buy hypertropin

GGTSdotNET

The notes of a madman

Archive for the ‘Samba’ Category

Joining a Windows 7 system to a Samba domain

Posted by grigsby on May 17, 2009

UPDATE: I would strongly recommend reading the following link prior to mucking about int he windows 7 registry. The changes required vary with different versions of Samba. You have been warned!


http://wiki.samba.org/index.php/Windows7

I had a client request a Windows 7 RC1 system so that they could test their product against the latest candidate from Redmond. Their network is made up of a mix of Windows clients on Linux/Samba servers. Setting up the new client was fairly easy, but, as expected, Windows 7 refused to join to a the Samba domain stating that the domain in question was not available. Having gone through something similar when we finally added Vista clients I expected to have to update Samba to get this to work. Turns out you have to add two reg keys as well. Since it took me a fair bit of search to find this, I thought I’d document the required changes here, if for no other reason to save myself the trouble when I went to do it again…

  1. First you need to be running Samba v3.3.4 or later. Earlier versions have been reported to work, but there are some issues. Since this version is not available in the OS repos (CentOS) I got my copy from the Samba Enterprise site. They carry packages in RHEL, SLES, and Debian flavors and I have been using them for some time.
  2. Next the Windows 7 client needs to have two registry keys added.

    HKLMSystemCurrentControlSetServicesLanmanWorkstationParameters
    DWORD DomainCompatibilityMode = 1
    DWORD DNSNameResolutionRequired = 0
  3. The following key needs to be changed or you will receive an error when trying to login using a domain accout of “The trust relationship between this workstation and the primary domain failed.”

    HKLMSYSTEMCurrentControlSetservicesNetlogonParameters
    RequireStrongKey = 0

Once these changes were made I was able to join the domain. I did receive an error on the join as shown in the following image, but the system seems to be working fine.

domainjoinerror

I’m assuming this will be resolved in future releases. Hope this helps save somebody at least a few minutes…

Read the rest of this entry »

Samba error: “Failed to verify incoming ticket!”

Posted by grigsby on March 8, 2009

I started having an issue with one of my samba servers. This particular server uses an AD controller for authentication. Today it stopped authenticating. A brief search found this error in the log.client_name log.


[2009/03/08 18:28:16, 1, pid=6667, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!

After a bit of research and more than a little digging in the source code (FLOSS FTW!!!) I found that this error message is related to a time difference between the client and server. This lead me to the fact that my NTP client was pointing to a server that had been removed from the network some time ago. A change to the NTP client and a forced time change and BAM, Samba is working again.

UPDATE: I forced the time change with the ntpdate command but I’ve just been informed that I could have used the AD controller itself using the following:

net time set -S ad_controller_name_OR_IP

Vista backup to Samba share

Posted by grigsby on February 15, 2009

So I recently had to deploy a Vista machine to a customer’s network. Till now we had only had one vista box stuck in corner for testing. Now is has been decided that we need a couple of Vista boxes on peoples desktops. The logic goes that we won’t find as many problems if people aren’t using it on a regular basis. (I really feel for the guy that got suck with the Vista box. I mean the box is nice, but Vista just sucks. Eggs. Really old eggs.)

So the initial setup of the box was normal for Vista. I spent most of my time trying to figure out where they hide or renamed options… Typical, right? So the box gets deployed and I migrate the user’s data to the system. Then I got to setup backup for his email. We typically just using Windows backup to backup email and a a few other files. Everything else is stored in on the server. So I got to start the backup process and I get this:


Windows Backup
File Backup could not save your automatic backup settings for thefollowing reason:
Cannot create a file when that file already exists. (0x800700B7)
Please try again

Or something similar. A quick swipe at google and I see that it’s a Samba/Vista issue. Something changed in SMB2 and the only thing that seems affected is Vista Backup. Figures. So I schedule server downtime for the weekend to update Samba as according to the Samba Bugzilla site, this is fixed in a slightly later release.

Sunday afternoon comes along and here I am. I install the update, restart Samba and…. Frack. Error. Fast forward 3 hours. After I start reading comments on the Bugzilla site in desperation I find that the issue is related to ACLs that Vista backup is trying to set on the directory. Wait, does ext3 support ACLs? /me quick google…. Ah, you have to pass the file system an option to enable ACL support. So, long story short… If you want Vista backup to work, you have to 3.0.25+ of Samba, and you have to have ACL support enabled on your file system. The magic incantation is simply spec’ing ‘acl’ in the mount command, like this:


LABEL=/work /work ext3 acl 1 2

I hope this saves at least one person the hours I’ve just wasted.

For reference:
https://bugzilla.samba.org/show_bug.cgi?id=4308
https://bugzilla.samba.org/show_bug.cgi?id=5306
https://bugzilla.samba.org/show_bug.cgi?id=5306
http://social.answers.microsoft.com/Forums/en-US/vistaprograms/thread/d91d7785-9a00-4b26-9ae3-ae35b0d9317b/
http://www.samba.org/samba/history/samba-3.0.25.html