# [SOLVED] Samba and Windows 7

## tgolden

According to various postings I have read, Windows 7 can not join a Samba domain with Samba version less the 3.3.4.  With Windows 7 pending release, does anyone know the development status of the newer versions of samba (>=3.3.4). 

http://ubuntuforums.org/showthread.php?t=1162865Last edited by tgolden on Thu Sep 03, 2009 2:51 am; edited 1 time in total

----------

## fls

There is a gentoo bugzilla entry which deals with new samba versions.

Note that Windows 7 can join a samba 3.3.4 domain but CAN NOT join a samba 3.3.6 domain.

I'm unsure about 3.3.5 and the recently released 3.3.7.

See towards the end of this thread for the details about samba and Win7

----------

## Simba7

Yes, Windows 7 can *ONLY* join a Samba 3.3.4 domain for now. I have this working at my parents house with Windows 7 RC1.

You can follow this post to make an ebuild. I would suggest fetching the 3.3.4 file directly from the samba servers, though. It seems most of the older versions have disappeared from the mirrors.

----------

## fls

 *Simba7 wrote:*   

> Yes, Windows 7 can *ONLY* join a Samba 3.3.4 domain for now.

 

I remember reading in samba's bugzilla that 3.4.1 will again support it. Don't have the link at hand ...

----------

## Simba7

 *fls wrote:*   

> I remember reading in samba's bugzilla that 3.4.1 will again support it. Don't have the link at hand ...

 

I'm just curious on *WHY* they removed it in the first place.

----------

## tgolden

I have made some progess.  I now have Windows 7 "Joining the Domain".  Unfortunately if I attempt to log in to the domain I get error "Trust Relationship between Workstation and Domain Failed" on the Windows 7 box.  In my samba logs I have the error 

"[2009/08/30 02:17:42, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)

  _net_auth2: creds_server_check failed. Rejecting auth request from client MACHINE machine account MACHINE$

I have already attempted removing the Windows 7 client from the domain and adding it back in.  I suspect it may have something to do with the security settings in Windows 7 since other Windows versions upto XP worked (I never tried Vista).

I had to do the following things.

In group policy under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options I set the following

Domian Member: Digitally encrypt or sign secure channel data (Always): disabled

Domain Member: Digitally encrypt secure channel data (when possible) disabled

Domain Member: Digitally sign secure channel data (when possible): disabled

Domain Member: Require string (Windows 2000 or later) session key: disables

Microsoft Network Client: Digitally sign communications (always) disabled

Microsoft Network Client: Digitally sign communications (if server agrees): enabled

Microsoft Network Server: Digitally sign communications (Always): disabled

Microsoft Nework Server: Digitally sign communications (if client agrees): disabled

Network Access: Allow anonymous SID/Name Translation: Enabled

Network Security LAN Manager authentication level: Send LM and NTLM use NTLMv2 session security if negiotated

And the registry hacks in the proviously mentioned link.

I don't know if all these setting are needed, but it would appear I am a little closer

Software Version Info.

Windows 7 RTM (updated)

samba-3.0.33

----------

## Simba7

You haven't been reading the previous posts, have ya?

----------

## john.peterson1982

Now I could join my domain after I modified the registry as follows:

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

DWORD requiresignorseal = 0

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel = 1

HKLMSystemCurrentControlSetServicesLanmanWorkstationParameters

DWORD DomainCompatibilityMode = 1

DWORD DNSNameResolutionRequired = 0

I get a computer account in the WGM. But I can’t log in, because of:

"The trust relationship between this workstation and the primary domain failed."

----------

## Simba7

Don't ya just love it when people don't read the entire thread?

Darn newbies.

----------

## tgolden

Gotta try anyway either way.  It appears that even the newest version of samba don't work with Windows 7 (as per earlier in the posting, only 3.3.4), so either way gentoo does not have a version in the main portage tree that would work, the two options are try with the current version under the assumption that microsoft changed some default settings, run unstable software in a production environment, or sit down twiddle my thumbs and do nothing.  Personally, trying to figure out why something doesn't work is better then doing nothing.

I have that to join the domain all I need on the Windows Client is:

the DNSResolutionRequired registry entry

the DomainCompatibilityMode entry.

Samba setup add the line:

"server signing = auto"

Still get the trust relationship failed error.  The problem appears to be in the machine account authentication in the samba logs

Samba log error after a series of client server challenge and reply's:

rpc_server/srv_netlog_nt.c:_net_auth_2(478)

  _net_auth2: creds_server_check failed. Rejecting auth request from client MACHINE machine account MACHINE$

----------

## tgolden

I would be interesting in knowing what changes Microsoft made to  the networking aspect of Windows 7.  If the relevent changes are in the Windows 7 networking itself or if they are just stricter default settings.  I can't find anything documented by Microsoft about changes in the networking protocols other then Windows 7 defaults to using newer "more secure" settings.  Of course M$ has such a wonderful history of documentation and openness regarding thier standards and protocols.

I do have log level 10 logs of my attempts to log in to the domain.  They are rather long so if there are particular parts that can be helpful I an just post those parts.

----------

## tgolden

I have achieved success.  I had to unmask and update samba to 3.3.7, you have to unmask samba-3.3.7 samba-libs-3.3.7 samba-client-3.3.7 samba-server-3.3.7 and iniparser

Required registery changes are still the 

DNSresolutionrequireRequired set to 0

DomainCompatibilityMode set to 1

as mentioned in previous posts.  I would also appear that only a Samba PDC (mayby BDC) requires the upgrade.  My Samba Member server did not.

Thank you

----------

## Alakhai

i solved by creating a symlink on home directory of user like this:

Symlink ./[$USERPROFILEDIR].V2 -> ./[$USERPROFILEDIR]

adding .V2 samba allows you to join in... i don't know why... i was getting crazy for this, and 7 still working bad on samba.

----------

