Re: [Samba] Trouble joining Windows 7 machines to Samba PDC

2010-05-29 Thread David Adam 
On Mon, 15 Mar 2010, David Adam wrote:
 We have a domain controller running Samba 3.4.5 that is backed onto an 
 OpenLDAP datastore. The domain has no trouble joining Windows XP clients, 
 but we've got a couple of Windows 7 / Windows Server 2008 R2 Standard that 
 we can't join to the domain.
 
 The registry changes suggested in 
 http://wiki.samba.org/index.php?title=Windows7oldid=4766 have been 
 applied, and a UNIX account for the machine has been created.
 
 While the creation of the object in LDAP appears to succeed, the join 
 fails with super-helpful message The parameter is incorrect on the 
 client.

For the archives, I reported this as bug 7395 - as discussed, it appears 
that Windows 7 has tightened up a bit on valid SIDs and we somehow had an 
invalid one, possibly due to an endianness issue in an old version of Samba.

Replacing our SID that started with S-1-5-352321536 with S-1-5-21 solved 
all our problems.

David Adam
zanc...@ucc.gu.uwa.edu.au

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Trouble joining Windows 7 machines to Samba PDC

2010-03-15 Thread David Adam 
Hi folks,

We have a domain controller running Samba 3.4.5 that is backed onto an 
OpenLDAP datastore. The domain has no trouble joining Windows XP clients, 
but we've got a couple of Windows 7 / Windows Server 2008 R2 Standard that 
we can't join to the domain.

The registry changes suggested in 
http://wiki.samba.org/index.php?title=Windows7oldid=4766 have been 
applied, and a UNIX account for the machine has been created.

While the creation of the object in LDAP appears to succeed, the join 
fails with super-helpful message The parameter is incorrect on the 
client.

I've attached the NetSetup.log, the output of testparm, and a debug log at 
level 5 from one of the clients. The only thing particularly notable in 
the NetSetup output is:

NetpSetNetlogonDomainCache: DsEnumerateDomainTrustsW for all trusts failed 
with ERROR_NOT_SUPPORTED -- retry

Any hints?

David Adam
University Computer Club, UWA
zanc...@ucc.gu.uwa.edu.au[global]
workgroup = UCCDOMAYNE
server string = %h server
obey pam restrictions = Yes
passdb backend = ldapsam:ldaps://mussel.ucc.gu.uwa.edu.au 
ldaps://martello.ucc.gu.uwa.edu.au/
log level = all:10
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
debug pid = Yes
logon path = \musundo\profiles
logon drive = H:
logon home = \\musundo\%U
domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
wins server = 130.95.13.3
ldap admin dn = cn=admin,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
ldap machine suffix = ou=Computers
ldap passwd sync = only
ldap suffix = dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d

03/15/2010 18:19:21:613 
-

03/15/2010 18:19:21:613 NetpValidateName: checking to see if 'MAAXEN' is valid 
as type 1 name

03/15/2010 18:19:21:633 NetpCheckNetBiosNameNotInUse for 'MAAXEN' [MACHINE] 
returned 0x0

03/15/2010 18:19:21:633 NetpValidateName: name 'MAAXEN' is valid for type 1

03/15/2010 18:19:21:664 
-

03/15/2010 18:19:21:664 NetpValidateName: checking to see if 
'MAAXEN.ucc.gu.uwa.edu.au' is valid as type 5 name

03/15/2010 18:19:21:664 NetpValidateName: name 'MAAXEN.ucc.gu.uwa.edu.au' is 
valid for type 5

03/15/2010 18:19:21:700 
-

03/15/2010 18:19:21:701 NetpValidateName: checking to see if 'UCCDOMAYNE' is 
valid as type 3 name

03/15/2010 18:19:21:828 NetpCheckDomainNameIsValid [ Exists ] for 'UCCDOMAYNE' 
returned 0x0

03/15/2010 18:19:21:828 NetpValidateName: name 'UCCDOMAYNE' is valid for type 3

03/15/2010 18:19:26:413 
-

03/15/2010 18:19:26:413 NetpDoDomainJoin

03/15/2010 18:19:26:413 NetpMachineValidToJoin: 'MAAXEN'

03/15/2010 18:19:26:413 OS Version: 6.1

03/15/2010 18:19:26:413 Build number: 7600 (7600.win7_rtm.090713-1255)

03/15/2010 18:19:26:414 SKU: Windows Server 2008 R2 Standard

03/15/2010 18:19:26:414 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 
0x0

03/15/2010 18:19:26:414 NetpGetLsaPrimaryDomain: status: 0x0

03/15/2010 18:19:26:414 NetpMachineValidToJoin: status: 0x0

03/15/2010 18:19:26:415 NetpJoinDomain

03/15/2010 18:19:26:415 Machine: MAAXEN

03/15/2010 18:19:26:415 Domain: UCCDOMAYNE

03/15/2010 18:19:26:415 MachineAccountOU: (NULL)

03/15/2010 18:19:26:415 Account: UCCDOMAYNE\zanchey

03/15/2010 18:19:26:415 Options: 0x25

03/15/2010 18:19:26:415 NetpLoadParameters: loading registry parameters...

03/15/2010 18:19:26:415 NetpLoadParameters: status: DNSNameResolutionRequired 
set to '0'

03/15/2010 18:19:26:415 NetpLoadParameters: status: DomainCompatibilityMode set 
to '1'

03/15/2010 18:19:26:415 NetpLoadParameters: status: 0x0

03/15/2010 18:19:26:415 NetpValidateName: checking to see if 'UCCDOMAYNE' is 
valid as type 3 name

03/15/2010 18:19:26:517 NetpCheckDomainNameIsValid [ Exists ] for 'UCCDOMAYNE' 
returned 0x0

03/15/2010 18:19:26:517 NetpValidateName: name 'UCCDOMAYNE' is valid for type 3

03/15/2010 18:19:26:517 NetpDsGetDcName: trying to find DC in domain 
'UCCDOMAYNE', flags: 0x1020

03/15/2010 18:19:34:025 NetpLoadParameters: loading registry parameters...

03/15/2010 18:19:34:025 NetpLoadParameters: status: DNSNameResolutionRequired 
set to '0'

03/15/2010 18:19:34:025 NetpLoadParameters: status: DomainCompatibilityMode set 
to '1'

03/15/2010 18:19:34:025 NetpLoadParameters: status: 0x0

03/15/2010 18:19:34:025 NetpDsGetDcName: found DC '\\MYLAH' in the specified 
domain

03/15/2010 18:19:34:025 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0

03/15/2010 18:20:29:939 NetpJoinDomain: status of