Hi,
My configuration is
# smbstatus
Samba version 3.6.7-48.12.1-2831-SUSE-SL12.2-x86_64
The LAN is on 172.16. and the Samba machine is also the LAN’s DNS server.
We had been using Samba for simple file sharing, with no domain functionality, and with the Windows machines on the network configured as members of the workgroup. We decided to set it as a PDC and support roaming profiles.
I made some changes to smb.conf, which is here: http://pastebin.com/raw.php?i=HCY2cfHw The profiles directory was chmod 2775 and its group changed from root to users. The netlogon directory is 755. net groupmap list is empty. Initially, in smb.conf the name resolve order was starting with dns, but Windows 7 kept giving me an error about finding the domain when I tried to change from workgroup to domain, so I took that out.
All our Windows machines are Windows 7 64-bit Business. I configured them as follows: Windows7 - SambaWiki (that is, as specified on that page, I only edited DomainCompatibilityMode and DNSNameResolutionRequired). Changing from workgroup to domain doesn’t give me an error until I reboot and try to log in with one of the SMB users: “The trust relationship between this workstation and the primary domain failed”. I can only log into the local machine account. If instead of changing from workgroup to domain directly I try to use the network ID wizard, it leads eventually to the same error when it tries to set up the domain user.
There’s no problem accessing the Samba shares, however.
# tail /var/log/samba/log.smbd
[2013/01/23 14:26:16.350332, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$
[2013/01/23 14:26:16.352562, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$
[2013/01/23 14:37:22.518159, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$
Why is it failing? I checked the smbpasswd file and I see BRIX$ in there (though in the Unix accounts, brix$ is in lowercase but my understanding is that’s not a problem). Also, it looks like it was automatically made a member of the group users, but I don’t think that matters.
I don’t know how to troubleshoot this. I’ve tried removing the machine from the domain, then taking it out of smbpasswd and the Unix accounts, and then rejoining, but same thing.
Please help!
[Edit: don’t know if it matters, but the Windows 7 workstations may or may not have been upgrades from an initial Vista install, though I don’t think upgraded from XP (2% chance). Unfortunately, I can’t verify the history…].