Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 526498 - Windows 7 does not integrate the domain with samba PDC/BDC
Summary: Windows 7 does not integrate the domain with samba PDC/BDC
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba
Version: 5.2
Hardware: i686
OS: Linux
Target Milestone: rc
: ---
Assignee: Simo Sorce
QA Contact: BaseOS QE
URL: http://www.nabble.com/Windows-7-RC-td...
Depends On:
TreeView+ depends on / blocked
Reported: 2009-09-30 16:00 UTC by Frederic Hornain
Modified: 2009-11-02 21:30 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-11-02 21:30:13 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Frederic Hornain 2009-09-30 16:00:11 UTC
Description of problem:
Indeed my client use samba-3.0.28-0.el5.8 as PDC and BDC for his windows authentications. 
BTW, it works well for his XP and Vista Stations for years. 
Nonetheless, recently he had the good idea to migrate few ones to Windows 7 and he had the unpleasant situation to discover Windows 7 was not able to be part of his domain.

You can read in the attached URL my client is not alone in such situation. 

Version-Release number of selected component (if applicable):

How reproducible:
Install Samba and configure it as it behaves as PDC and try to integrate Windows 7.

Steps to Reproduce:
Please read the attached Post. I followed the Windows 7 registery keys modifications mentioned in the POST by Volker Lendecke, then do some modification in the local policy 
- aka. :

1. Modify the parameters below : 

    Control Panel - Administrative Tools - Local Security Policy

    Local Policies - Security Options

    Network security: LAN Manager authentication level
    Send LM & NTLM responses

    Minimum session security for NTLM SSP
    Disable Require 128-bit encryption

2. Restart the computer.
3. Specify a uniq Windows Domain to the client station. e.g.: DOMAIN
4. Enter the administrator user in order to be authenticated to this domain.
5. Normally it should failed. But give you a second try and it should work.
6. Now you station should be in the domain - not in the proper way- but it works.
7. Again, Restart the computer 
8. Use a standard account to be logged into the domain and also on your client station.
Actual results:
Now we are a little bit stuck cause we have the following error on the samba :

[2009/09/30 16:14:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client ROBBIE machine account ROBBIE$
[2009/09/30 16:14:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client ROBBIE machine account ROBBIE$

And we have the following error on the windows :
There are currently no logon servers available to service the logon request !

We red that we should upgrade to 3.3 in order to fix the problem nonetheless, I do no recommend to my client to upgrade from samba 3.0 to samba 3.3 as it is not available to RHEL 5 yet.

So I suggested them to wait before using W7 but they absolutely want to have it....  

Expected results:
Windows 7 should be able to integrate Domain provided by Samba

Additional info:

Comment 1 Frederic Hornain 2009-10-08 09:21:39 UTC

FYI, we have found a solution to bypass that problem temporary.
We have installed a Fedora 11 BDC with its associated samba package in addition of the current PDC, BDC RHEL5 intrastructure.
In order to make windows 7 integrate the domaine, in additon of windows 7 registery modifications,  you have to set the wins parameter in the windows 7 to the RHEL5 PDC IP in order to join the domain then to be authenticated you have to change the parameter wins to the Fedora 11 BDC IP.

Let's hope I am clear in my explanations. 
Anyway, I will provide the windows script which permit to join the the domain soon.

Comment 2 Simo Sorce 2009-11-02 21:30:13 UTC
With the Release of RHEL5.4 we provide a new package called samba3x (it conflicts with the default samba package).
This package can be used to create a PDC that is capable of supporting Windows 7 machines.
The default 3.0.x packages cannot do that, it doesn't have the infrastructure needed to support win7 clients.

Note You need to log in before you can comment on or make changes to this bug.