> AD
AD -> smbserver
smbserver SMBsesssetupX (REPLY) -> smbclient
smbclient SMBtconX (REQUEST) -> smbserver
smbserver SMBtconX (REPLY) -> smbclient
smbclient SMBtrans2 (REQUEST) -> smbserver
smbclient SMBtrans2 (REQUEST) -> smbserver
smbserver SMBtrans2 (REPLY) -> smbclient
smbserver SMBtrans2 (REPLY) -> smbclient
smbclient SMBntcreateX (REQUEST) -> smbserver
smbserver SMBntcreateX (REPLY) -> smbclient
smbserver SMBwriteX (REQUEST) -> smbclient
smbserver SMBwriteX (REPLY) -> smbclient
smbclient SMBreadx (REQUEST) -> smbserver
smbserver SMBntcreateX (REPLY) -> smbclient
smbclient SMBclose (REQUEST) -> smbserver
smbserver SMBclose (REPLY) -> smbclient
XP (Not working)
smbclient SMBnegprot (REQUEST) -> smbserver
smbserver SMBnegprot (REPLY) -> smbclient
smbclient SMBsessionsetupX (REQUEST) -> smbserver
smbserver SRV _ldap... and A lookup -> DNS
DNS -> smbserver
smbserver -> AD
AD -> smbserver
smbserver SMBnegprot (REQUEST) -> AD
AD SMBnegprot (REPLY) -> smbserver
smbserver SMBsessionsetupX (REQUEST) -> AD
AD SMBsessionsetupX (REPLY) -> smbserver
smbserver SMBtconX (REQUEST) -> AD
AD SMBtconX (REPLY) -> smbserver
smbserver SMBntcreateX (REQUEST) -> AD
AD SMBntcreateX (REPLY) -> smbserver
smbserver SMBtdis (REQUEST) -> AD
AD SMBtdis (REPLY) -> smbserver
smbserver SMBnegprot (REQUEST) -> AD
AD SMBnegprot (REPLY) -> smbserver
smbserver SMBsessionsetupX (REQUEST) -> AD
AD SMBsessionsetupX (REPLY) -> smbserver
smbserver SMBtconX (REQUEST) -> AD
AD SMBtconX (REPLY) -> smbserver
smbserver SMBntcreateX (REQUEST) -> AD
AD SMBntcreateX (REPLY) -> smbserver
smbserver SMBtdis (REQUEST) -> AD
AD SMBtdis (REPLY) -> smbserver
smbserver SMBsesssetupX (REPLY) -> smbclient.menandmice-lpm
smbclient.univ-appserver -> smbserver.http
smbserver.http -> smbclient.univ-appserver
smbclient.univ-appserver -> smbserver.http
smbserver.http -> smbclient.univ-appserver
--- On Tue, 4/17/12, clinton propst <clintonpropst at yahoo.com> wrote:
From: clinton propst <clintonpropst at yahoo.com>
Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed
To: "Ivan Ordonez" <iordonez at berkeley.edu>
Date: Tuesday, April 17, 2012, 2:19 PM
Ivan,
XP and 2000 Servers LAN MAN was set to LM & NTLM. I reset an XP node to 'Send NTLMv2 response only\refuse LM & NTLM' and reboot and receive the same errors. Searching through tcpdump of failed attempt.
Clinton
--- On Tue, 4/10/12, Ivan Ordonez <iordonez at berkeley.edu> wrote:
From: Ivan Ordonez <iordonez at berkeley.edu>
Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed
To: "clinton propst" <clintonpropst at yahoo.com>
Date: Tuesday, April 10, 2012, 5:41 PM
I believe the LAN MAN authentication level should be set to this.
Send NTLMv2 response only\refuse LM & NTLM
On 4/10/2012 2:25 PM, clinton propst wrote:
Thanks for the
Reply. All of our smb clients (windows 7, server 2000,
server 2008, xp) are set to require NTLMv2 and 128 bit
encryption. The windows 7 and server 2008 work fine. Do
you think we should try setting xp and 2000 nodes to
NTLMv1?
Thanks,
Clinton
--- On Tue, 4/10/12, Ivan Ordonez <iordonez at berkeley.edu>
wrote:
From: Ivan Ordonez <iordonez at berkeley.edu>
Subject: Re: [Samba] trust relationship between this
workstation and the primary domain failed
To: "clinton propst" <clintonpropst at yahoo.com>
Date: Tuesday, April 10, 2012, 2:36 PM
Have you try changing the NTLM
authentication level?
On 4/10/2012 9:17 AM, clinton propst wrote:
> Still not working after readding machines to the
domain. Errors are the same as originally posted in
/var/log/messages.
>
>
> --- On Tue, 4/10/12, John Drescher<drescherjm at gmail.com>
wrote:
>
> From: John Drescher<drescherjm at gmail.com>
> Subject: Re: [Samba] trust relationship between
this workstation and the primary domain failed
> To: "clinton propst"<clintonpropst at yahoo.com>
> Cc: samba at lists.samba.org
> Date: Tuesday, April 10, 2012, 9:09 AM
>
>
>
> On Tue, Apr 10, 2012 at 9:46 AM, clinton
propst<clintonpropst at yahoo.com>
wrote:
>
>
> Thannks for the reply. Set the the reg key below
and rebooted. Issue still not resolved. From reading
that post it looks like that was a fix for windows 7.
Our windows 7 workstations and server 2008 can access
samba shares, but xp and server 2000 cannot.
>
>
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
> DisablePasswordChange = dword:1
>
> You have to re add all machines affected machines
to the domain.
>
>
> John
>
More information about the samba
mailing list