Package: samba Version: 2:3.2.5-4lenny6 Severity: important When adding a Windows 7 machine to a Samba PDC, using the following registry entries the machine account is created in /etc/passwd and in the samba database (pdbedit -L finds it, with a password):
HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOnSeal = 0 DWORD RequireStrongKey = 0 The Windows 7 PC gives a DNS extension error, but joins the domain succesfully. After reboot of the PC, you have to wait a bit before the domain controller can be found to validate the password, but then comes up with the following error: "the trust relationship between this workstation and the primary domain failed" and won't allow a logon. The PC event viewer gives the following System -> Netlogon error: This computer could not authenticate with \\DOMAIN, a Windows domain controller for domain DOMAIN, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. [2009/10/07 10:19:03, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490) Returning domain sid for domain DOMAIN -> S-1-5-21-649339501-1567589259-2286301166 [2009/10/07 10:19:04, 2] lib/access.c:check_access(406) Allowed connection from ::ffff:192.168.0.39 (::ffff:192.168.0.39) [2009/10/07 10:19:04, 2] libsmb/credentials.c:netlogon_creds_server_check(223) netlogon_creds_server_check: credentials check failed. [2009/10/07 10:19:04, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client MACHINE machine account MACHINE$ [2009/10/07 10:19:19, 0] lib/util_sock.c:read_socket_with_timeout(939) [2009/10/07 10:19:19, 0] lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer. [2009/10/07 10:30:47, 2] lib/access.c:check_access(406) Allowed connection from UNKNOWN (::ffff:192.168.0.39) [2009/10/07 10:30:47, 2] libsmb/credentials.c:netlogon_creds_server_check(223) netlogon_creds_server_check: credentials check failed. [2009/10/07 10:30:47, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520) Logging in as a normal user into the workgroup DOMAIN allows file sharing to work fine. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages samba depends on: ii adduser 3.110 add and remove users and groups ii debconf [debcon 1.5.24 Debian configuration management sy ii libacl1 2.2.47-2 Access control list shared library ii libattr1 1:2.4.43-2 Extended attribute shared library ii libc6 2.7-18 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libcups2 1.3.8-1+lenny6 Common UNIX Printing System(tm) - ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr ii libkrb53 1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam-runtime 1.0.1-5+lenny1 Runtime support for the PAM librar ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all ii libwbclient0 2:3.2.5-4lenny6 client library for interfacing wit ii logrotate 3.7.1-5 Log rotation utility ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii procps 1:3.2.7-11 /proc file system utilities ii samba-common 2:3.2.5-4lenny6 Samba common files used by both th ii update-inetd 4.31 inetd configuration file updater ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime samba recommends no packages. Versions of packages samba suggests: pn ldb-tools <none> (no description available) ii openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver pn smbldap-tools <none> (no description available) -- debconf information: samba/run_mode: daemons samba/generate_smbpasswd: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
