it looks like from the log entries that the samba can't find an account
for the machine. The machine- if it is a domain member- does need to
have an account. Were you able to join the machine to the domain? if
so there should be both a samba (windows) account (verify with "pdbedit
-Lv") and a unix account (verify with "getent passwd.")
On 02/03/10 12:42, graham wrote:
Gaiseric Vandal wrote on 03/02/2010 17:27:
What samba version?
> After you login from Win 7 can you actually open
and save files?
yes. I'm not familiar enough with smb etc. to understand why the
machine itself is trying to authenticate in addition to the user, and
whether it matters.
It does seem like it is trying to reauthenticate as an
active directory client.
Maybe config samba to only listen on port 139 and not 445 ("smb ports"
in smb.conf.) That might force the Win 7 client to treat the samba
server as a "NT4" server. I believe port 445 is for Smb-over-tcp while
139 is for smb-over-netbios-over-tcp.
I do have that set.
For completeness, the [global] config is:
workgroup = SMBDOMAIN
netbios name = SAMBASERVER
server string =
map to guest = Bad User
username map = /etc/samba/username-map
restrict anonymous = 1
log level = 1
smb ports = 139
name resolve order = wins lmhosts
time server = Yes
printcap name = cups
add machine script = /usr/sbin/useradd -d /dev/null -g sambausers
-c Machine -s /bin/false %u
logon script = logon.bat
logon path =
logon home =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
On 02/03/10 12:09, graham wrote:
I've added my windows7 client to the domain (samba running as pdc),
having applied the registry changes identified here
Partial success - domain users can login and see shares etc, BUT:
1 - the registry settings in ntlogon/NTConfig.POL are not applied. Am
I right in thinking that windows 7 ignores this policy?
And if so I therefore need to put the appropriate registry settings
into a logon script?
2 - every time a domain user logs in to the windows7 host smbd reports
[2010/02/02 19:07:51, 0]
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client WIN7HOST machine account WIN7HOST$
[2010/02/02 19:07:52, 0] auth/auth_sam.c:355(check_sam_security)
check_sam_security: make_server_info_sam() failed with
This only occurs for the windows7 client (not XP clients).
What does this mean, is it a problem, and how do I fix it?!
3 - periodic errors reported by nmbd:
Packet send failed to 192.168.10.8(138) ERRNO=Operation not permitted
That's the ipaddress of the windows7 client.
Actually, looking back in the logs I see this has occasionally
happened for all but one of the xp clients too.
Again, what does this error mean, is it a problem, how would I fix it?
4 - windows7 client bombards the server on port 389 (ldap)
No idea why, no other (xp) clients do this. I'm guessing it /might/ be
part of question 2 above ,ie. maybe the win7 client is trying to
authenticate against ldap??
To unsubscribe from this list go to the following URL and read the