Join Windows 7 to Samba PDC on Ubuntu Jaunty
by Greg on May.31, 2009, under Linux, Networking, Windows 7
I found some info on Google searches to get Windows 7 to join a Samba domain controller. I have Ubuntu 9.04 Jaunty which runs Samba 3.3.2, which I guess does not work. You need 3.3.4. Windows 7 needs a registry change:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
“DomainCompatibilityMode”=dword:00000001
“DNSNameResolutionRequired”=dword:00000000
The above need to be added to allow the join to work. Then find the key below and set those values to 0.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters]
“RequireSignOnSeal”=dword:00000000
“RequireStrongKey”=dword:00000000
The Netlogon values need to be updated, or Windows 7 will not allow domain logons. You’ll get an error about credentials and no domain controller, or something like it. Adding the second two will allow the logon.
Adding the registry keys above, plus upgrading Samba, did the trick. I was able to join Windows 7 to Samba 3.3.4, but I did get a weird error about the DNS suffix being wrong. I just said OK and left it. I tried to change it several times after, too, but always get the same error. System working fine so far though!
As for upgrading Samba, you’ll have to Google that one. But here’s what I did, in a nutshell. (This is NOT a HOWTO, just a record of my experience, so if you follow this, it might break your system. Just be warned.) I had a working domain controller, so I had a SAM database already with SID’s and passwords. I didn’t want to lose those. After backing up my server and Samba configs (including all the tdb files) I removed Samba 3.3.2 package from Ubuntu. Then I downloaded the Samba source tar.gz for version 3.3.4, unpacked and “./configure” and then compiled. (make && make install)
At this point I found all my tdb files and copied them into the default Samba installation, which was different than the Ubuntu package. I think the original tdb files from Ubuntu are in /var/lib/samba. I copied all that to /usr/local/samba/var/lock. (the default when compiling from source) I also setup a link from the original smb.conf in /etc/samba to /usr/local/samba/lib/smb.conf.
Now I’ve got my Windows 7 system logged in and joined to my Samba domain!
June 30th, 2009 on 2:29 pm
Not work!!!
June 30th, 2009 on 2:45 pm
Sorry to hear that. It worked fine for me. You do have Samba 3.3.4 right? I did get an error upon joining, but it still completed and worked, and I have domain logons on my machine.
July 3rd, 2009 on 1:34 am
Works great. Thanks!
July 30th, 2009 on 3:36 am
the interface of Windows 7 is great but in my opinion Windows XP is still a very solid and stable operating system. Right now, I would never give up XP for Windows 7.
August 7th, 2009 on 4:43 am
I got this to work with Windows 7 RC1, however it doesn’t work for me for Windows 7 RTM (x64).
Anyone seen this work on the release? Samba 3.3.4 confirmed.
I get the following failure when joining the domain
“The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted unjoin, reboot, and rejoin the domain”.
Everything is the same as the RC1 setup, except different machine name, and have tried 2 simple machine names.
August 7th, 2009 on 7:36 am
@owen
I am assuming you can join XP systems ok still right? (and your Samba setup hasn’t changed any) Did you check the Samba logs for any clues?
You could try manually adding the computer account on Samba with the “net” commands. (Google that) Then you would temporarily disable the machine add script in the smb.conf.
I don’t have access to the RTM. But you can bet there will be lots more people running into Samba/Win7 issues in the coming months. And with that a lot more help online.
August 7th, 2009 on 4:43 pm
Win 7 RTM with Samba 3.3.4 and the above registry edits worked for me. Samba 3.3.7 DID NOT WORK! Only version 3.3.4.
August 7th, 2009 on 11:13 pm
Figures, doesn’t it? Good to know, and thanks for posting Ken.
August 8th, 2009 on 4:48 pm
Thanks for the tips Greg. Indeed, a Win2k VM was having trouble joining as well, and it turns out after upgrading to samba 3.3.4, the existing add machine script was invalid because of a -n option to useradd. I just removed the -n, and now all my VMs including Win 7 RTM can join the domain.
Note that Win 7 RTM still weirdly warns about the DNS suffix, but seems OK, and I can log on to my domain accounts.
Thanks for all your help and original post!
August 8th, 2009 on 4:50 pm
Also, this link is useful for helping people upgrade samba…
http://ubuntuforums.org/showthread.php?t=1225500
August 10th, 2009 on 6:32 am
This also works with samba 3.2.11
(clean install of windows 7 – domain keeps working with the first updates from ms)
September 24th, 2009 on 11:15 pm
It’s working with samba 3.0.10 (windows 7 virtual box joined to domain)
October 2nd, 2009 on 5:17 pm
Hey… the regedit edition is not necessary.
The only thing you have to do is this:
1. Look up your samba “Netlogon” settings:
[netlogon]
path = /home/netlogon
writable = No
browseable = No
write list = root
2. By default samba domain create a folder in Netlogon path. For example: “santosjd”. Windows 7 and Windows Vista needs another file that is “santosjd.v2″ create that folder with all the permisitions of the folders that samba creates. Windows 7 and Windows Vista will copy the users file in the folder with “.v2″
Enjoy…
October 2nd, 2009 on 5:35 pm
Hey… the regedit edition is not necessary.
The only thing you have to do is this:
1. Look up your samba “Profiles” settings:
[profile]
path = /home/export/profile
oplocks = false
level2 oplocks = false
csc policy = disable
browseable = No
writeable = Yes
read only = No
profile acls = yes
create mask = 0600
store dos attributes = Yes
directory mask = 0700
2. By default samba domain create a folder in “Profile path”. For example: “santosjd”. Windows 7 and Windows Vista needs another file that is “santosjd.v2″ create that folder with all the permisitions of the folders that samba creates. Windows 7 and Windows Vista will copy the users file in the folder with “.v2″
Enjoy…
November 6th, 2009 on 3:46 pm
Still not working for me after following all of the above. I am running 3.3.4. When I attempt to join the domain I get this…
The join operation was not successful. This could be because an existing computer account having name “SPEEDY” was previously created using a different set of credentials. Use a different computer name or contact your administrator to remove any stale conflicting account. The error was Access is denied.
November 15th, 2009 on 1:25 am
Running smb3.4.0 after tweaking the registry I can join the domain [Yippie] (and also get this DNS message) but cannot logon [@#]. I get a message telling me the trust relationship between server and client is not ok. Anyone gets this too ?
(works great in XP though)
November 16th, 2009 on 12:51 pm
I had a problem recently while installing Windows 7 on a domain with Windows 2000 Server. I got that “trust relationship” error one time, but then after reboot everything worked just fine. Only did this on two systems so far, so haven’t bothered looking into it.
November 16th, 2009 on 2:17 pm
Nothing succeeds like the appearance of success.
January 31st, 2010 on 1:42 pm
I completely agree with Tim.. After the registry modifying, I have succeeded to join to samba domain, but can not logged in. Does samba upgrade solve the problem?
February 1st, 2010 on 8:56 am
Wallah!!!! it works!!