From: Alex Ferrara on
I think I have narrowed this down even further.

I have been working through getting rid of error messages in the logs, and I have updated Samba to 3.4.3. This might have fixed the issue, and I won't know for some time, but I can still see the following error appearing in the logs, which seems to line up with the core issue of machine trust accounts expiring.

rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client AC-2150 machine account AC-2150$

I have noticed that the new Windows 7 machines say the password has expired on the same date that is in "sambaPwdLastSet". I added the "X" attribute in sambaAcctFlags in an attempt to stop the accounts from expiring. Below is an ldif of a Windows 7 machine trust account

dn: uid=ac-2150$,ou=computers,dc=domain,dc=local
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
cn: ac-2150$
uid: ac-2150$
uidNumber: 1111
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer
sambaDomainName: DOMAIN
sambaPrimaryGroupSID: S-1-5-21-3581057417-3103041693-70022037-515
sambaSID: S-1-5-21-3581057417-3103041693-70022037-3222
sambaNTPassword: DABA25E3910551C63347D399520C123D
sambaAcctFlags: [WX ]
sambaPwdLastSet: 1260776037

Any help would be appreciated.

aF
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba