Windows 7 Support

From SME Server
Jump to navigation Jump to search
PythonIcon.png Skill level: medium
The instructions on this page require a basic knowledge of linux.


Author

David Harper

Background

Windows 7 was released in October 2009. Due to changes in the way that trust relationships are established with domain controllers, older versions of Samba do not allow Windows 7 clients to log in once joined to a domain.

Although an upstream fix was made available for SME Server 8 (based on CentOS 5, see bug 5425), there is no comparable fix available from the upstream vendor for SME 7.x (based on CentOS 4).

Join a SME Server 8.0 Domain with Win7

Previously you needed to edit your Win7 registry to facilitate the joining of a SME Server Domain, however this can more easily be achieved by importing win7samba.reg fix by using either a usb key or by the network with http.

  • Save the Win7 registry patch (win7samba.reg) from https://your-server-ip/server-resources/regedit/ with your favourite web browser
  • On your windows desktop, start "regedit" from the start menu and import the win7samba.reg
  • Set your domain instead of your workgroup. Add the client machine to the domain as normal.
  • When asked on your Windows PC use the 'admin' username and your SME Server admins password.
  • You have to reboot your computer to reach the domain


  Tip:
To connect a windows Seven client to your domain, Go to the "start menu", right click on computer, select "Properties", select the link "change Settings", then click on "Change" Tab.. Enter your servers "Domain" value in the domain field and 'Connect'. Enter the username of admin(*) with the servers admin password when asked, and you should get back the response 'Connected to Domain'.


(*) Admin or any user in the 'Domain Admins' group can join the domain.

Slow login with win7 to sme8 domain

With certain network you can have an issue with some slow login to the SME Server domain because a timeout issue on network.. In this case you have to do following commands lines as you can find in bugzilla:7332 Actually the version of package needed e-smith-samba-2.2.0-54.el5.sme is in smeupdates-testing but in few time it will be by default in smeupdates so in first verify you package version

rpm -qa e-smith-samba
e-smith-samba-2.2.0-54.el5.sme

You need at least this version or above otherwise try this

yum update --enablerepo=smeupdates-testing e-smith-samba
signal-event post-upgrade; signal-event reboot

Then you must add a new configuration to you smb internal database

config setprop smb WaitForNetwork disabled
signal-event console-save 

This is what you need to find in your server-ressources

cat /home/e-smith/files/server-resources/regedit/win7samba.reg 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DNSNameResolutionRequired"=dword:00000000
"DomainCompatibilityMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"WaitForNetwork"=dword:00000000

After that You have to follow the standard way to add a Win7 to the SME DOMAIN Windows_7_Support#Join_a_SME_Server_8.0_Domain_with_Win7

Adding Windows 7 Support to SME Server 7

  Warning:
This howto is based upon limited testing and may cause SME Server to experience issues when backing up, installing regular updates, and upgrading to version 8 upon release. SerNet packages are NOT supported by SME Server developers. You should only use these instructions if Windows 7 support is critical for your environment.


Thanks to SerNet, SME 7 users can now install an updated version of Samba which fixes the domain trust issues.

Installation

  • Add the SerNet repository for CentOS 4.x
db yum_repositories set SerNet repository \
 BaseURL http://ftp.sernet.de/pub/samba/3.5/centos/4 \
 EnableGroups yes \
 GPGCheck no \
 Name 'SerNet Samba Team packages (CentOS 4)' \
 Visible yes \
 status enabled
signal-event yum-modify
  • Update SME Server - the new Samba packages will install automatically.
yum update
signal-event post-upgrade ; signal-event reboot

Configuring Clients


  Note:
You may see an error message on join regarding primary DNS suffix. This doesn't seem to affect any actual functionality


  • Log in as the 'admin' user for the first time.


  Note:
You may see an error message when logging in for the first time. This appears to be a once off timeout issue which does not recur.


Refer to bugzilla:5897 and bugzilla:7002 for details of following error

  Note:
You may see an error message "The specified domain either does not exist or could not be contacted." when logging in for the first time. This is a harmless message. Windows 7 after it joins the domain tries to resolve its dns name (and assumes that the domain controller will setup a dns entry for its hostname. See following for a MS hotfix [1]


Roaming Profiles

Windows 7 clients require that a version 2 profile folder exist in the profiles$ share, which on SME Server is located in /home/e-smith/files/samba/profiles.

This additional profile folder is automatically provisioned for existing users when the installing latest version of e-smith-samba (see bug 5423). After this point, all new user accounts have the folder created as soon as they are added.


  Note:
If version 2 profile folders are not available, Windows 7 will create a temporary profile when you log in. Should you experience this problem, make sure that your SME Server installation is fully up to date.


Version 2 profiles are not compatible with Windows XP and earlier. If you have mixed environments you will be required to maintain two separate profiles for each user.

Source Code

SerNet publishes the source code for their latest Samba build at http://ftp.sernet.de/pub/samba/3.5/src/rpm/

Code for older builds is also available at http://ftp.sernet.de/pub/samba/old/src/rpm/