UPDATE: I would strongly recommend reading the following link prior to mucking about int he windows 7 registry. The changes required vary with different versions of Samba. You have been warned!
http://wiki.samba.org/index.php/Windows7
I had a client request a Windows 7 RC1 system so that they could test their product against the latest candidate from Redmond. Their network is made up of a mix of Windows clients on Linux/Samba servers. Setting up the new client was fairly easy, but, as expected, Windows 7 refused to join to a the Samba domain stating that the domain in question was not available. Having gone through something similar when we finally added Vista clients I expected to have to update Samba to get this to work. Turns out you have to add two reg keys as well. Since it took me a fair bit of search to find this, I thought I’d document the required changes here, if for no other reason to save myself the trouble when I went to do it again…
- First you need to be running Samba v3.3.4 or later. Earlier versions have been reported to work, but there are some issues. Since this version is not available in the OS repos (CentOS) I got my copy from the Samba Enterprise site. They carry packages in RHEL, SLES, and Debian flavors and I have been using them for some time.
- Next the Windows 7 client needs to have two registry keys added.
HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
- The following key needs to be changed or you will receive an error when trying to login using a domain accout of “The trust relationship between this workstation and the primary domain failed.”
HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters
RequireStrongKey = 0
Once these changes were made I was able to join the domain. I did receive an error on the join as shown in the following image, but the system seems to be working fine.
I’m assuming this will be resolved in future releases. Hope this helps save somebody at least a few minutes…
May 17th, 2009 at 1:13 pm
[...] Joining a Windows 7 system to a Samba domain [...]
May 17th, 2009 at 2:22 pm
[...] Garl wrote an interesting post today onGGTSdotNET » Blog Archive » Joining a bWindows 7/b system to a Samba b…/bHere’s a quick excerptI had a client request a bWindows 7/b RC1 system so that they could test their product against the latest candidate from Redmond. Their network is made up of a mix of bWindows/b clients on Linux/Samba servers. Setting up the bnew/b client was … [...]
May 20th, 2009 at 5:31 am
Presumably if DNS was configured for this domain, it wouldn’t be necessary to set “DNSNameResolutionRequired = 0″?
Perhaps future versions of Samba could use RNDC to update Bind with the required information.
May 20th, 2009 at 9:16 am
@ethel prunehat – not everyone uses BIND on Linux.
Just for starters:
http://en.wikipedia.org/wiki/Comparison_of_DNS_server_software
May 21st, 2009 at 4:06 am
[...] GGTSdotNET » Blog Archive » Joining a Windows 7 system to a Samba domain — 6:28am via [...]
May 30th, 2009 at 8:51 am
Additionally I had to be sure that ‘encrypt passwords = yes’ was set in the [global] section of my /etc/smb.conf .
This looks like a good candidate for a .reg file.
Thanks for posting man!
February 26th, 2010 at 4:19 am
Thank you, saved my day.
June 7th, 2010 at 9:04 am
Thank you for the post! I have a related follow up that I wonder if you have encountered. Have you seen instances of Win7 boxes losing their trust relationship with the domain? and thus preventing user login?
Thanks again
June 7th, 2010 at 1:02 pm
I’m guessing that the DNSNameResolutionRequired has more to do with the SRV records not being on the DNS server. BIND is capable of locating Domain Controllers, but does require SRV records to be added. http://www.linuxquestions.org/linux/answers/Networking/Configure_BIND_DNS_to_Answer_Active_Directory_Queries
November 13th, 2010 at 9:28 am
One understands that life is not cheap, but some people require money for different stuff and not every man earns enough money. Thus to get quick loan or just bank loan should be a correct solution.
March 7th, 2012 at 7:15 am
Thanks a lot for this it works.