Tags Tags

[Samba] Windows 7 64 bits with Samba PDC (trust relationship problem)

September 06th, 2011 - 09:30 am ET by Daniel Lopes de Carvalho | Report spam
Help Create a new topic
Hi

I would like to know if anyone has success in making 64-bit Windows Seven
work with a Samba PDC without any problems?

I have a Samba 3.5.6 server running on Debian Lenny. Samba works properly
and is using the LDAP backend, which is integrated with Kerberos, GSSAPI,
etc...

Abount Windows Seven... I changed the registry as recommended Samba wiki,
applied the hotfix to not give the DNS error after entering in the domain.
The Winbind with IDMap are working too.

The Windows Seven usually join to the domain, create the LDAP account, but
an error occurs intermittently. Sometimes when I try to log into the domain,
an error message appears saying failure of trust relationship.

It changed the NTLM and NTLMv2, etc., and the error persists. I noticed in
the Samba logs that sometimes the following message appears:

_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client $ CLIENT CLIENT machine account

Usually after this message appears I can log into the domain, but before it
displays, it gives the error message of failure of trust relationship.

Does anyone have any suggestions?

Thanks

Daniel
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
email Follow the discussionReplies 3 repliesReplies Make a reply

Similar topics

Display all similar topics

Replies

#1 Daniel Lopes de Carvalho
September 09th, 2011 - 10:00 am ET | Report spam
Is there someone to help me with this issue?

Thanks and best regards!


On Tue, Sep 6, 2011 at 10:27 AM, Daniel Lopes de Carvalho <
wrote:

Hi

I would like to know if anyone has success in making 64-bit Windows Seven
work with a Samba PDC without any problems?

I have a Samba 3.5.6 server running on Debian Lenny. Samba works properly
and is using the LDAP backend, which is integrated with Kerberos, GSSAPI,
etc...

Abount Windows Seven... I changed the registry as recommended Samba wiki,
applied the hotfix to not give the DNS error after entering in the domain.
The Winbind with IDMap are working too.

The Windows Seven usually join to the domain, create the LDAP account, but
an error occurs intermittently. Sometimes when I try to log into the domain,
an error message appears saying failure of trust relationship.

It changed the NTLM and NTLMv2, etc., and the error persists. I noticed in
the Samba logs that sometimes the following message appears:

_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client $ CLIENT CLIENT machine account

Usually after this message appears I can log into the domain, but before it
displays, it gives the error message of failure of trust relationship.

Does anyone have any suggestions?

Thanks

Daniel



To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Replies Reply to this message
#2 John Drescher
September 09th, 2011 - 10:20 am ET | Report spam
On Tue, Sep 6, 2011 at 9:27 AM, Daniel Lopes de Carvalho
wrote:
Hi

I would like to know if anyone has success in making 64-bit Windows Seven
work with a Samba PDC without any problems?




Yes. I have been using windows 7 64 bit with my samba domain for 1.5 years.

I have a Samba 3.5.6 server running on Debian Lenny. Samba works properly
and is using the LDAP backend, which is integrated with Kerberos, GSSAPI,
etc...

Abount Windows Seven... I changed the registry as recommended Samba wiki,
applied the hotfix to not give the DNS error after entering in the domain.
The Winbind with IDMap are working too.

The Windows Seven usually join to the domain, create the LDAP account, but
an error occurs intermittently. Sometimes when I try to log into the domain,
an error message appears saying failure of trust relationship.

It changed the NTLM and NTLMv2, etc., and the error persists. I noticed in
the Samba logs that sometimes the following message appears:

_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client $ CLIENT CLIENT machine account

Usually after this message appears I can log into the domain, but before it
displays, it gives the error message of failure of trust relationship.

Does anyone have any suggestions?




Has this machine been on the domain for more than 30 days?

John
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Replies Reply to this message
#3 Dirk Gouders
September 09th, 2011 - 10:20 am ET | Report spam
Is there someone to help me with this issue?

Thanks and best regards!


On Tue, Sep 6, 2011 at 10:27 AM, Daniel Lopes de Carvalho <
wrote:

Hi

I would like to know if anyone has success in making 64-bit Windows Seven
work with a Samba PDC without any problems?





I was not answering to your question, because I tested that with Samba
3.6.0, not 3.5.6. Anyway, with a fresh install of Win7 everything
worked fine here.

[SNIP]

The Windows Seven usually join to the domain, create the LDAP account, but
an error occurs intermittently. Sometimes when I try to log into the domain,
an error message appears saying failure of trust relationship.

It changed the NTLM and NTLMv2, etc., and the error persists. I noticed in
the Samba logs that sometimes the following message appears:

_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth request from client $ CLIENT CLIENT machine account





I also noticecd that log message but it seems to do no harm.

Usually after this message appears I can log into the domain, but before it
displays, it gives the error message of failure of trust relationship.





I had this problem after I was heavily playing with the Win7 client:
changing domain membership back and forth, adding, removing and
re-adding users (also with different uidNumbers). Then, with some user
I got a message about a group policy client could not start, with some
user I got the message you mentioned above and with some users I still
could log in.

I'm not sure if Win7 caches such information but after I used a fresh
Win7 installation everything was OK without any change on the samba
side.

Dirk
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
email Follow the discussion Replies Reply to this message
Help Create a new topicReplies Make a reply
Search Make your own search