From: Anselm Heaton on
On Monday 05 July 2010 09:14:47 Ufficiotecnico Acknow Srl wrote:
> Hi,
> I succesfuly joined five windows 7 client to a samba (version
> 3-3.2.15-40) domain with passdb backend = tdbsam, the client works
> correctly, user domain, network share printers etc, after 2 weeks the
> client does not access to domain, with this error: the trust
> relationship between this workstation and the primary domain failed, to
> resolve I remove the client from domain and join again, the problem
> reappears after a few days.

I have a similar problem with Samba 3.4.0, running on an Ubuntu server. I have
seen this problem reported a number of times (on this list and elsewhere), but
I have not seen any solution for it yet (still searching!). It seems to affect
a number of people, but not all - some setups with Windows 7 work fine.

> I read in a forum that could be a cache password problem related with
> nscd, now i disabled service ncsd and enable winbind.

I noticed after a trust relationship had broken that this machine's trust
password had changed on the same day. I assume this is linked, though I am not
sure who initiates this password change - is it Samba or is it the Windows 7
computer ?

Here is a scenario I noticed :

1. User logs on fine in the morning ;
2. The pdb entry for that user suggests that the machine account password gets
changed after the user has logged in ;
3. After a restart, the machine complains of a broken trust relationship.

For instance here is the entry for a machine that was reported to have lost
it's trust relation ship on Friday 2nd of July. The 'Password last set' field
corresponds roughly to the time the user logged on. After restart, the trust
relationship was broken :

# pdbedit -Lv -u ct405$
Unix username: CT405$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-4063849384-1695801231-3426977757-1029
Primary Group SID: S-1-5-21-4063849384-1695801231-3426977757-513
Full Name: CT405$
Home Directory: \\xxxx\ct405_
HomeDir Drive: H:
Logon Script: ct405_.bat
Profile Path: \\xxxx\Profiles\ct405_
Domain: xxxxxx
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fri, 02 Jul 2010 09:20:39 BST
Password can change: Fri, 02 Jul 2010 09:20:39 BST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

I don't know if any of this can help people suggest a fix. If you have ideas of
things I could try, or would like me to run some tests, I will be more than
happy to oblige !

Thanks,
Anselm

--
------------------------------
Netuxo Ltd
a workers' co-operative
providing low-cost IT solutions
for peace, environmental and social justice groups
and the radical NGO sector

VAT Registration No 943 6779 76
Registered as a company in England and Wales. No 4798478
Registered office: Unit 31, Daro Works, 80-84 Wallis Road, London E9 5LW,
Britain
------------------------------
office: 020 8985 6843
mobile: 07921 466 360
general enquiries: office(a)netuxo.co.uk
support requests: support(a)netuxo.co.uk
http://www.netuxo.co.uk
------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Ufficiotecnico Acknow Srl on
A strange thing is that i have three domain with samba 3 and windows 7
client, in two of this scenario no problem: opensuse + samba
samba3-3.3.10-40 and centos + samba samba3-3.3.12-40 while with sles 10
and samba3-3.2.15-40 the problem persist, the field password last set
in the scenario with no problem is 1 month earlier while in the
problematic domain is setted with the date of login.


Il 06/07/2010 13:33, Anselm Heaton ha scritto:
> On Monday 05 July 2010 09:14:47 Ufficiotecnico Acknow Srl wrote:
>
>> Hi,
>> I succesfuly joined five windows 7 client to a samba (version
>> 3-3.2.15-40) domain with passdb backend = tdbsam, the client works
>> correctly, user domain, network share printers etc, after 2 weeks the
>> client does not access to domain, with this error: the trust
>> relationship between this workstation and the primary domain failed, to
>> resolve I remove the client from domain and join again, the problem
>> reappears after a few days.
>>
> I have a similar problem with Samba 3.4.0, running on an Ubuntu server. I have
> seen this problem reported a number of times (on this list and elsewhere), but
> I have not seen any solution for it yet (still searching!). It seems to affect
> a number of people, but not all - some setups with Windows 7 work fine.
>
>
>> I read in a forum that could be a cache password problem related with
>> nscd, now i disabled service ncsd and enable winbind.
>>
> I noticed after a trust relationship had broken that this machine's trust
> password had changed on the same day. I assume this is linked, though I am not
> sure who initiates this password change - is it Samba or is it the Windows 7
> computer ?
>
> Here is a scenario I noticed :
>
> 1. User logs on fine in the morning ;
> 2. The pdb entry for that user suggests that the machine account password gets
> changed after the user has logged in ;
> 3. After a restart, the machine complains of a broken trust relationship.
>
> For instance here is the entry for a machine that was reported to have lost
> it's trust relation ship on Friday 2nd of July. The 'Password last set' field
> corresponds roughly to the time the user logged on. After restart, the trust
> relationship was broken :
>
> # pdbedit -Lv -u ct405$
> Unix username: CT405$
> NT username:
> Account Flags: [W ]
> User SID: S-1-5-21-4063849384-1695801231-3426977757-1029
> Primary Group SID: S-1-5-21-4063849384-1695801231-3426977757-513
> Full Name: CT405$
> Home Directory: \\xxxx\ct405_
> HomeDir Drive: H:
> Logon Script: ct405_.bat
> Profile Path: \\xxxx\Profiles\ct405_
> Domain: xxxxxx
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Fri, 02 Jul 2010 09:20:39 BST
> Password can change: Fri, 02 Jul 2010 09:20:39 BST
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
> I don't know if any of this can help people suggest a fix. If you have ideas of
> things I could try, or would like me to run some tests, I will be more than
> happy to oblige !
>
> Thanks,
> Anselm
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba