To join a Windows 7 workstation to your Samba domain controller, you must be running Samba 3.3.4 or higher. It also requires registry hacks within the Windows 7 machine due to security upgrades from Microsoft. Microsoft is not intentionally breaking Samba support, they are simply forcing the Windows Server world to upgrade and deploy more secure mechanisms. Samba often gets caught in the crossfire of forced security hardening, but this is to be expected given that Microsoft doesn't work with or inform the Samba team of upcoming changes.

Failure to join a Samba domain is confusing. The error, as seen in Figure 2, will state, "The specified domain either does not exist or could not be contacted." If the domain controller really was inaccessible, you would get another error, before Windows asked for credential to join the machine to the domain. That error would explain how a domain controller was not found. This error, however, really has nothing to do with a connection error.

Figure 2. Some Windows errors are needlessly confusing.

To get Windows 7 clients to connect to the domain running Samba 3.3.4 or higher, four registry keys need to be changed. For the ones that don't exist, create them.

Two dword keys within HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesLanmanWorkstationParameters:

"DomainCompatibilityMode" = 1
"DNSNameResolutionRequired" = 0

And two within HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesNetlogonParameters:

"RequireSignOnSeal" = 0
"RequireStrongKey" = 0

After setting these, you should be able to join the machine to the existing Samba-run domain. Again, this is assuming you're working in an already-working environment. Configuring Samba to act as a domain controller is covered in the article, Build a Primary Domain Controller With Samba.

If you are adding a new Windows 7 machine to the domain, don't forget to create the machine account in Samba, after the Unix account exists. In Samba: 'useradd -a -m HOSTNAME'. And finally, remember that when joining the Windows 7 machine to the domain, you must use an account that has credentials to add machines.

Windows 7 is largely the same as Vista, so figuring out other problems that crop up doesn't take long, since people have been using and testing the operating system for a few years now. If you are planning to run a Samba domain controller for Windows 7 workstations, we recommend automating those registry setting changes within your installation environment.

Overall, Windows Vista/7 didn't present many surprises. The most common use case of Samba, as just a basic file server, works flawlessly assuming you have a fairly recent version of Samba. Most IT environments running a few Samba shares mixed within a Windows network, should have no problem supporting Windows 7 clients.

Article courtesy of Enterprise Networking Planet

« Back: It Half Works