Solved

Connecting Windows 7 to Ubuntu / Samba as PDC

Posted on 2013-06-18
9
959 Views
Last Modified: 2013-06-26
I have a network consisting of 12 Windows 7 Professional 64-bit machines and one 64-bit Ubuntu/Samba 3 server configured as a PDC using roaming profiles.

I can join the domain windows XP professional and login using any user from the domain, but when I try using Windows 7 professional 64-bit it will join the domain but after a reboot it says that the trust relationship between the workstation and the server failed and will not login with any user except the local account.

I tried changing the two registry entries listed at samba.org for windows 7, but I still get the same results.   My samba version is 3.6.15

Anyone know the trick to making this work
0
Comment
Question by:Rolling_Tech
  • 5
  • 3
9 Comments
 
LVL 17

Accepted Solution

by:
lruiz52 earned 500 total points
Comment Utility
check the link below, see if it fixes your problem.

http://praxis.edoceo.com/howto/samba3-windows7
0
 

Author Comment

by:Rolling_Tech
Comment Utility
I followed the directions there and tried leaving and rejoining the domain, but I still get

"the trust relationship between the workstation and the primary domain controller failed"
0
 
LVL 17

Expert Comment

by:lruiz52
Comment Utility
Have you tried disabling the windows firewall to test?
0
 

Author Comment

by:Rolling_Tech
Comment Utility
I tried disabling the firewall on all connections then rebooted.  

At login I got the same message:
"the trust relationship between the workstation and the primary domain controller failed"
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 17

Expert Comment

by:lruiz52
Comment Utility
0
 

Author Comment

by:Rolling_Tech
Comment Utility
Tried #9 same results can't login to any domain account.
0
 
LVL 19

Expert Comment

by:jools
Comment Utility
Are the machine accounts created ok?
0
 

Author Comment

by:Rolling_Tech
Comment Utility
When I join the domain it creates the machine accounts just fine, but for some reason it doesn't trust them.after a reboot.
0
 

Author Comment

by:Rolling_Tech
Comment Utility
I finally got past this problem using this registry script:

Windows Registry Editor Version 5.00

; Win7/Samba 3.4.x - Workstation Share
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lanmanserver\parameters]
"AutoShareWks"=dword:00000001

; Win7/Samba 3.4.x - Compat
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\lanmanworkstation\parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
; AllowPlain ....
; RequireSecuritySignature"=dword:00000000

; Win7/Samba 3.4.x - Compat
; http://us.generation-nt.com/answer/samba-rejecting-auth-request-client-xxx-machine-account-win7-help-206090182.html#206092242
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netlogon\parameters]
"DisablePasswordChange"=dword:00000001
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001

;Turn off last user logged in stuff.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001

;Disable the security center stuff annoyances
; [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
; "Start"=dword:00000003

; Speedup settings
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"SlowLinkDetectEnabled"=dword:00000000
"DeleteRoamingCache"=dword:00000001
"WaitForNetwork"=dword:00000000
"CompatibleRUPSecurity"=dword:00000001

; Can drive you nuts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=dword:00000000
"LocalAccountTokenFilterPolicy"=dword:00000001

;Stupid keys that make the windows 7 sysprep crap out.
[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
"RestartSetup"=dword:00000000
"SetupType"=dword:00000000
"SystemSetupInProgress"=dword:00000000
"SetupPhase"=dword:00000000
"CmdLine"=""
"OOBEInProgress"=dword:00000000

_________________________________________________________________________________________________

And then setting "RequireSignOrSeal"=dword:00000000

_________________________________________________________________________________________________
For some reason though it did not map my H:\ drive to home directory, although I can access all the shares without issue.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now