none
Windows 7 can see Samba Shares but cannot see Samba Domain

    Question

  • Hello,

    After searching for a while maybe somebody has an idea how to resolve this:

    Symtoms:
    Windows 7 can see Samba Public Shares (but only if access them through Start->Run->\\MyServer\MyPath)
    Windows 7 cannot see the Samba PDC
    Windows XP can see the Samba PDC
    Ping to Server works

    --> Of course I would like to join Windows 7 to my Samba PDC - however, Windows does not even show or find the Domain.

    What I tried without success:
    - Deactivating both Firewalls (Server & Client)
    - Activated "Computer Browser" Service on Windows 7


    Any ideas why my Windows 7 does not see the Samba PDC?
    Thx in advance & Cheers!
    Saturday, September 19, 2009 2:50 PM

Answers

  • Try samba 3.3.4, and make the following edits to the Win 7 registry:

            HKLM\System\CCS\Services\LanmanWorkstation\Parameters
                DWORD  DomainCompatibilityMode = 1
                DWORD  DNSNameResolutionRequired = 0

            HKLM\System\CCS\Services\Netlogon\Parameters
                DWORD  RequireSignOnSeal = 0
                DWORD  RequireStrongKey = 0

    Drew Vonada-Smith
    • Marked as answer by gigiga Thursday, September 24, 2009 6:29 PM
    Monday, September 21, 2009 5:59 PM
  • Hi,

    After a couple of days of trying here the results that resolved all my issues:

    1) As indicated by Drew, the following Registry Keys resolved one part of the issue:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
    ; Enable NT-Domain compatibility mode
    ; Default:
    ; [value not present]
    ; "DomainCompatibilityMode"=-
    "DomainCompatibilityMode"=dword:00000001

    ; Disable required DNS name resolution
    ; Default:
    ; [value not present]
    ; "DNSNameResolutionRequired"=-
    "DNSNameResolutionRequired"=dword:00000000


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
    ; Disable requirement of signed communication
    ; My Samba (3.0.33) works with signed communication enabled, so no need to disable it.
    ; Default:
    ; "RequireSignOrSeal"=dword:00000001
    ; Disable the usage of strong keys
    ; Default:
    ; "RequireStrongKey"=dword:00000001
    "RequireStrongKey"=dword:00000000

    I found more details about this on the following discussion, which was also very helpful:
    http://www.nabble.com/Windows-7-RC-td23405949.html



    2) I actually needed to update to the newer Samba version (3.3.4) to resolve the issue, where Windows cannot establish a trust relationship with the domain controller.

    3) This only other issue I had after updating was that Samba tried to establish a TLS connection to the LDAP Server (which in my case is running on the same machine). Since I do not use TLS, this failed of course. Issue was resolved by adding "ldap ssl = No" to the smb.conf file on the samba server.


    Cheers!
    • Marked as answer by gigiga Thursday, September 24, 2009 6:29 PM
    Thursday, September 24, 2009 6:29 PM

All replies

  • Try samba 3.3.4, and make the following edits to the Win 7 registry:

            HKLM\System\CCS\Services\LanmanWorkstation\Parameters
                DWORD  DomainCompatibilityMode = 1
                DWORD  DNSNameResolutionRequired = 0

            HKLM\System\CCS\Services\Netlogon\Parameters
                DWORD  RequireSignOnSeal = 0
                DWORD  RequireStrongKey = 0

    Drew Vonada-Smith
    • Marked as answer by gigiga Thursday, September 24, 2009 6:29 PM
    Monday, September 21, 2009 5:59 PM
  • Hey Drew,

    Thank you very much for hints with these keys - this seems to have resolved half of the issue:

    Now during the join processes, the machine account is created on the PDC LDAP, however, Windows does not find it anymore after it has been created.
    This only happens with my Windows 7. Windows XP still works fine with the join process, etc.

    Could this be a version problem of Samba? You mentioned samba version 3.3.4 - there are a couple of nice fixes, but I could not find anything specific to Windows 7..... what's your point of view?

    Last Quick question about one of the registry key:
    Is it:
    DWORD  RequireSignOnSeal = 0
    Or:
    DWORD  RequireSignOrSeal = 0

    Cheers and thank you very muchf for helping me out here ;)
    Monday, September 21, 2009 8:26 PM
  • Hi,

    After a couple of days of trying here the results that resolved all my issues:

    1) As indicated by Drew, the following Registry Keys resolved one part of the issue:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
    ; Enable NT-Domain compatibility mode
    ; Default:
    ; [value not present]
    ; "DomainCompatibilityMode"=-
    "DomainCompatibilityMode"=dword:00000001

    ; Disable required DNS name resolution
    ; Default:
    ; [value not present]
    ; "DNSNameResolutionRequired"=-
    "DNSNameResolutionRequired"=dword:00000000


    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
    ; Disable requirement of signed communication
    ; My Samba (3.0.33) works with signed communication enabled, so no need to disable it.
    ; Default:
    ; "RequireSignOrSeal"=dword:00000001
    ; Disable the usage of strong keys
    ; Default:
    ; "RequireStrongKey"=dword:00000001
    "RequireStrongKey"=dword:00000000

    I found more details about this on the following discussion, which was also very helpful:
    http://www.nabble.com/Windows-7-RC-td23405949.html



    2) I actually needed to update to the newer Samba version (3.3.4) to resolve the issue, where Windows cannot establish a trust relationship with the domain controller.

