Samba 3.5.6 DC + Windows 7 Unable to add user because of trust relationship

ravenswood · 05-03-2012, 08:26 AM

Hi everyone.

This has me in a bit of a spot. Just upgraded our servers to Samba 3.5.6 and got all the xp machines on the domain easily.

The windows 7 machine has troubles. I can get the machine to join the domain but any user I try to add results in:

Code:

The user could not be added because the following error has occurred:

The trust relationship between this workstation and the primary domain failed.

I've made the changes recommended over at the Samba wiki by changing the registry:

Code:

HKLM\System\CCS\Services\LanmanWorkstation\Parameters
      DWORD  DomainCompatibilityMode = 1
      DWORD  DNSNameResolutionRequired = 0

and made sure that this was correct (although I tried every combination

Code:

HKLM\System\CCS\Services\Netlogon\Parameters
      DWORD  RequireSignOrSeal = 1
      DWORD  RequireStrongKey = 1

I'm not sure where to go from here. I've put Windows 7 on previous Samba releases. Is it just this version? What should I do?

Thanks much for any help

ravenswood · 05-07-2012, 06:23 PM

I'm still having a rough time with this. I've tried everything. The normal settings over at the Samba Wiki don't seem to matter. This is now on two different installations in the last 2 weeks.

While I didn't have to, I followed this howto. Did I make a mistake using this? (I'm using squeeze, not etch or sarge).

My smb.conf file looks like this:

Quote:

[global]
name resolve order = wins host bcast
idmap gid = 15000-20000
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = Yes
root preexec = PROFILE=/home/samba/profiles/%U; if [ ! -e $PROFILE ]; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
time server = Yes
passwd program = /usr/bin/passwd %u
dns proxy = No
printing = cups
idmap uid = 15000-20000
logon script = netlogon.bat
default = printers
workgroup = QOW
os level = 255
printcap name = cups
add machine script = /usr/sbin/useradd -g machines -c "Samba Machine" -d /dev/null -s /bin/false '%u'
delete user script = /usr/sbin/userdel "%u"
max log size = 1000
log file = /var/log/samba/log.%m
printer = Kyocera_KM-C4035E
guest account = nobody
load printers = Yes
add group script = /usr/sbin/groupadd "%g"
hide unreadable = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/sbin/usermod -G "%g" "%u"
logon drive = H:
domain master = yes
hide dot files = yes
interfaces = eth0 lo
printer admin = root, @lpadmin
wins support = true
server string = miller
unix password sync = Yes
logon path = \\%L\profiles\%U
add user script = /usr/sbin/useradd -m "%u"
set primary group script = /usr/sbin/usermod -g "%g" "%u"
preferred master = yes
panic action = /usr/share/samba/panic-action %d
bind interfaces only = yes
domain logons = yes
pam password change = Yes
[homes]
comment = Home Directories
read only = No
create mask = 0700
directory mask = 0700
browseable = No
volume = HOME

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
write list = @samba-domain-admins
force create mode = 0664
guest ok = Yes
browseable = No

[profiles]
comment = Windows user profile directories
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No

[general]
comment = General shared drive
path = /home/qow/general
write list = @qow-staff
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[templates]
comment = Common templates
path = /home/qow/templates
write list = @qow-manager
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[arap]
comment = Accounting
path = /home/qow/arap
write list = @qow-arap
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[supervisors]
comment = Supervisors
path = /home/qow/supervisors
write list = @qow-supervisor
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[ellsworth]
comment = Ellsworth drive
path = /home/qow/ellsworth
write list = @qowe-staff
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[hr]
comment = Human resources
path = /home/qow/hr
write list = @qow-hr
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[office]
comment = Office
path = /home/qow/office
write list = @qow-manager
read only = No
force create mode = 0660
force directory mode = 02770
include = /etc/samba/recycle.conf

[printers]
comment = All Printers
printable = yes
writable = yes
browseable = yes
public = yes
guest ok = yes
path = /var/spool/samba
create mode = 666
printer admin = @lpadmin

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
write list = root, @lpadmin

# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; read only = yes
; locking = no
; path = /cdrom
; guest ok = yes

# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom

Thanks for any help.

ravenswood · 05-15-2012, 11:08 AM

Ok. After all this, I'm rather sure it is impossible to put windows 7 on samba.