samba@lists.samba.org
[Top] [All Lists]

Re: [Samba] windows 7 machine account fails to authenticate against samb

Subject: Re: [Samba] windows 7 machine account fails to authenticate against samba PDC
From: graham
Date: Wed, 03 Feb 2010 17:42:19 +0000
Gaiseric Vandal wrote on 03/02/2010 17:27:
What samba version?

version 3.4.5


> After you login from Win 7 can you actually open
and save files?

yes. I'm not familiar enough with smb etc. to understand why the machine itself is trying to authenticate in addition to the user, and whether it matters.


It does seem like it is trying to reauthenticate as an
active directory client.

Maybe config samba to only listen on port 139 and not 445 ("smb ports"
in smb.conf.) That might force the Win 7 client to treat the samba
server as a "NT4" server. I believe port 445 is for Smb-over-tcp while
139 is for smb-over-netbios-over-tcp.

I do have that set.
For completeness, the [global] config is:
        workgroup = SMBDOMAIN
        netbios name = SAMBASERVER
        server string =
        map to guest = Bad User
        username map = /etc/samba/username-map
        restrict anonymous = 1
        log level = 1
        smb ports = 139
        name resolve order = wins lmhosts
        time server = Yes
        printcap name = cups
add machine script = /usr/sbin/useradd -d /dev/null -g sambausers -c Machine -s /bin/false %u
        logon script = logon.bat
        logon path =
        logon home =
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        wins support = Yes




On 02/03/10 12:09, graham wrote:
Hello all,

I've added my windows7 client to the domain (samba running as pdc),
having applied the registry changes identified here
(http://wiki.samba.org/index.php/Windows7).

Partial success - domain users can login and see shares etc, BUT:

1 - the registry settings in ntlogon/NTConfig.POL are not applied. Am
I right in thinking that windows 7 ignores this policy?
And if so I therefore need to put the appropriate registry settings
into a logon script?


2 - every time a domain user logs in to the windows7 host smbd reports
an error:

[2010/02/02 19:07:51, 0]
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client WIN7HOST machine account WIN7HOST$
[2010/02/02 19:07:52, 0] auth/auth_sam.c:355(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'

This only occurs for the windows7 client (not XP clients).
What does this mean, is it a problem, and how do I fix it?!


3 - periodic errors reported by nmbd:
Packet send failed to 192.168.10.8(138) ERRNO=Operation not permitted

That's the ipaddress of the windows7 client.
Actually, looking back in the logs I see this has occasionally
happened for all but one of the xp clients too.
Again, what does this error mean, is it a problem, how would I fix it?


4 - windows7 client bombards the server on port 389 (ldap)
No idea why, no other (xp) clients do this. I'm guessing it /might/ be
part of question 2 above ,ie. maybe the win7 client is trying to
authenticate against ldap??

rgds all,
graham.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

<Prev in Thread] Current Thread [Next in Thread>