Solved

Connecting Windows 7 to Ubuntu / Samba as PDC

Posted on 2013-06-18
9
966 Views
Last Modified: 2013-06-26
I have a network consisting of 12 Windows 7 Professional 64-bit machines and one 64-bit Ubuntu/Samba 3 server configured as a PDC using roaming profiles.

I can join the domain windows XP professional and login using any user from the domain, but when I try using Windows 7 professional 64-bit it will join the domain but after a reboot it says that the trust relationship between the workstation and the server failed and will not login with any user except the local account.

I tried changing the two registry entries listed at samba.org for windows 7, but I still get the same results.   My samba version is 3.6.15

Anyone know the trick to making this work
0
Comment
Question by:Rolling_Tech
  • 5
  • 3
9 Comments
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
ID: 39258156
check the link below, see if it fixes your problem.

http://praxis.edoceo.com/howto/samba3-windows7
0
 

Author Comment

by:Rolling_Tech
ID: 39258251
I followed the directions there and tried leaving and rejoining the domain, but I still get

"the trust relationship between the workstation and the primary domain controller failed"
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 39258289
Have you tried disabling the windows firewall to test?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:Rolling_Tech
ID: 39258391
I tried disabling the firewall on all connections then rebooted.  

At login I got the same message:
"the trust relationship between the workstation and the primary domain controller failed"
0
 
LVL 17

Expert Comment

by:lruiz52
ID: 39258601
0
 

Author Comment

by:Rolling_Tech
ID: 39260345
Tried #9 same results can't login to any domain account.
0
 
LVL 19

Expert Comment

by:jools
ID: 39261917
Are the machine accounts created ok?
0
 

Author Comment

by:Rolling_Tech
ID: 39264282
When I join the domain it creates the machine accounts just fine, but for some reason it doesn't trust them.after a reboot.
0
 

Author Comment

by:Rolling_Tech
ID: 39275763
I finally got past this problem using this registry script:

Windows Registry Editor Version 5.00

; Win7/Samba 3.4.x - Workstation Share
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lanmanserver\parameters]
"AutoShareWks"=dword:00000001

; Win7/Samba 3.4.x - Compat
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lanmanworkstation\parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
; AllowPlain ....
; RequireSecuritySignature"=dword:00000000

; Win7/Samba 3.4.x - Compat
; http://us.generation-nt.com/answer/samba-rejecting-auth-request-client-xxx-machine-account-win7-help-206090182.html#206092242
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netlogon\parameters]
"DisablePasswordChange"=dword:00000001
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001

;Turn off last user logged in stuff.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001

;Disable the security center stuff annoyances
; [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
; "Start"=dword:00000003

; Speedup settings
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001

; Can drive you nuts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"LocalAccountTokenFilterPolicy"=dword:00000001

;Stupid keys that make the windows 7 sysprep crap out.
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"RestartSetup"=dword:00000000
"SetupType"=dword:00000000
"SystemSetupInProgress"=dword:00000000
"SetupPhase"=dword:00000000
"CmdLine"=""
"OOBEInProgress"=dword:00000000

_________________________________________________________________________________________________

And then setting "RequireSignOrSeal"=dword:00000000

_________________________________________________________________________________________________
For some reason though it did not map my H:\ drive to home directory, although I can access all the shares without issue.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question