Adding Domain User Accounts to Windows 7 Clients (Samba 3.4.8 PDC)
in [Samba]
|
From: Walton, Bryan K on 17 Jun 2010 13:00 Does anybody have any ideas? Thanks, Bryan Walton On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: > Hi, > > I've searched the logs and google trying to find a fix for my problem > and have so far not succeeded. > > I've got a Samba PDC (Debian Lenny), running Samba 3.4.8 from Debian > Backports. It is using an OpenLdap backend. We have encountered little > to no problems over the last several years. And of course, we have to > upgrade to Windows 7 (64-bit), from XP-64. So, here we are. > > Following the wiki here: http://wiki.samba.org/index.php/Windows7 I have > made the registry changes mentioned on this page. > > I can successfully join the Windows 7 client to our Samba PDC. > Furthermore, domain users are able to login, by using the following > syntax: domain\username and password. Finally, users are able to access > domain shares without difficulty. > > However, I am unable to successfully add domain user accounts to the > client. When I attempt this, I receive the following error: > > "The user could not be added because the following error has occurred: > > The trust relationship between the workstation and the primary domain > failed." > > Can anybody help pinpoint my error? > > My samba PDC logs show the following: > > Jun 15 12:11:31 nishnabotna smbd[2746]: [2010/06/15 12:11:31, 0] > auth/auth_sam.c:355(check_sam_security) > Jun 15 12:11:31 nishnabotna smbd[2746]: check_sam_security: > make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' > Jun 15 12:11:32 nishnabotna smbd[2746]: [2010/06/15 12:11:32, 0] > rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3) > Jun 15 12:11:32 nishnabotna smbd[2746]: _netr_ServerAuthenticate3: > netlogon_creds_server_check failed. Rejecting auth request from client > CALLENDER machine account CALLENDER$ > > And perhaps to state the obvious, the user I'm attempting to add does > exist on the network. By the way, I'm getting this error when trying to > add ANY domain user account to Windows 7 clients. > > I would appreciate any input you might offer. > > Thanks, > Bryan Walton > > -- > Bryan K. Walton Division of Physiologic Imaging > Systems Administrator University of Iowa Hospitals and Clinics > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Walton, Bryan K on 17 Jun 2010 18:00 On Tue, Jun 15, 2010 at 12:22:25PM -0500, Walton, Bryan K wrote: > > However, I am unable to successfully add domain user accounts to the > client. When I attempt this, I receive the following error: > > "The user could not be added because the following error has occurred: > > The trust relationship between the workstation and the primary domain > failed." Hi everybody, thanks for your replies. I've found the problem, I believe, and have a work around. About 15 minutes ago, I stumbled across this web page: http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/7d0bb953-3514-4475-8f00-5f624f5f6b00 As it turns out, a "new feature" of Windows 7 is that you cannot directly add domain users as local users. Instead, you must add desired domain users to local groups, achieving the desired result. I have verfied that this works without difficulty. In the past, I was able to add domain user acocunts as local accounts, but it appears that Microsoft no longer allows this with Windows 7. Thanks again, Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Walton, Bryan K on 18 Jun 2010 09:40 On Thu, Jun 17, 2010 at 06:22:54PM -0500, David Whitney wrote: > > Could you explain a bit more what you mean by trying to create a "local > user" out of a domain user? I'm realizing that I've done a very poor job of wording what I was trying to accomplish. Essentially, my goal is this: I have user accounts set up on our domain. These accounts do not have administrative rights on the domain. However, in some cases, I would like a given domain account to have local administrative rights on their workstation. In the past, when logged into the workstation under an administrator account, I have used the add user window as seen in the screenshot show in this link: http://www.ejoose.com/Windows2000/installation/add.user.windows.2000.gif I would simply click on the add button. Specify our Samba domain and the user account. Then, I would specify that this user was to have administrative rights on this box. It worked great. However, with Windows 7, when using this same process, I would receive the trust relationship error, as mentioned in my original post (even though the I've made the registry fixes required and even though the workstation was already joined to the domain). What I'm doing now, and is working for me, is simply adding the specified domain user account to the local administrator group, by clicking on the advanced tab and then making my way into the local group listing and adding the user to the Administrator's group. I think, in the end, both ways that I have employed achieve the same thing, it is just that the way I've previously done it isn't currently working. But the new way suffices. Again, sorry for the confusion caused by my poor wording. Cheers, Bryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Symlink Issue Next: Adding Domain User Accounts to Windows 7 Clients (Samba3.4.8 PDC) |