Re: [Samba] trust relationship between this workstation and the primary domain failed
Tcpdump from 2008 (works) and XP (not working) are different. I noticed 2008 and windows 7 (working) smbclients keep all SMB traffic between the smbclient and smbserver while XP and 2000 (not working) communicate SMB traffic between SMBserver and AD server as well as SMBserver and SMBclient. TCP dump from Samba server below: 2008 (working) smbclient SMBnegprot (REQUEST) - smbserver smbserver SMBnegprot (REPLY) - smbclient smbclient SMBsessionsetupX (REQUEST) - smbserver smbserver SRV _ldap... and A lookup - DNS DNS - smbserver smbserver - AD AD - smbserver smbserver SMBsesssetupX (REPLY) - smbclient smbclient SMBtconX (REQUEST) - smbserver smbserver SMBtconX (REPLY) - smbclient smbclient SMBtrans2 (REQUEST) - smbserver smbclient SMBtrans2 (REQUEST) - smbserver smbserver SMBtrans2 (REPLY) - smbclient smbserver SMBtrans2 (REPLY) - smbclient smbclient SMBntcreateX (REQUEST) - smbserver smbserver SMBntcreateX (REPLY) - smbclient smbserver SMBwriteX (REQUEST) - smbclient smbserver SMBwriteX (REPLY) - smbclient smbclient SMBreadx (REQUEST) - smbserver smbserver SMBntcreateX (REPLY) - smbclient smbclient SMBclose (REQUEST) - smbserver smbserver SMBclose (REPLY) - smbclient XP (Not working) smbclient SMBnegprot (REQUEST) - smbserver smbserver SMBnegprot (REPLY) - smbclient smbclient SMBsessionsetupX (REQUEST) - smbserver smbserver SRV _ldap... and A lookup - DNS DNS - smbserver smbserver - AD AD - smbserver smbserver SMBnegprot (REQUEST) - AD AD SMBnegprot (REPLY) - smbserver smbserver SMBsessionsetupX (REQUEST) - AD AD SMBsessionsetupX (REPLY) - smbserver smbserver SMBtconX (REQUEST) - AD AD SMBtconX (REPLY) - smbserver smbserver SMBntcreateX (REQUEST) - AD AD SMBntcreateX (REPLY) - smbserver smbserver SMBtdis (REQUEST) - AD AD SMBtdis (REPLY) - smbserver smbserver SMBnegprot (REQUEST) - AD AD SMBnegprot (REPLY) - smbserver smbserver SMBsessionsetupX (REQUEST) - AD AD SMBsessionsetupX (REPLY) - smbserver smbserver SMBtconX (REQUEST) - AD AD SMBtconX (REPLY) - smbserver smbserver SMBntcreateX (REQUEST) - AD AD SMBntcreateX (REPLY) - smbserver smbserver SMBtdis (REQUEST) - AD AD SMBtdis (REPLY) - smbserver smbserver SMBsesssetupX (REPLY) - smbclient.menandmice-lpm smbclient.univ-appserver - smbserver.http smbserver.http - smbclient.univ-appserver smbclient.univ-appserver - smbserver.http smbserver.http - smbclient.univ-appserver --- On Tue, 4/17/12, clinton propst clintonpro...@yahoo.com wrote: From: clinton propst clintonpro...@yahoo.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: Ivan Ordonez iordo...@berkeley.edu Date: Tuesday, April 17, 2012, 2:19 PM Ivan, XP and 2000 Servers LAN MAN was set to LM NTLM. I reset an XP node to 'Send NTLMv2 response only\refuse LM NTLM' and reboot and receive the same errors. Searching through tcpdump of failed attempt. Clinton --- On Tue, 4/10/12, Ivan Ordonez iordo...@berkeley.edu wrote: From: Ivan Ordonez iordo...@berkeley.edu Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Date: Tuesday, April 10, 2012, 5:41 PM I believe the LAN MAN authentication level should be set to this. Send NTLMv2 response only\refuse LM NTLM On 4/10/2012 2:25 PM, clinton propst wrote: Thanks for the Reply. All of our smb clients (windows 7, server 2000, server 2008, xp) are set to require NTLMv2 and 128 bit encryption. The windows 7 and server 2008 work fine. Do you think we should try setting xp and 2000 nodes to NTLMv1? Thanks, Clinton --- On Tue, 4/10/12, Ivan Ordonez iordo...@berkeley.edu wrote: From: Ivan Ordonez iordo...@berkeley.edu Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Date: Tuesday, April 10, 2012, 2:36 PM Have you try changing the NTLM authentication level? On 4/10/2012 9:17 AM, clinton propst wrote: Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. --- On Tue, 4/10/12, John Drescherdresche...@gmail.com wrote: From: John Drescherdresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propstclintonpro...@yahoo.com
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 7:47 AM On Tue, Apr 10, 2012 at 8:43 AM, clinton propst clintonpro...@yahoo.com wrote: Samba shares work for windows 7 and Server 2008, but XP and Server 2000 recieve the following error when trying to map samba shares: The trust relationship between this workstation and the primary domain failed. tail -f /var/log/messages Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788387, 0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel) Apr 10 07:38:03 samba01 smbd[23581]: cli_rpc_pipe_open_schannel: failed to get schannel session key from server ad1.strat.com for domain ARN. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.788601, 0] auth/auth_domain.c:188(connect_to_domain_password_server) Apr 10 07:38:03 samba01 smbd[23581]: connect_to_domain_password_server: unable to open the domain client session to machine ad1.strat.com. Error was : NT_STATUS_ACCESS_DENIED. Apr 10 07:38:03 samba01 smbd[23581]: [2012/04/10 07:38:03.789152, 0] auth/auth_domain.c:289(domain_client_validate) Apr 10 07:38:03 samba01 smbd[23581]: domain_client_validate: Domain password server not available Samba 3.5.10 RHEL 6.2 Any help is appreciated. http://lists.samba.org/archive/samba/2010-October/158591.html -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.comwrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. --- On Tue, 4/10/12, John Drescher dresche...@gmail.com wrote: From: John Drescher dresche...@gmail.com Subject: Re: [Samba] trust relationship between this workstation and the primary domain failed To: clinton propst clintonpro...@yahoo.com Cc: samba@lists.samba.org Date: Tuesday, April 10, 2012, 9:09 AM On Tue, Apr 10, 2012 at 9:46 AM, clinton propst clintonpro...@yahoo.com wrote: Thannks for the reply. Set the the reg key below and rebooted. Issue still not resolved. From reading that post it looks like that was a fix for windows 7. Our windows 7 workstations and server 2008 can access samba shares, but xp and server 2000 cannot. HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 You have to re add all machines affected machines to the domain. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] trust relationship between this workstation and the primary domain failed
Still not working after readding machines to the domain. Errors are the same as originally posted in /var/log/messages. Please forget my advice. I thought you had a different problem. I should not reply to posts while distracted.. I do not know how to solve your issue. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
