• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1568
  • Last Modified:

unable to join windows7 professional to samba domain

Dear Experts:

I have configured the centos linux  as local name server and samba domain controller able to connect allt he windows xp pro to samba domain. for windows 7 pro did the following
in the registry:
KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

then was able to connect but got the belwo message
"Changing the Primary Domain DNS name of this computer to "" failed.
    The name will remain "MYDOM".  The error was:
   
    The specified domain either does not exist or could not be contacted"
-----------------------------------------------------------

for this downladed the hot fix patch from microsoft and installed but now when enter domain username and password iam getting the following error message:
" Trust relationship between this work station and primary domain failed"
Due to this iam unable to log please please help me to fix this. Thanks in advance.

for your reference :samba-3.0.33-3.29.el5_5.1 is installed.
Please help.






0
D_wathi
Asked:
D_wathi
  • 14
  • 10
1 Solution
 
booster49Commented:
Did you install this hotfix?
If so, try rejoining the domain, and recreating the user on the DC.
0
 
D_wathiAuthor Commented:
Sir, please suggest me , before trying to join the windows 7 pro to domain is it recommed to to install the hotfix the rboot and then try joining to domain. mean while will check in another windows 7 pro.
0
 
booster49Commented:
Yes first install the hotfix then reboot.

If that doesn't work: check if your DNS settings are correct, your primary DNS on the workstation should be pointing to the servers own IP address. Also confirm if your gateway settings are pointing to either your router, firewall or server. If this is configured correctly and the problem persists try this:

go to the network properties on each workstation that doesn't work, then change the domain to a workgroup, call the workgroup anything. Click OK to confirm and when the computer say welcome the the workgroup change the settings back to the Domain. (you don't have to reboot the computer everytime after changing domain/workgroup settings)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
D_wathiAuthor Commented:
Sir, Thank you very much for the reply. i took new windows 7 professional
1, installed the hot fix.
2 done the below changes.
 KLM\System\CCS\Services\LanmanWorkstation\Parameters
            DWORD  DomainCompatibilityMode = 1
            DWORD  DNSNameResolutionRequired = 0

without any error got joined to the domain after restart when try to login. by issuing the domain username and password iam getting the below messge
" Trust relationship between this work station and primary domain failed"

Please help.
0
 
D_wathiAuthor Commented:
also i captured the log from the linux server of windows7 attempting to connect, posted below please help:

[2011/03/22 15:56:21, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:26:59, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:27:10, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
[2011/03/22 16:28:27, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
[2011/03/22 16:28:40, 0] lib/util_sock.c:read_data(534)
  read_data: read failure for 4 bytes to client 192.168.1.9. Error = Connection reset by peer
-------------------------------------------------------------
Please help me to fix the error
" Trust relationship between this work station and primary domain failed"

Thanks .
0
 
booster49Commented:
Try adding the following line in the smb.conf file:
smb ports = 139
0
 
D_wathiAuthor Commented:
SIr, was just waiting for somebody to help me. Thanks for thee reply will try this and get back. Thanks once again.will check now and update.
0
 
D_wathiAuthor Commented:
SIr, i tried adding  smb ports = 139  and restarting the smb services still the same message :
Trust relationship between this work station and primary domain failed

Please help
0
 
D_wathiAuthor Commented:
please find the log:
Mar 22 18:21:21 srv1 smbd[13109]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:24:13 srv1 smbd[13158]: [2011/03/22 18:24:13, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:24:13 srv1 smbd[13158]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$
Mar 22 18:26:00 srv1 smbd[13188]: [2011/03/22 18:26:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:26:00 srv1 smbd[13188]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$


0
 
booster49Commented:
Also add the following lines to the conf file:

client ntlmv2 auth = yes
ntlm auth = Yes
0
 
D_wathiAuthor Commented:
Sir, thanks for the reply. still the same  error but differnt log report:
Mar 22 18:36:01 srv1 smbd[13407]: [2011/03/22 18:36:01, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 18:36:01 srv1 smbd[13407]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP09 machine account COMP09$

Please help
0
 
D_wathiAuthor Commented:
Also done the below changes

Local Policies - Security Options

Network security: LAN Manager authentication level
Send LM & NTLM responses

Minimum session security for NTLM SSP
Disable Require 128-bit encryption

Still the same message, please help
0
 
booster49Commented:
Can you please post the entire smb.conf?
0
 
D_wathiAuthor Commented:
attached the smb.conf for your refernce . Please help
smb.txt
0
 