    3) This only other issue I had after updating was that Samba tried to establish a TLS connection to the LDAP Server (which in my case is running on the same machine). Since I do not use TLS, this failed of course. Issue was resolved by adding "ldap ssl = No" to the smb.conf file on the samba server.


    Cheers!
    • Marked as answer by gigiga Thursday, September 24, 2009 6:29 PM
    Thursday, September 24, 2009 6:29 PM
  • Hi,

    I am running fedora 12 with samba 3.4.2-47.

    My PDC is working perfectly with Windows XP and Vista but I am having similar problems with Windows 7.

    After adding the additional registry keys I was able to add to the machine to the domain.

    But I cannot add domain users as local administrators - I get the 'trust relationship' error.

    Any ideas?

    Thanks
    Saturday, December 19, 2009 2:04 PM
  • Hi,

    I am running SLES10 with samba and LDAP.

    My PDC is working perfectly with Windows 2000 and Windows XP, but I am having similar problems with Windows 7.

    After adding the additional registry keys I was able to add to the machine to the domain.

    But I cannot log on as a domain user - I get the 'trust relationship' error.

    Any ideas?

    Thanks
    Firak
    Monday, March 08, 2010 2:30 PM
  • Firak,
    First have you found a solution to your problem? If so I would like to know because I had a similar issue on our development network.
    If I understand you correctly if your Winders 7 machine logs in first no issues, but if an older OS's logs in then Windows 7 will not correct?
    Also what version of Samba are you running on that machine?
    Thursday, March 18, 2010 9:35 PM
  • I am also having same problem not able to add to machine as domain user

    not able login as a domain user

    Error message: "Trust Relationship Between Workstation and Domain Fails".

    Samba 3.4 Version

     

    Thanks

    Kiranopatil


    Kiran O Patil
    Monday, February 28, 2011 3:48 AM
  • This is courtesy of another thread, however, this did resolve our issue with windows 7 & Vista accessing SAMBA shares, specfically when the client machines were NOT part of the same domain as the SAMBA server, or the autheticating domain controllers:

     

    Control Panel - Administrative Tools - Local Security Policy

    Local Policies - Security Options

    Network security: LAN Manager authentication level
    Send LM & NTLM responses

    • Proposed as answer by Xied75 Friday, December 07, 2012 5:14 PM
    Wednesday, June 29, 2011 3:28 PM
  • I also get the "Trust Relationship Between Workstation and primary Domain Fails". whenever I try to login win7

     

    I have a samba 3.4.7 under ubuntu

     

    Was able to make the workstation join but I cannot make a user login to domain and I cannot add a domain user to the local machine.

     

    any ideas for this yet?

    Tuesday, August 23, 2011 9:53 PM
  • I am also having same problem not able to add to machine as domain user

    not able login as a domain user

    Error message: "Trust Relationship Between Workstation and Domain Fails". 

    Thanks

    Gupta

    Wednesday, November 16, 2011 5:09 AM
  • I am also having same problem not able to add to machine as domain user

    not able login as a domain user

    Error message: "Trust Relationship Between Workstation and Domain Fails".

    Samba 3.4 Version

     

    Thanks

    Mearan

    • Proposed as answer by scartilla Wednesday, November 05, 2014 11:39 PM
    • Unproposed as answer by scartilla Wednesday, November 05, 2014 11:47 PM
    Wednesday, November 16, 2011 5:15 AM
  • I have also the same error message but I solved through below registry settings.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters

    "DomainCompatibilityMode"=dword:00000001

    "DNSNameResolutionRequired"=dword:00000000

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters

    "RequireSignOrSeal"=dword:00000001

    "RequireStrongKey"=dword:00000001


    • Proposed as answer by scartilla Wednesday, November 05, 2014 11:47 PM
    • Unproposed as answer by scartilla Wednesday, November 05, 2014 11:47 PM
    • Edited by scartilla Thursday, November 06, 2014 11:13 PM
    Wednesday, November 05, 2014 11:40 PM
  • Try samba 3.3.4, and make the following edits to the Win 7 registry:

            HKLM\System\CCS\Services\LanmanWorkstation\Parameters
                DWORD  DomainCompatibilityMode = 1
                DWORD  DNSNameResolutionRequired = 0

            HKLM\System\CCS\Services\Netlogon\Parameters
                DWORD  RequireSignOnSeal = 0
                DWORD  RequireStrongKey = 0

    Drew Vonada-Smith

    Wouldn't that instead be "RequireSignOrSeal"?  ("Or" not "On")
    Thursday, August 06, 2015 9:12 PM