[Samba] Samba 3.6.23 and Windows 7

Fri Nov 7 01:52:51 MST 2014

On 07/11/14 05:41, Jeff Workman wrote:
> On 11/5/2014 7:09 AM, Harry Jede wrote:
>> On 13:03:44 wrote Jeff Workman:
>>> I am using a new name and machine account for the new laptop, and
>>> using a test login that has no NTUSER.DAT file yet.   Where else can
>>> I look to see what's going on?
>>>
>>> On 10/30/2014 8:43 PM, Karel Lang AFD wrote:
>>>> Hi,
>>>> i think - the SID of the workstation (laptop) respectively the RID
>>>> part of the SID number has changed due the fact it's new machine.
>>>> And - in your profile, that is stored somewhere at network drive,
>>>> there is somewhere stored NTUSER.DAT file referring still to
>>>> SID-RID of old laptop.
>>>>
>>>> you can compare:
>>>> strings NTUSER.DAT | grep -i S-1-5-21
>>>> with
>>>> pdbedit -Lv machinename
>>>>
>>>> the SID-RID should be same
>>>>
>>>> I had same message after migration and changing/rearraging SID
>>>> numbers for machines.
>>>>
>>>> cheers,
>>>>
>>>> On 10/31/2014 01:04 AM, Jeff Workman wrote:
>>>>> After being content with an old laptop running XP for years, my
>>>>> job decided to provide me with a shiny new one running Windows 7
>>>>> Professional.
>>>>>
>>>>> The biggest problem with this is that I can't get the Windows 7
>>>>> box to login to my Samba NT4-style domain controller. I have
>>>>> upgraded samba from 3.0.33 to 3.6.23, and copied my smbpasswd
>>>>> file to where the new samba expects to find it in
>>>>> /var/samba/lib/private. I've applied the following registry
>>>>> changes to my Windows 7 machine:
>>>>>
>>>>> ; Win7_Samba3DomainMember
>>>>> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkst
>>>>> ation\Parameters]
>>>>>
>>>>>
>>>>> "DNSNameResolutionRequired"=dword:00000000
>>>>> "DomainCompatibilityMode"=dword:00000001
>>>>>
>>>>> ; Speedup settings
>>>>> [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
>>>>> "SlowLinkDetectEnabled"=dword:00000000
>>>>> "DeleteRoamingCache"=dword:00000001
>>>>> "WaitForNetwork"=dword:00000000
>>>>> "CompatibleRUPSecurity"=dword:00000001
>>>>>
>>>>> ; Can drive you nuts
>>>>> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Poli
>>>>> cies\System]
>>>>>
>>>>>
>>>>> "EnableLUA"=dword:00000000
>>>>>
>>>>>
>>>>> What's funny is that I can join the Windows 7 machine to the
>>>>> domain, but just as soon as I reboot and then try to login as a
>>>>> domain user, I get this message:
>>>>>
>>>>> The trust relationship between this workstation and the primary
>>>>> domain failed.
>>>>>
>>>>> I imagine there's something in my smb.conf that I need to change.
>>>>> The only change I made from my old 3.0 smb.conf was I added the
>>>>> following line in the [global] section:
>>>>>
>>>>> passdb backend = smbpasswd
>>>>>
>>>>> What else do I need to do?
>> Do not use smbpasswd as passdb backend !!!
>>
>> Convert your passdb backend to tdbsam and then join your PC again.
>>
>> read
>> man pdbedit
>> for example or search this mailing list.
>>
> Ok I converted to tdbsam, changed my "passdb backend" to tdbsam, then 
> I removed my machine account using pdbedit and re-added it. I tried 
> logging in with a new user account (and therefore no NTUSER.DAT) and I 
> still get the same error.     What else do I need to do?

Can you please post the smb.conf from your NT server.

Rowland