LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-19-2010, 02:50 PM   #1
speedsrfr
LQ Newbie
 
Registered: Jul 2005
Distribution: fedora 17
Posts: 22

Rep: Reputation: 0
Joining a Windows 7 client to Samba PDC v 3.4.3


Hello Everyone,
I have the following problem

I have a very nice SUSE 11.2 Samba PDC that runs well with Windows XP clients. I am using NETBIOS for name resolution since I dont want to put in a DNS server because my router already has one, Im pretty sure it would make things more complicated. I enabled wins support in smb.conf and made the name resolve order with lmhosts first. lmhosts lists all the ip adresses with their computer names in capitals. I hope thats right.

I set up my windows 7 with the reg file from the samba wiki on windows 7 http://wiki.samba.org/index.php/Windows7
Thats great now I get the old screen from XP in windows 7 when joining the domain. I gave the machine netbios name MAINPC a smb trust account MAINPC and added the unix user MAINPC$ that should all work. I manage to successfully join it says welcome to domain, afterwards an error appears "changing the dns name of this computer to "" failed" and something bout not finding the domain controller. although I joined. then I resatart and when I try to log on it says "trust relationship failed"

Id really appreciate it if there was anyone who could tell me what im missing here to make it join and logon properly. The samba wiki guys could do it.I want to as well.

Thanks
 
Old 06-21-2010, 09:51 AM   #2
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,287

Rep: Reputation: 97
Look into researching Adding Windows 7 to NT domain. Samba really doesn't approximate Active Directory but simulates like an NT 4 domain controller. Looking at issues with adding 7 to an NT domain might help you out with changes that may need to be made to the Win7 machine.
 
Old 09-07-2010, 04:56 PM   #3
pnguyen
LQ Newbie
 
Registered: Feb 2010
Posts: 7

Rep: Reputation: 1
I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen
 
1 members found this post helpful.
Old 09-21-2011, 06:04 PM   #4
ShadowCat8
Member
 
Registered: Nov 2004
Location: Arcadia, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 209

Rep: Reputation: 43
Quote:
Originally Posted by pnguyen View Post
However, I don't understand all of what I have done to make it work as I just copied from other experts.
...<snip>... And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.
Well,

Let me start by saying thanks for putting all this info in one location. VERY helpful! Much appreciated.

Now, a couple things that I would adjust help things run more smoothly:

Quote:
Originally Posted by pnguyen View Post
name resolve order = bcast host lmhosts wins
I would recommend changing this to:
Code:
name resolve order = host wins lmhosts bcast
This way, your server would check it's own /etc/hosts file first and, failing that, then ask DNS (still part of the 'host' entry), then check the WINS server, then check the lmhosts file in Samba, then do a broadcast query. Putting 'bcast' first would make the Samba server act even *more* like a windows server by constantly keeping network traffic going as it broadcasted queries every time a system made a request of the server.

And, with regards to:
Quote:
Originally Posted by pnguyen View Post
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"
I don't see such a section in the Registry on Win7... At least not the boxes we've been building and selling. Under that section of the registry, I see the following "branches": Cryptography, Hardware, PeerDist, Peernet, SystemCertificates, Windows and Windows NT. I'm not certain that it really matters in my implementation, but I was thinking for sake of clarity on this thread...

And, again, thank you for compiling this. VERY helpful!
 
Old 12-26-2011, 07:22 AM   #5
jai_nagarajan
LQ Newbie
 
Registered: Feb 2009
Posts: 14

Rep: Reputation: 0
Thumbs up

Quote:
Originally Posted by pnguyen View Post
I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen
Hi pnguyen,

I really great full to you to put the information which that i search for the past one weak, I had been the problem when was trying to connect Win7 to samba PDC, but it has working in winXP.
I followed your step by step instruction and configured my client pc. Now i able to connect to domain but when the time of login i am getting the error "trust relationship between this workstation and the primary domain failed". i would be appreciated if you let me know to over come this issue and i really need to sort out this issue for my organization asap.
Samba version: 3.0.33
OS: CentOS
 
Old 12-29-2011, 06:46 PM   #6
ShadowCat8
Member
 
Registered: Nov 2004
Location: Arcadia, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 209

Rep: Reputation: 43
Well,

I hate to have to say it, but you need to upgrade your Samba to a later version to get Windows 7 to connect to a Samba PDC without issues. At least to a version >= 3.3.2...

For reference, you can check this Samba Wiki page for more information.

And, having been in the same position as you are right now, another thing to keep in mind is that somewhere in between those versions, Samba changed the way it is handling it's authentication backend, so you are going to want to make backups of the current logins/accounts before you start upgrading.

HTH. Let us know.
 
Old 03-08-2012, 12:41 AM   #7
lvvsgupta
LQ Newbie
 
Registered: Mar 2012
Posts: 3

Rep: Reputation: Disabled
Hi
I did those we post but when i try to change "workgroup" to "Domain"
i got a error
"the domain was couldn't be contacted or either doesn't exist"
i install new windows 7 pro
then i try to add domain same error was repeted
please help me...........
 
Old 08-23-2012, 12:09 AM   #8
jeevar
LQ Newbie
 
Registered: Aug 2012
Posts: 2

Rep: Reputation: Disabled
windows could not automatically detect this network's proxy settings

After change the below setting in Samba server and Windows & client getting problems. Unable to connect internet. Even I changed proxy setting n IE and Firefox ""windows could not automatically detect this network's proxy settings""

Please help me out from this problem.



Quote:
Originally Posted by pnguyen View Post
I learn from many experts online, and finally it works but still happens some sharing problems that I can handle it in different way. Here is what I have, and hopefully we can share what we have successed:
-Sles Linux 11.3 installed, Samba 3.5.4 server configured and started, no DNS or LDAP installed.
-added to smb.conf:
client ntlmv2 auth = yes
wins support = Yes
wins proxy = No
lanman auth = yes
ntlm auth = Yes
name resolve order = bcast host lmhosts wins

-add to smbusers:
noby=guest pcguest smbguest

WinXP or Win7 Clients:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"EnableSecuritySignature"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
"RequireSignOrSeal"=dword:00000001
"RequireStrongKey"=dword:00000001
"SealSecureChannel"=dword:00000001
"SignSecureChannel"=dword:00000001

WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!

Win7: needs more modifications:
REGEDIT:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"QualifyingDestinationThreshold"=dword:00000003
"NV Domain"="Name of Samba Workgroup in smb.conf"
"NameServer"="Name of Samba Workgroup in smb.conf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\System\DNSClient]
"NV PrimaryDnsSuffix"="Name of Samba Workgroup in smb.conf"


Gpedit.msc:

Compouter|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.
The only problem is that it won't map the logon drive P: but I can apply the "logon.bat" instead.

However, I don't understand all of what I have done to make it work as I just copied from other experts.
Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.

PNguyen
 
  


Reply

Tags
controller, domain, pdc, samba, windows


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
roaming profile with samba as pdc & windows as client sweetshubhi Linux - Newbie 2 01-21-2010 11:33 PM
joining a linux client into the domain running Samba PDC zdehman Linux - Networking 2 08-18-2006 05:06 AM
Joining XP to a Samba PDC DirtySanchez Linux - Networking 1 08-03-2005 12:25 AM
Samba as PDC- Windows Client cant join gaston7392 Linux - Networking 1 06-24-2005 08:32 AM
Joining Win2k client to a samba PDC seaver Linux - Networking 3 08-07-2003 09:34 AM


All times are GMT -5. The time now is 08:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration