[Samba] Problems connecting win7 client to new Samba PDC

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Aug 9 08:58:06 MDT 2012 

that looks OK.

You should not need a login script defined for a computer account.

Are you able to login as the Domain Administrator?

Are your group mappings correct?   I ask because it may be that the
"Domain Users" is not properly recognized as a member of the "Users"
group on the PC.  Can you login as the domain (or local) admins and
explicitly add domain users and domain groups to a local group?



On 08/09/12 10:37, Brandon wrote:
> > did you make the appropriate registry changes on Win 7 as per
> > http://wiki.samba.org/index.php/Windows7
>
> Yes, I've downloaded the 3.6.3 script and ran it on the client, as
> well as manually checked that the settings were only the two described
> in the wiki article
>
> > Have you tried adding a machine account for your CLIENTPC
> > i.e.  #> pdbedit -a -m -u CLIENTPC
>
> Yes, I let the account be auto-generated when connecting to the
> domain.  I should have specified that there are other users I didn't
> include in the print out.  Here is the machine account from pdbedit
> (note that I changed the logon script in smb.conf from .cmd to .bat a
> few minutes ago, and the update can be seen here):
>
> ---------------
> Unix username:        CLIENTPC$
> NT username:
> Account Flags:        [W          ]
> User SID:             S-1-5-21-2762049607-2166809996-183419993-1001
> Primary Group SID:    S-1-5-21-2762049607-2166809996-183419993-513
> Full Name:            CLIENTPC$
> Home Directory:
> HomeDir Drive:
> Logon Script:         logon.bat
> Profile Path:
> Domain:               MYWORKGROUP
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Wed, 06 Feb 2036 10:06:39 EST
> Kickoff time:         Wed, 06 Feb 2036 10:06:39 EST
> Password last set:    Wed, 08 Aug 2012 13:44:36 EDT
> Password can change:  Wed, 08 Aug 2012 13:44:36 EDT
> Password must change: never
> Last bad password   : 0
> Bad password count  : 0
> Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
> ---------------
>
> Also, I've got a bit more information from the log.CLIENTPC:
>
> [2012/08/09 10:14:56.686577,  0]
> rpc_server/srv_pipe.c:500(pipe_schannel_auth_bind)
>   pipe_schannel_auth_bind: Attempt to bind using schannel without
> successful serverauth2
> [2012/08/09 10:14:56.794994,  0]
> rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client CLIENTPC machine account CLIENTPC$
>
>
> There are also a number of windows events:
>
> --- begin windows events paste ---
> The winlogon notification subscriber <Profiles> failed a critical
> notification event.
> Windows cannot copy file C:\Users\Default\NTUSER.DAT to location
> C:\Users\myadmin\NTUSER.DAT. This error may be caused by network
> problems or insufficient security rights.
> Windows cannot copy file \\?\C:\Users\Default\Videos to location
> \\?\C:\Users\myadmin\Videos. This error may be caused by network
> problems or insufficient security rights.
> Windows cannot copy file \\?\C:\Users\Default\Saved Games to location
> \\?\C:\Users\myadmin\Saved Games. This error may be caused by network
> problems or insufficient security rights.
> <Note: To keep e-mail shorter I won't paste them all, but the last
> events repeat with a bunch of similar directories>
> There are too many profile copy errors. Refer to the previous events
> for details. Windows will not log any additional copy errors for this
> copy process.
> Windows cannot find the local profile and is logging you on with a
> temporary profile. Changes you make to this profile will be lost when
> you log off.
> Windows cannot copy file C:\Users\Default\NTUSER.DAT to location
> C:\Users\TEMP.MYWORKGROUP\NTUSER.DAT. This error may be caused by
> network problems or insufficient security rights.
> <Note: This last event again repeats with a number of similar
> directories>
> There are too many profile copy errors. Refer to the previous events
> for details. Windows will not log any additional copy errors for this
> copy process.
> Windows cannot log you on because your profile cannot be loaded. Check
> that you are connected to the network, and that your network is
> functioning correctly.
> The winlogon notification subscriber <Sens> failed a notification event.
> --- end windows events paste ---
>
>
>
>
>
>

More information about the samba mailing list