Re: [Samba] Machine account reject - additional troubleshooting
Not a real problem, but what I find more harmful is, that i changed the username and password of the domain administrator and on all the machines that are have that reject issue - i can still use the old one! (what is not really secure). If somebody knows more about that windows 7 - samba 3.5.4 - ldap problem than pleaaassse state something... Hi Martin, I'm afraid that I don't any information to offer you. But I want to add that our setup is very similar to yours. Samba DC with an OpenLDAP backend (except our version of Samba is 3.4.8). Client machines are a mix of Windows XP and Windows 7. And we are seeing the same error messages in the logs. Your comment regarding changing the domain admin username and password is troubling. I'll have to see if we have the same issue on Monday. -Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding Domain User Accounts to Windows 7 Clients (Samba 3.4.8 PDC)
On Thu, Jun 17, 2010 at 06:22:54PM -0500, David Whitney wrote: Could you explain a bit more what you mean by trying to create a local user out of a domain user? I'm realizing that I've done a very poor job of wording what I was trying to accomplish. Essentially, my goal is this: I have user accounts set up on our domain. These accounts do not have administrative rights on the domain. However, in some cases, I would like a given domain account to have local administrative rights on their workstation. In the past, when logged into the workstation under an administrator account, I have used the add user window as seen in the screenshot show in this link: http://www.ejoose.com/Windows2000/installation/add.user.windows.2000.gif I would simply click on the add button. Specify our Samba domain and the user account. Then, I would specify that this user was to have administrative rights on this box. It worked great. However, with Windows 7, when using this same process, I would receive the trust relationship error, as mentioned in my original post (even though the I've made the registry fixes required and even though the workstation was already joined to the domain). What I'm doing now, and is working for me, is simply adding the specified domain user account to the local administrator group, by clicking on the advanced tab and then making my way into the local group listing and adding the user to the Administrator's group. I think, in the end, both ways that I have employed achieve the same thing, it is just that the way I've previously done it isn't currently working. But the new way suffices. Again, sorry for the confusion caused by my poor wording. Cheers, Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding Domain User Accounts to Windows 7 Clients (Samba 3.4.8 PDC)
Does anybody have any ideas? Thanks, Bryan Walton On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: Hi, I've searched the logs and google trying to find a fix for my problem and have so far not succeeded. I've got a Samba PDC (Debian Lenny), running Samba 3.4.8 from Debian Backports. It is using an OpenLdap backend. We have encountered little to no problems over the last several years. And of course, we have to upgrade to Windows 7 (64-bit), from XP-64. So, here we are. Following the wiki here: http://wiki.samba.org/index.php/Windows7 I have made the registry changes mentioned on this page. I can successfully join the Windows 7 client to our Samba PDC. Furthermore, domain users are able to login, by using the following syntax: domain\username and password. Finally, users are able to access domain shares without difficulty. However, I am unable to successfully add domain user accounts to the client. When I attempt this, I receive the following error: The user could not be added because the following error has occurred: The trust relationship between the workstation and the primary domain failed. Can anybody help pinpoint my error? My samba PDC logs show the following: Jun 15 12:11:31 nishnabotna smbd[2746]: [2010/06/15 12:11:31, 0] auth/auth_sam.c:355(check_sam_security) Jun 15 12:11:31 nishnabotna smbd[2746]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Jun 15 12:11:32 nishnabotna smbd[2746]: [2010/06/15 12:11:32, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Jun 15 12:11:32 nishnabotna smbd[2746]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CALLENDER machine account CALLENDER$ And perhaps to state the obvious, the user I'm attempting to add does exist on the network. By the way, I'm getting this error when trying to add ANY domain user account to Windows 7 clients. I would appreciate any input you might offer. Thanks, Bryan Walton -- Bryan K. WaltonDivision of Physiologic Imaging Systems Administrator University of Iowa Hospitals and Clinics -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Adding Domain User Accounts to Windows 7 Clients (Samba 3.4.8 PDC)
On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: However, I am unable to successfully add domain user accounts to the client. When I attempt this, I receive the following error: The user could not be added because the following error has occurred: The trust relationship between the workstation and the primary domain failed. Hi everybody, thanks for your replies. I've found the problem, I believe, and have a work around. About 15 minutes ago, I stumbled across this web page: http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7d0bb953-3514-4475-8f00-5f624f5f6b00 As it turns out, a new feature of Windows 7 is that you cannot directly add domain users as local users. Instead, you must add desired domain users to local groups, achieving the desired result. I have verfied that this works without difficulty. In the past, I was able to add domain user acocunts as local accounts, but it appears that Microsoft no longer allows this with Windows 7. Thanks again, Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Adding Domain User Accounts to Windows 7 Clients (Samba 3.4.8 PDC)
Hi, I've searched the logs and google trying to find a fix for my problem and have so far not succeeded. I've got a Samba PDC (Debian Lenny), running Samba 3.4.8 from Debian Backports. It is using an OpenLdap backend. We have encountered little to no problems over the last several years. And of course, we have to upgrade to Windows 7 (64-bit), from XP-64. So, here we are. Following the wiki here: http://wiki.samba.org/index.php/Windows7 I have made the registry changes mentioned on this page. I can successfully join the Windows 7 client to our Samba PDC. Furthermore, domain users are able to login, by using the following syntax: domain\username and password. Finally, users are able to access domain shares without difficulty. However, I am unable to successfully add domain user accounts to the client. When I attempt this, I receive the following error: The user could not be added because the following error has occurred: The trust relationship between the workstation and the primary domain failed. Can anybody help pinpoint my error? My samba PDC logs show the following: Jun 15 12:11:31 nishnabotna smbd[2746]: [2010/06/15 12:11:31, 0] auth/auth_sam.c:355(check_sam_security) Jun 15 12:11:31 nishnabotna smbd[2746]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' Jun 15 12:11:32 nishnabotna smbd[2746]: [2010/06/15 12:11:32, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) Jun 15 12:11:32 nishnabotna smbd[2746]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client CALLENDER machine account CALLENDER$ And perhaps to state the obvious, the user I'm attempting to add does exist on the network. By the way, I'm getting this error when trying to add ANY domain user account to Windows 7 clients. I would appreciate any input you might offer. Thanks, Bryan Walton -- Bryan K. Walton Division of Physiologic Imaging Systems Administrator University of Iowa Hospitals and Clinics -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
