Re: [Samba] Samba 3 PDC > 3.3.4 broken with Win 7 RTM
Hi, I am looking forward to successfully join and logon a Windows 7 RTM to a Samba 3 domain. After a little googling and experimenting I came to conclusion that only version 3.3.4 of samba can accept such clients : - http://www.1stbyte.com/2009/05/31/join-windows-7-to-samba-pdc/ - http://ubuntuforums.org/showthread.php?t=1225500 Furthermore, Microsoft seems to have broken even compatibility with their own NT4 server: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/8b4dd460-dd57-41da-b541-6933cd4d2531?prof=required&wa=wsignin1.0 In the meantime I have tested with 3.4.0, 3.3.6, 3.2.5 and 3.3.4 - only 3.3.4 successfully allowed logons. Something must have regressed right after 3.3.4. Thank you, Costin Gusa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 PDC > 3.3.4 broken with Win 7 RTM
Ken Bass wrote: I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta. After searching the archives I modified the required registry settings listed in other emails. I upgraded my Samba from the stock Centos 5.3 version to 3.3.7. Joining the domain worked, but I was unable to log in. I would get a 'Trust relationship denied' type error when trying to log in as a user of the domain. Everything works with XP/Vista. I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which says it was rolled into version 3.3.5 and relates to Microsoft/Samba interoperability actually broke stuff with the RTM or what. The error message from 3.3.7 I noticed with debug logging was: [2009/08/07 19:05:40, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client XX-PC machine account XX-PC$ netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : negotiate_flags : * negotiate_flags : 0x400041ff (1073758719) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_ACCESS_DENIED After some testing, I got this: Samba 3.3.6 + win 7 = can join domain, but can not login (after change the 4 values of registry) Samba 3.3.4 + win 7 = working (after change the 4 values of registry) (LDAP is the backend) Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3 PDC > 3.3.4 broken with Win 7 RTM
I just installed Win 7 RTM (Release to Manufacturing), not RC nor Beta. After searching the archives I modified the required registry settings listed in other emails. I upgraded my Samba from the stock Centos 5.3 version to 3.3.7. Joining the domain worked, but I was unable to log in. I would get a 'Trust relationship denied' type error when trying to log in as a user of the domain. Everything works with XP/Vista. I downgraded to 3.3.4 and it worked. I do not know if bug 6099 which says it was rolled into version 3.3.5 and relates to Microsoft/Samba interoperability actually broke stuff with the RTM or what. The error message from 3.3.7 I noticed with debug logging was: [2009/08/07 19:05:40, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client XX-PC machine account XX-PC$ netr_ServerAuthenticate2: struct netr_ServerAuthenticate2 out: struct netr_ServerAuthenticate2 return_credentials : * return_credentials: struct netr_Credential data : negotiate_flags : * negotiate_flags : 0x400041ff (1073758719) 1: NETLOGON_NEG_ACCOUNT_LOCKOUT 1: NETLOGON_NEG_PERSISTENT_SAMREPL 1: NETLOGON_NEG_ARCFOUR 1: NETLOGON_NEG_PROMOTION_COUNT 1: NETLOGON_NEG_CHANGELOG_BDC 1: NETLOGON_NEG_FULL_SYNC_REPL 1: NETLOGON_NEG_MULTIPLE_SIDS 1: NETLOGON_NEG_REDO 1: NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL 0: NETLOGON_NEG_SEND_PASSWORD_INFO_PDC 0: NETLOGON_NEG_GENERIC_PASSTHROUGH 0: NETLOGON_NEG_CONCURRENT_RPC 0: NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL 0: NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL 1: NETLOGON_NEG_128BIT 0: NETLOGON_NEG_TRANSITIVE_TRUSTS 0: NETLOGON_NEG_DNS_DOMAIN_TRUSTS 0: NETLOGON_NEG_PASSWORD_SET2 0: NETLOGON_NEG_GETDOMAININFO 0: NETLOGON_NEG_CROSS_FOREST_TRUSTS 0: NETLOGON_NEG_NEUTRALIZE_NT4_EMULATION 0: NETLOGON_NEG_RODC_PASSTHROUGH 0: NETLOGON_NEG_AUTHENTICATED_RPC_LSASS 1: NETLOGON_NEG_SCHANNEL result : NT_STATUS_ACCESS_DENIED -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
