Bug#550043: marked as done (samba: Windows 7 the trust relationship between this workstation and the primary domain failed)

Debian Bug Tracking System Fri, 16 Oct 2009 10:35:08 -0700

Your message dated Fri, 16 Oct 2009 17:50:07 +0200
with message-id <[email protected]>
and subject line Re: [Pkg-samba-maint] Bug#550043: samba: Windows 7 the trust 
relationship between this workstation and the primary domain failed
has caused the Debian Bug report #550043,
regarding samba: Windows 7 the trust relationship between this workstation and 
the primary domain failed
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
550043: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550043
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: samba
Version: 2:3.2.5-4lenny6
Severity: important

When adding a Windows 7 machine to a Samba PDC, using the following registry 
entries the machine account is created in /etc/passwd and in the samba database 
(pdbedit -L finds it, with a password):

HKLM\System\CCS\Services\LanmanWorkstation\Parameters 
DWORD  DomainCompatibilityMode = 1 
DWORD  DNSNameResolutionRequired = 0 

HKLM\System\CCS\Services\Netlogon\Parameters 
DWORD  RequireSignOnSeal = 0 
DWORD  RequireStrongKey = 0

The Windows 7 PC gives a DNS extension error, but joins the domain succesfully.
After reboot of the PC, you have to wait a bit before the domain controller can 
be found to validate the password, but then comes up with the following error:

"the trust relationship between this workstation and the primary domain failed" 

and won't allow a logon.

The PC event viewer gives the following System -> Netlogon error:

This computer could not authenticate with \\DOMAIN, a Windows domain controller 
for domain DOMAIN, and therefore this computer might deny logon requests. This 
inability to authenticate might be caused by another computer on the same 
network using the same name or the password for this computer account is not 
recognized. If this message appears again, contact your system administrator.

[2009/10/07 10:19:03,  2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3490)
  Returning domain sid for domain DOMAIN -> 
S-1-5-21-649339501-1567589259-2286301166
[2009/10/07 10:19:04,  2] lib/access.c:check_access(406)
  Allowed connection from ::ffff:192.168.0.39 (::ffff:192.168.0.39)
[2009/10/07 10:19:04,  2] libsmb/credentials.c:netlogon_creds_server_check(223)
  netlogon_creds_server_check: credentials check failed.
[2009/10/07 10:19:04,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth 
request from client MACHINE machine account MACHINE$
[2009/10/07 10:19:19,  0] lib/util_sock.c:read_socket_with_timeout(939)
[2009/10/07 10:19:19,  0] lib/util_sock.c:get_peer_addr_internal(1676)
  getpeername failed. Error was Transport endpoint is not connected
  read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by 
peer.
[2009/10/07 10:30:47,  2] lib/access.c:check_access(406)
  Allowed connection from UNKNOWN (::ffff:192.168.0.39)
[2009/10/07 10:30:47,  2] libsmb/credentials.c:netlogon_creds_server_check(223)
  netlogon_creds_server_check: credentials check failed.
[2009/10/07 10:30:47,  0] 
rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)

Logging in as a normal user into the workgroup DOMAIN allows file sharing to 
work fine.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser         3.110                    add and remove users and groups
ii  debconf [debcon 1.5.24                   Debian configuration management sy
ii  libacl1         2.2.47-2                 Access control list shared library
ii  libattr1        1:2.4.43-2               Extended attribute shared library
ii  libc6           2.7-18                   GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
ii  libcups2        1.3.8-1+lenny6           Common UNIX Printing System(tm) - 
ii  libgnutls26     2.4.2-6+lenny1           the GNU TLS library - runtime libr
ii  libkrb53        1.6.dfsg.4~beta1-5lenny1 MIT Kerberos runtime libraries
ii  libldap-2.4-2   2.4.11-1                 OpenLDAP libraries
ii  libpam-modules  1.0.1-5+lenny1           Pluggable Authentication Modules f
ii  libpam-runtime  1.0.1-5+lenny1           Runtime support for the PAM librar
ii  libpam0g        1.0.1-5+lenny1           Pluggable Authentication Modules l
ii  libpopt0        1.14-4                   lib for parsing cmdline parameters
ii  libtalloc1      1.2.0~git20080616-1      hierarchical pool based memory all
ii  libwbclient0    2:3.2.5-4lenny6          client library for interfacing wit
ii  logrotate       3.7.1-5                  Log rotation utility
ii  lsb-base        3.2-20                   Linux Standard Base 3.2 init scrip
ii  procps          1:3.2.7-11               /proc file system utilities
ii  samba-common    2:3.2.5-4lenny6          Samba common files used by both th
ii  update-inetd    4.31                     inetd configuration file updater
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

samba recommends no packages.

Versions of packages samba suggests:
pn  ldb-tools                   <none>       (no description available)
ii  openbsd-inetd [inet-superse 0.20080125-2 The OpenBSD Internet Superserver
pn  smbldap-tools               <none>       (no description available)

-- debconf information:
  samba/run_mode: daemons
  samba/generate_smbpasswd: true

--- End Message ---

--- Begin Message ---

Version: 2:3.3.6:1

Quoting Wolfgang Granzer ([email protected]):
> I have exactly the same problem. Users on Windows 7 clients are
> unable to login when the client is within a Windows Domain where the
> PDC is running on Debian lenny.
> 
> However, I upgraded the samba package to the one of the backports
> repository (Samba version 3.3.6-1). Now, it works and Windows 7
> users are able to login.
> 
> Is there a chance that this issue will be also fixed in the stable packages?

I doubt it. That would mean backport upstream changes for Windows 7
support which are certainly not trivial fixes. Changes that happened
between 3.2.5 and 3.3.6 are  really large ones.

Thanks for reporting that this bug is fixed in a recent version. Hence
closing the bug report for squeeze and unstable.

signature.asc
Description: Digital signature

--- End Message ---

Bug#550043: marked as done (samba: Windows 7 the trust relationship between this workstation and the primary domain failed)

Reply via email to