Make sure that this settings are as follows:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOrSeal”=dword:0001
“RequireStrongKey”=dword:0001
It helped solve a problem like the one you're having.
On Thursday 14 January 2010 09:27:08 Richard Basch wrote:
> I have been going through all the Wikis and various Google searches to try
> to solve my problem, all to no avail.
>
> I can mount a Samba share, but whenever I try to login using a domain
> account, I receive an error about "The trust relationship between this
> workstation and the primary domain failed."
>
> What I have done so far, all to no avail.
> - Upgraded from Samba 3.4.2 to Samba 3.4.4 (under OpenSUSE 11.2)
> - Edited the registry settings on my Windows 7 client
> HKLM\System\CCS\Services\LanmanWorkstation\Parameters
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
> (I also tried reducing the security requirements for signing & encryption,
> but have read this is not required with current versions of Samba.)
>
> (And, I am running Windows 7 Professional on my client.)
>
> "testparm -v" indicates my smb.conf is valid, and I am able to mount
> shares, which is a positive indication the OpenLDAP integration is
> working. I am running OpenLDAP 2.4.15 or higher on all my LDAP servers (I
> think they are all 2.4.19 - 2.4.21).
>
> DNS is static, with none of the normal ADS entries. Only the DHCP server
> is allowed to modify DNS (and only the forward map allows updates, since
> DHCP updates of the reverse in-addr.arpa maps were problematic). To
> assist with finding the domain controller, I added the following to
> C:\Windows\System32\Drivers\etc\lmhosts:
> 192.168.15.2tardis #PRE #DOM:N2HA
> (Thus my attempts to join the domain appear successful, with the documented
> warnings about the domain suffix. Unfortunately, appearances are deceiving
> when I actually try to login using a domain account.)
>
> Attached are entries from my smbd.log and C:\Windows\debug\NetSetup.log and
> smb.conf.
>
> Any assistance or guidance would be greatly appreciated.
>
> log.smbd
>
> [2010/01/14 03:31:38, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client BAST machine account BAST$
> [2010/01/14 03:31:38, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client BAST machine account BAST$
> [2010/01/14 03:31:48, 0] lib/util_sock.c:539(read_fd_with_timeout)
> [2010/01/14 03:31:48, 0] lib/util_sock.c:1491(get_peer_addr_internal)
> getpeername failed. Error was Transport endpoint is not connected
> read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
> peer.
> [2010/01/14 03:33:17, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client BAST machine account BAST$
> [2010/01/14 03:33:17, 0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client BAST machine account BAST$
> [2010/01/14 03:33:30, 0] lib/util_sock.c:539(read_fd_with_timeout)
> [2010/01/14 03:33:30, 0] lib/util_sock.c:1491(get_peer_addr_internal)
> getpeername failed. Error was Transport endpoint is not connected
> read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
> peer.
> [2010/01/14 03:34:18, 0] lib/util_sock.c:539(read_fd_with_timeout)
> [2010/01/14 03:34:18, 0] lib/util_sock.c:1491(get_peer_addr_internal)
> getpeername failed. Error was Transport endpoint is not connected
> read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
> peer.
>
>
> C:\Windows\debug\NetSetup.log
> =
> 01/13/2010 23:36:18:337 NetpJoinDomain: status of connecting to dc
> '\\TARDIS': 0x0
> 01/13/2010 23:36:18:337 NetpProvisionComputerAccount:
> 01/13/2010 23:36:18:337 lpDomain: N2HA
> 01/13/2010 23:36:18:337 lpMachineName: BAST
> 01/13/2010 23:36:18:337 lpMachineAccountOU: (NULL)
> 01/13/2010 23:36:18:337 lpDcName: TARDIS
> 01/13/2010 23:36:18:337 lpDnsHostName: (NULL)
> 01/13/2010 23:36:18:337 lpMachinePassword: (null)
> 01/13/2010 23:36:18:337 lpAccount: N2HA\ntadmin
> 01/13/2010 23:36:18:337 lpPassword: (non-null)
> 01/13/2010 23:36:18:337 dwJoinOptions: 0x25
> 01/13/2010 23:36:18:337 dwOptions: 0x4003
> 01/13/2010 23:36:18:352 NetpLdapBind: ldap_bind failed on TARDIS: 49:
> Invalid Credentials
> 01/13/2010 23:36:18:426 NetpGetLsaPrimaryDomain: DNS Domain policy not
> supported, falling back to Primary Domain
> 01/13/2010 23:36:18:430 NetpGetLsaPrimaryDomain: status: 0x0
> 01/13/2010 23:36:18:432 NetpC