LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Joining a Windows 7 client to Samba PDC v 3.4.3 (http://www.linuxquestions.org/questions/linux-server-73/joining-a-windows-7-client-to-samba-pdc-v-3-4-3-a-815174/)

speedsrfr 06-19-2010 02:50 PM

Joining a Windows 7 client to Samba PDC v 3.4.3
 
Hello Everyone,
I have the following problem

I have a very nice SUSE 11.2 Samba PDC that runs well with Windows XP clients. I am using NETBIOS for name resolution since I dont want to put in a DNS server because my router already has one, Im pretty sure it would make things more complicated. I enabled wins support in smb.conf and made the name resolve order with lmhosts first. lmhosts lists all the ip adresses with their computer names in capitals. I hope thats right.

I set up my windows 7 with the reg file from the samba wiki on windows 7 http://wiki.samba.org/index.php/Windows7
Thats great now I get the old screen from XP in windows 7 when joining the domain. I gave the machine netbios name MAINPC a smb trust account MAINPC and added the unix user MAINPC$ that should all work. I manage to successfully join it says welcome to domain, afterwards an error appears "changing the dns name of this computer to "" failed" and something bout not finding the domain controller. although I joined. then I resatart and when I try to log on it says "trust relationship failed"

Id really appreciate it if there was anyone who could tell me what im missing here to make it join and logon properly. The samba wiki guys could do it.I want to as well.

Thanks

scheidel21 06-21-2010 09:51 AM

Look into researching Adding Windows 7 to NT domain. Samba really doesn't approximate Active Directory but simulates like an NT 4 domain controller. Looking at issues with adding 7 to an NT domain might help you out with changes that may need to be made to the Win7 machine.

pnguyen 09-07-2010 04:56 PM

I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen

ShadowCat8 09-21-2011 06:04 PM

Quote:

Originally Posted by pnguyen (Post 4090776)
However, I don't understand all of what I have done to make it work as I just copied from other experts.
...<snip>... And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

Well,

Let me start by saying thanks for putting all this info in one location. VERY helpful! Much appreciated.

Now, a couple things that I would adjust help things run more smoothly:

Quote:

Originally Posted by pnguyen (Post 4090776)
name resolve order = bcast host lmhosts wins

I would recommend changing this to:
Code:

name resolve order = host wins lmhosts bcast
This way, your server would check it's own /etc/hosts file first and, failing that, then ask DNS (still part of the 'host' entry), then check the WINS server, then check the lmhosts file in Samba, then do a broadcast query. Putting 'bcast' first would make the Samba server act even *more* like a windows server by constantly keeping network traffic going as it broadcasted queries every time a system made a request of the server.

And, with regards to:
Quote:

Originally Posted by pnguyen (Post 4090776)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"

I don't see such a section in the Registry on Win7... At least not the boxes we've been building and selling. Under that section of the registry, I see the following "branches": Cryptography, Hardware, PeerDist, Peernet, SystemCertificates, Windows and Windows NT. I'm not certain that it really matters in my implementation, but I was thinking for sake of clarity on this thread... :)

And, again, thank you for compiling this. VERY helpful!

jai_nagarajan 12-26-2011 07:22 AM

Quote:

Originally Posted by pnguyen (Post 4090776)
I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen

Hi pnguyen,

I really great full to you to put the information which that i search for the past one weak, I had been the problem when was trying to connect Win7 to samba PDC, but it has working in winXP.
I followed your step by step instruction and configured my client pc. Now i able to connect to domain but when the time of login i am getting the error "trust relationship between this workstation and the primary domain failed". i would be appreciated if you let me know to over come this issue and i really need to sort out this issue for my organization asap.
Samba version: 3.0.33
OS: CentOS

ShadowCat8 12-29-2011 06:46 PM

Well,

I hate to have to say it, but you need to upgrade your Samba to a later version to get Windows 7 to connect to a Samba PDC without issues. At least to a version >= 3.3.2...

For reference, you can check this Samba Wiki page for more information.

And, having been in the same position as you are right now, another thing to keep in mind is that somewhere in between those versions, Samba changed the way it is handling it's authentication backend, so you are going to want to make backups of the current logins/accounts before you start upgrading.

HTH. Let us know.

lvvsgupta 03-08-2012 12:41 AM

Hi
I did those we post but when i try to change "workgroup" to "Domain"
i got a error
"the domain was couldn't be contacted or either doesn't exist"
i install new windows 7 pro
then i try to add domain same error was repeted
please help me...........

jeevar 08-23-2012 12:09 AM

windows could not automatically detect this network's proxy settings
 
After change the below setting in Samba server and Windows & client getting problems. Unable to connect internet. Even I changed proxy setting n IE and Firefox ""windows could not automatically detect this network's proxy settings""

Please help me out from this problem.



Quote:

Originally Posted by pnguyen (Post 4090776)
I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen



All times are GMT -5. The time now is 01:51 AM.