I don't believe this! Suddenly Domain users can login again. Roaming
profiles, login scripts, mapped drives the lot.
I still see the same errors in the logs:
[2010/09/13 18:49:43, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client W7 machine account W7$
snip
[2010/09/13 18:50:14, 1] smbd/vfs.c:932(check_reduced_name)
reduce_name: couldn't get realpath for elbournb.V2/ntuser.ini
snip
Seems Windows 7 is a bit fragile. :-( And just to be sure I have removed
and re-added the system to the domain - still works. I could cry!
Berni
Berni Elbourn wrote:
Berni Elbourn wrote:
Berni Elbourn wrote:
Hi,
I would be extremely grateful if you could cast your eye over my
problem with getting Windows 7 PC back onto on a Samba domain?
I have the current version from lenny-backports:
2:3.4.8~dfsg-2~bpo50+1, the client is windows 7 Ultimate. logins and
profiles and nelogon scripts all seemed to work back in Feb 2010
using the instructions here:
http://wiki.samba.org/index.php/Windows7
However this week it seems the machine trust is now broken. Removing
and re-adding the windows 7 client to the domain claims to succeed on
the windows side but this error is logged in log.smbd:
snip
Is anyone here able to advise on my windows 7 tragedy?
I have switched over to the tdbsam backend and I have tried the various
group policy options with no improvement.
Network Security: Do not store LAN Manager hash value on next password
change from Enabled to Disabled
Network Security: LAN Manager authentication level change from Not
Defined to Send LM NTLM responses
Network Security: Do not store LAN Manager hash value on next password
change from Enabled to Disabled
Network Security: LAN Manager authentication level change from Not
Defined to Send LM NTLM responses
-Network Security: Minimum session...both clients and servr: NO Required
128b encryption
Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled
I have tried these in smb.conf:
client ntlmv2 auth = yes
lanman auth = yes
ntlm auth = Yes
At this point I have exhausted google (and me).
Reseting those all back to default (respecting what the sanmba wiki
says) gives these errors when joining:
2010/09/13 14:55:28, 2] auth/auth.c:310(check_ntlm_password)
check_ntlm_password: authentication for user [root] - [root] -
[root] succeeded
[2010/09/13 14:55:28, 2] auth/token_util.c:450(create_local_nt_token)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind
allocate gids?
[2010/09/13 14:55:28, 2] auth/token_util.c:474(create_local_nt_token)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/09/13 14:55:30, 2] rpc_server/srv_samr_nt.c:4118(_samr_LookupDomain)
Returning domain sid for domain ECS -
S-1-5-21-1400426869-3020193132-3326178760
[2010/09/13 14:55:30, 2] auth/token_util.c:450(create_local_nt_token)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind
allocate gids?
[2010/09/13 14:55:30, 2] auth/token_util.c:474(create_local_nt_token)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/09/13 14:55:30, 2]
libsmb/credentials.c:223(netlogon_creds_server_check)
netlogon_creds_server_check: credentials check failed.
[2010/09/13 14:55:30, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client W7 machine account W7$
[2010/09/13 14:55:38, 2] auth/auth.c:320(check_ntlm_password)
check_ntlm_password: Authentication for user [W7] - [W7] FAILED with
error NT_STATUS_NO_SUCH_USER
And these when logging in:
[2010/09/13 14:56:32, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/13 14:56:32, 2] smbd/sesssetup.c:1390(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2010/09/13 14:56:32, 2] auth/token_util.c:450(create_local_nt_token)
WARNING: Failed to create BUILTIN\Administrators group! Can Winbind
allocate gids?
[2010/09/13 14:56:32, 2] auth/token_util.c:474(create_local_nt_token)
WARNING: Failed to create BUILTIN\Users group! Can Winbind allocate gids?
[2010/09/13 14:56:32, 2]
libsmb/credentials.c:223(netlogon_creds_server_check)
netlogon_creds_server_check: credentials check failed.
[2010/09/13 14:56:32, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client W7 machine account W7$
[2010/09/13 14:56:40, 1] auth/auth_util.c:577(make_server_info_sam)
User W7$ in passdb, but getpwnam() fails!
[2010/09/13 14:56:40, 0] auth/auth_sam.c:355(check_sam_security)