Solved

unable to  join windows7 professional to samba domain

Posted on 2011-03-22
24
1,479 Views
Last Modified: 2012-05-11
Dear Experts:

I have configured the centos linux  as local name server and samba domain controller able to connect allt he windows xp pro to samba domain. for windows 7 pro did the following
in the registry:
KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

then was able to connect but got the belwo message
"Changing the Primary Domain DNS name of this computer to "" failed.
    The name will remain "MYDOM".  The error was:
   
    The specified domain either does not exist or could not be contacted"
-----------------------------------------------------------

for this downladed the hot fix patch from microsoft and installed but now when enter domain username and password iam getting the following error message:
" Trust relationship between this work station and primary domain failed"
Due to this iam unable to log please please help me to fix this. Thanks in advance.

for your reference :samba-3.0.33-3.29.el5_5.1 is installed.
Please help.






0
Comment
Question by:D_wathi
  • 14
  • 10
24 Comments
 
LVL 4

Expert Comment

by:booster49
Comment Utility
Did you install this hotfix?
If so, try rejoining the domain, and recreating the user on the DC.
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, please suggest me , before trying to join the windows 7 pro to domain is it recommed to to install the hotfix the rboot and then try joining to domain. mean while will check in another windows 7 pro.
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
Yes first install the hotfix then reboot.

If that doesn't work: check if your DNS settings are correct, your primary DNS on the workstation should be pointing to the servers own IP address. Also confirm if your gateway settings are pointing to either your router, firewall or server. If this is configured correctly and the problem persists try this:

go to the network properties on each workstation that doesn't work, then change the domain to a workgroup, call the workgroup anything. Click OK to confirm and when the computer say welcome the the workgroup change the settings back to the Domain. (you don't have to reboot the computer everytime after changing domain/workgroup settings)
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, Thank you very much for the reply. i took new windows 7 professional
1, installed the hot fix.
2 done the below changes.
 KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

without any error got joined to the domain after restart when try to login. by issuing the domain username and password iam getting the below messge
" Trust relationship between this work station and primary domain failed"

Please help.
0
 

Author Comment

by:D_wathi
Comment Utility
also i captured the log from the linux server of windows7 attempting to connect, posted below please help:

[2011/03/22 15:56:21, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:26:59, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:27:10, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:28:27, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:28:40, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
-------------------------------------------------------------
Please help me to fix the error
" Trust relationship between this work station and primary domain failed"

Thanks .
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
Try adding the following line in the smb.conf file:
smb ports = 139
0
 

Author Comment

by:D_wathi
Comment Utility
SIr, was just waiting for somebody to help me. Thanks for thee reply will try this and get back. Thanks once again.will check now and update.
0
 

Author Comment

by:D_wathi
Comment Utility
SIr, i tried adding  smb ports = 139  and restarting the smb services still the same message :
Trust relationship between this work station and primary domain failed

Please help
0
 

Author Comment

by:D_wathi
Comment Utility
please find the log:
Mar 22 18:21:21 srv1 smbd[13109]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:24:13 srv1 smbd[13158]: [2011/03/22 18:24:13, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:24:13 srv1 smbd[13158]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:26:00 srv1 smbd[13188]: [2011/03/22 18:26:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:26:00 srv1 smbd[13188]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$


0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
Also add the following lines to the conf file:

client ntlmv2 auth = yes
ntlm auth = Yes
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, thanks for the reply. still the same  error but differnt log report:
Mar 22 18:36:01 srv1 smbd[13407]: [2011/03/22 18:36:01, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:36:01 srv1 smbd[13407]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$

Please help
0
 

Author Comment

by:D_wathi
Comment Utility
Also done the below changes

Local Policies - Security Options

Network security: LAN Manager authentication level
Send LM & NTLM responses

Minimum session security for NTLM SSP
Disable Require 128-bit encryption

Still the same message, please help
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Expert Comment

by:booster49
Comment Utility
Can you please post the entire smb.conf?
0
 

Author Comment

by:D_wathi
Comment Utility
attached the smb.conf for your refernce . Please help
smb.txt
0
 

Author Comment

by:D_wathi
Comment Utility
Attached the smb.con in the previous post please help , i tried with the the following
from the local administrator account run command: \\192.168.1.250\root
it prompted me the user name and password when entered, the share is accessible. but this is not the correct method please help me to fix this so that domain user are able to login successfully without get the error " Trust relationship between this work station and primary domain failed"

Thanks
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
smb ports = 139 445
445 should also be added
I suppose you have opened the appropriate ports in the firewall?
0
 

Author Comment

by:D_wathi
Comment Utility
as per your post added 139 and 445 both in smb.conf still the same message also firewall is disabled. Please help
0
 

Author Comment

by:D_wathi
Comment Utility
/var/logmessage after adding the 139 and 445 ports
[2011/03/22 22:19:07, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 22:19:07 srv1 smbd[16369]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP11 machine account COMP11$
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000

The above need to be added to allow the join to work. Then find the key below and set those values to 0.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:00000000
“RequireStrongKey”=dword:00000000
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions:

    Samba 3.4
    Samba 3.3

So u'll have to upgrade your version of samba.
0
 

Author Comment

by:D_wathi
Comment Utility
Sir, thank you very much after upgrading to the samba 3.4 it worked . Thanks once again.
0
 
LVL 4

Accepted Solution

by:
booster49 earned 500 total points
Comment Utility
U might wanna use the following configuration to improve the login speed and stability:

       echo 'Windows Registry Editor Version 5.00
       
       ; Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
       
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
       
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj

Open in new window

0
 

Author Comment

by:D_wathi
Comment Utility
Sir. Thank you very much. can you please tell me how to do this

should go tot registry and do -----------------------------
 Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
-------------------------------------------------------------------------------------------------------------
for this should go to registry and do      
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
--------------------------------------------------------------------------------------------------------------------------------
 this   should go to registry and do
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
for here i do not understand please help me
--------------------------------------
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj
0
 
LVL 4

Expert Comment

by:booster49
Comment Utility
It's a set of tweaks they probably need to be adapter in order to work with your server/clients.
If you dont know how to apply them its probably not wise to mess with these settings.

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

By now, it is common knowledge that Windows 7 has been successfully been able to live up to the hype of being touted as Microsoft’s most anticipated O.S. ever. This latest 2010 Windows release builds up on its predecessor’s positives, adding new…
One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now