D_wathiAuthor Commented:
Attached the smb.con in the previous post please help , i tried with the the following
from the local administrator account run command: \\192.168.1.250\root
it prompted me the user name and password when entered, the share is accessible. but this is not the correct method please help me to fix this so that domain user are able to login successfully without get the error " Trust relationship between this work station and primary domain failed"

Thanks
0
 
booster49Commented:
smb ports = 139 445
445 should also be added
I suppose you have opened the appropriate ports in the firewall?
0
 
D_wathiAuthor Commented:
as per your post added 139 and 445 both in smb.conf still the same message also firewall is disabled. Please help
0
 
D_wathiAuthor Commented:
/var/logmessage after adding the 139 and 445 ports
[2011/03/22 22:19:07, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
Mar 22 22:19:07 srv1 smbd[16369]:   _net_auth2: creds_server_check failed. Rejecting auth request from client COMP11 machine account COMP11$
0
 
booster49Commented:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000

The above need to be added to allow the join to work. Then find the key below and set those values to 0.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:00000000
“RequireStrongKey”=dword:00000000
0
 
booster49Commented:
Support for Windows 7 and Windows 2008 using Samba Domain Controllers has been added to the following versions:

    Samba 3.4
    Samba 3.3

So u'll have to upgrade your version of samba.
0
 
D_wathiAuthor Commented:
Sir, thank you very much after upgrading to the samba 3.4 it worked . Thanks once again.
0
 
booster49Commented:
U might wanna use the following configuration to improve the login speed and stability:

       echo 'Windows Registry Editor Version 5.00
       
       ; Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
       
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
       
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj

Open in new window

0
 
D_wathiAuthor Commented:
Sir. Thank you very much. can you please tell me how to do this

should go tot registry and do -----------------------------
 Win7_Samba3DomainMember
       [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
       "DNSNameResolutionRequired"=dword:00000000
       "DomainCompatibilityMode"=dword:00000001
-------------------------------------------------------------------------------------------------------------
for this should go to registry and do      
       ; Speedup settings
       [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
       "SlowLinkDetectEnabled"=dword:00000000
       "DeleteRoamingCache"=dword:00000001
       "WaitForNetwork"=dword:00000000
       "CompatibleRUPSecurity"=dword:00000001
--------------------------------------------------------------------------------------------------------------------------------
 this   should go to registry and do
       ; Can drive you nuts
       [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
       "EnableLUA"=dword:00000000' | tee Win7_Samba3DomainMember_jelledj.reg
       
for here i do not understand please help me
--------------------------------------
       unix2dos Win7_Samba3DomainMember_jelledj.reg

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       c:\"Program Files\Windows Resource Kits\Tools\ntrights.exe" +r SeSystemTimePrivilege -u "Domain Users"
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee SeSystemTimePrivilege_jelledj.bat
       
       unix2dos SeSystemTimePrivilege_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       "C:\Program Files\Mozilla Firefox\firefox.exe" http://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee rktools_jelledj.bat
       
       unix2dos rktools_jelledj.bat

       echo '@echo off
       echo.
       echo WARNING: Do not close this window!!!
       echo.
       NET USE Y: /DELETE
       NET USE Y: \\server\documenten /PERSISTENT:YES
       NET TIME \\server /SET /YES
       echo.
       echo WARNING: You may now close this window!!!
       echo.' | tee /srv/storage/samba/netlogon/netlogon.bat
       
       unix2dos /srv/storage/samba/netlogon/netlogon.bat
       
       setfacl --recursive --modify u::rw,g::r,m:---,o:--- /srv/storage/samba/netlogon/netlogon.bat
       chmod g+r /srv/storage/samba/netlogon/netlogon.bat
       
       cat /srv/storage/samba/netlogon/netlogon.bat
       su -c "cat /srv/storage/samba/netlogon/netlogon.bat" jelledj
0
 
booster49Commented:
It's a set of tweaks they probably need to be adapter in order to work with your server/clients.
If you dont know how to apply them its probably not wise to mess with these settings.

0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 14
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now