Hi, I succesfuly joined five windows 7 client to a samba (version 3-3.2.15-40) domain with passdb backend = tdbsam, the client works correctly, user domain, network share printers etc, after 2 weeks the client does not access to domain, with this error: the trust relationship between this workstation and the primary domain failed, to resolve I remove the client from domain and join again, the problem reappears after a few days. I read in a forum that could be a cache password problem related with nscd, now i disabled service ncsd and enable winbind. i have also modified add machine script with /usr/sbin/useradd -g machines -c"client pc" -s /bin/false -M %u && nscd -i passwd && sleep 2s *My smb.conf* with samba samba3-3.2.15-40.suse101 workgroup = DOMAIN netbios name = MASTERGS obey pam restrictions = No logon script = scripts\%U.bat logon path = \\MASTERGS\profiles\%U logon home = \\MASTERGS\%U logon drive = Z: domain logons = Yes domain master = Yes guest account = nobody time server = Yes preferred master = yes wins support = yes os level = 44 passdb backend = tdbsam security = user smb ports = 139 445 server string = %h server (Samba, Suse) username map = /etc/samba/smbusers name resolve order = wins bcast bind hosts dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd veto oplock files = /*.pdf/*.PST/*.odb/*.ott/*.ods/*.odt/*.sxw/*.doc/ veto files = /*.mp3/ /*.wav/ /*.mpeg/ /*.avi/ /*.nbu /*.tmp /*.TMP host msdfs = No show add printer wizard = yes # Useradd scripts ################### add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -g machines -c"client pc" -s /bin/false -M %u && nscd -i passwd && sleep 2s #################################### idmap uid = 15000-20000 idmap gid = 15000-20000 #################################### passwd program = /usr/bin/passwd %u passwd chat = *Inserisci\snuova\sUNIX\spassword:* %n\n *Conferma\snuova\sUNIX\spassword:* %n\n . passwd chat debug = yes unix password sync = no # set the loglevel log level = 1 log file = /var/log/samba/%m.log ################################### [homes] comment = Directory Privata path = /home/samba/private/%S valid users = %S read only = No browseable = No [netlogon] comment = NLService path = /home/samba/netlogon guest ok = Yes browseable = No #################################################### [profiles] comment = Roaming Profiles path = /home/samba/profiles create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes force user = %U valid users = %U "Domain Admins" read only = No profile acls = Yes hide files = /DESKTOP.INI/desktop.ini/Desktop.ini #################################################### */etc/nsswitch.conf* passwd: compat group: compat hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files *Windows 7 reg modification* [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword:00000000 "DomainCompatibilityMode"=dword:00000001 *Error in client.log * rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from clientPCCLIENT machine account PCCLIENT$ Thanks
On Monday 05 July 2010 09:14:47 Ufficiotecnico Acknow Srl wrote:> Hi, > I succesfuly joined five windows 7 client to a samba (version > 3-3.2.15-40) domain with passdb backend = tdbsam, the client works > correctly, user domain, network share printers etc, after 2 weeks the > client does not access to domain, with this error: the trust > relationship between this workstation and the primary domain failed, to > resolve I remove the client from domain and join again, the problem > reappears after a few days.I have a similar problem with Samba 3.4.0, running on an Ubuntu server. I have seen this problem reported a number of times (on this list and elsewhere), but I have not seen any solution for it yet (still searching!). It seems to affect a number of people, but not all - some setups with Windows 7 work fine.> I read in a forum that could be a cache password problem related with > nscd, now i disabled service ncsd and enable winbind.I noticed after a trust relationship had broken that this machine's trust password had changed on the same day. I assume this is linked, though I am not sure who initiates this password change - is it Samba or is it the Windows 7 computer ? Here is a scenario I noticed : 1. User logs on fine in the morning ; 2. The pdb entry for that user suggests that the machine account password gets changed after the user has logged in ; 3. After a restart, the machine complains of a broken trust relationship. For instance here is the entry for a machine that was reported to have lost it's trust relation ship on Friday 2nd of July. The 'Password last set' field corresponds roughly to the time the user logged on. After restart, the trust relationship was broken : # pdbedit -Lv -u ct405$ Unix username: CT405$ NT username: Account Flags: [W ] User SID: S-1-5-21-4063849384-1695801231-3426977757-1029 Primary Group SID: S-1-5-21-4063849384-1695801231-3426977757-513 Full Name: CT405$ Home Directory: \\xxxx\ct405_ HomeDir Drive: H: Logon Script: ct405_.bat Profile Path: \\xxxx\Profiles\ct405_ Domain: xxxxxx Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set: Fri, 02 Jul 2010 09:20:39 BST Password can change: Fri, 02 Jul 2010 09:20:39 BST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF I don't know if any of this can help people suggest a fix. If you have ideas of things I could try, or would like me to run some tests, I will be more than happy to oblige ! Thanks, Anselm -- ------------------------------ Netuxo Ltd a workers' co-operative providing low-cost IT solutions for peace, environmental and social justice groups and the radical NGO sector VAT Registration No 943 6779 76 Registered as a company in England and Wales. No 4798478 Registered office: Unit 31, Daro Works, 80-84 Wallis Road, London E9 5LW, Britain ------------------------------ office: 020 8985 6843 mobile: 07921 466 360 general enquiries: office at netuxo.co.uk support requests: support at netuxo.co.uk http://www.netuxo.co.uk ------------------------------