Solved

unable to  join windows7 professional to samba domain

Posted on 2011-03-22
24
1,508 Views
Last Modified: 2012-05-11
Dear Experts:

I have configured the centos linux  as local name server and samba domain controller able to connect allt he windows xp pro to samba domain. for windows 7 pro did the following
in the registry:
KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

then was able to connect but got the belwo message
"Changing the Primary Domain DNS name of this computer to "" failed.
    The name will remain "MYDOM".  The error was:
   
    The specified domain either does not exist or could not be contacted"
-----------------------------------------------------------

for this downladed the hot fix patch from microsoft and installed but now when enter domain username and password iam getting the following error message:
" Trust relationship between this work station and primary domain failed"
Due to this iam unable to log please please help me to fix this. Thanks in advance.

for your reference :samba-3.0.33-3.29.el5_5.1 is installed.
Please help.






0
Comment
Question by:D_wathi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 10
24 Comments
 
LVL 4

Expert Comment

by:booster49
ID: 35187821
Did you install this hotfix?
If so, try rejoining the domain, and recreating the user on the DC.
0
 

Author Comment

by:D_wathi
ID: 35187861
Sir, please suggest me , before trying to join the windows 7 pro to domain is it recommed to to install the hotfix the rboot and then try joining to domain. mean while will check in another windows 7 pro.
0
 
LVL 4

Expert Comment

by:booster49
ID: 35187903
Yes first install the hotfix then reboot.

If that doesn't work: check if your DNS settings are correct, your primary DNS on the workstation should be pointing to the servers own IP address. Also confirm if your gateway settings are pointing to either your router, firewall or server. If this is configured correctly and the problem persists try this:

go to the network properties on each workstation that doesn't work, then change the domain to a workgroup, call the workgroup anything. Click OK to confirm and when the computer say welcome the the workgroup change the settings back to the Domain. (you don't have to reboot the computer everytime after changing domain/workgroup settings)
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:D_wathi
ID: 35188015
Sir, Thank you very much for the reply. i took new windows 7 professional
1, installed the hot fix.
2 done the below changes.
 KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

without any error got joined to the domain after restart when try to login. by issuing the domain username and password iam getting the below messge
" Trust relationship between this work station and primary domain failed"

Please help.
0
 

Author Comment

by:D_wathi
ID: 35188467
also i captured the log from the linux server of windows7 attempting to connect, posted below please help:

[2011/03/22 15:56:21, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:26:59, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:27:10, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:28:27, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:28:40, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
-------------------------------------------------------------
Please help me to fix the error
" Trust relationship between this work station and primary domain failed"

Thanks .
0
 
LVL 4

Expert Comment

by:booster49
ID: 35188958
Try adding the following line in the smb.conf file:
smb ports = 139
0
 

Author Comment

by:D_wathi
ID: 35189087
SIr, was just waiting for somebody to help me. Thanks for thee reply will try this and get back. Thanks once again.will check now and update.
0
 

Author Comment

by:D_wathi
ID: 35189133
SIr, i tried adding  smb ports = 139  and restarting the smb services still the same message :
Trust relationship between this work station and primary domain failed

Please help
0
 

Author Comment

by:D_wathi
ID: 35189167
please find the log:
Mar 22 18:21:21 srv1 smbd[13109]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:24:13 srv1 smbd[13158]: [2011/03/22 18:24:13, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:24:13 srv1 smbd[13158]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:26:00 srv1 smbd[13188]: [2011/03/22 18:26:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:26:00 srv1 smbd[13188]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$


0
 
LVL 4

Expert Comment

by:booster49
ID: 35189195
Also add the following lines to the conf file:

client ntlmv2 auth = yes
ntlm auth = Yes
0
 

Author Comment

by:D_wathi
ID: 35189280
Sir, thanks for the reply. still the same  error but differnt log report:
Mar 22 18:36:01 srv1 smbd[13407]: [2011/03/22 18:36:01, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:36:01 srv1 smbd[13407]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$

Please help
0
 

Author Comment

by:D_wathi
ID: 35189453
Also done the below changes

Local Policies - Security Options

Network security: LAN Manager authentication level
Send LM & NTLM responses

Minimum session security for NTLM SSP
Disable Require 128-bit encryption

Still the same message, please help
0
 
LVL 4

Expert Comment

by:booster49
ID: 35190609
Can you please post the entire smb.conf?
0
 

Author Comment

by:D_wathi
ID: 35190884
attached the smb.conf for your refernce . Please help
smb.txt
0
 

Author Comment

by:D_wathi
ID: 35191206
Attached the smb.con in the previous post please help , i tried with the the following
from the local administrator account run command: \\192.168.1.250\root
it prompted me the user name and password when entered, the share is accessible. but this is not the correct method please help me to fix this so that domain user are able to login successfully without get the error " Trust relationship between this work station and primary domain failed"

Thanks
0
 
LVL 4

Expert Comment

by:booster49
ID: 35191539
smb ports = 139 445
445 should also be added
I suppose you have opened the appropriate ports in the firewall?
0
 

Author Comment

by:D_wathi
ID: 35191637
as per your post added 139 and 445 both in smb.conf still the same message also firewall is disabled. Please help
0
 

Author Comment

by:D_wathi
ID: 35191653
/var/logmessage after adding the 139 and 445 ports
[2011/03/22 22:19:07, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 22:19:07 srv1 smbd[16369]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP11 machine account COMP11$
0
 
LVL 4

Expert Comment

by:booster49
ID: 35191874
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000

The above need to be added to allow the join to work. Then find the key below and set those values to 0.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:00000000
“RequireStrongKey”=dword:00000000
0
 
LVL 4

Expert Comment

by:booster49
ID: 35192456
Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions:

    Samba 3.4
    Samba 3.3

So u'll have to upgrade your version of samba.
0
 

Author Comment

by:D_wathi
ID: 35198699
Sir, thank you very much after upgrading to the samba 3.4 it worked . Thanks once again.
0
 
LVL 4

Accepted Solution

by:
booster49 earned 500 total points
ID: 35198938
U might wanna use the following configuration to improve the login speed and stability:

       echo 'Windows Registry Editor Version 5.00
       
       ; Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
       
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
       
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj

Open in new window

0
 

Author Comment

by:D_wathi
ID: 35199103
Sir. Thank you very much. can you please tell me how to do this

should go tot registry and do -----------------------------
 Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
-------------------------------------------------------------------------------------------------------------
for this should go to registry and do      
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
--------------------------------------------------------------------------------------------------------------------------------
 this   should go to registry and do
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
for here i do not understand please help me
--------------------------------------
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj
0
 
LVL 4

Expert Comment

by:booster49
ID: 35199366
It's a set of tweaks they probably need to be adapter in order to work with your server/clients.
If you dont know how to apply them its probably not wise to mess with these settings.

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question