samba - Jan 2006 - Machine failing to keep its trust with Domain Controller

Hi, 
 
We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
for months
but suddently have trouble to keep its trust with the DC server. 
 
The only way to recover is to reset the machine account from the Windows
DC side 
and do a "net join" to the domain from the Linux side. The Linux
machine
is able to 
keep its "trust" with the domain exactly 7 days, which, AFAIU, is the
default in Samba and 
also in the DC side.
 
It is somewhat surprizing since this Linux Samba server w/o problems for
months. 
>From the Windows DC side, the only thing which was done just before this
problem 
appeared, was to patch the DC to SP1 as far as I remember. 
 
Below are the messages we can see in the /var/log/samba/samba.log file: 
 
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(45)
  Can't get IP for PDC for domain MY_DOMAIN
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(93)
  2006/01/18 10:49:57 : change_trust_account_password: Failed to change
password for domain MY_DOMAIN.

Linux Kernel: 2.4.21-20.ELsmp
Samba: 
        samba-3.0.4-6.3E              
        samba-common-3.0.4-6.3E 
 
/etc/smb.conf: see below
 
Tia 
 
-- Meir 
/etc/smb.conf
# Global parameters

[global]
workgroup = MY_DOMAIN
netbios name = Samba_Server
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = mydc-server.com
log file = /var/log/samba/samba.log
log level = 1
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = our_wins
kernel oplocks = No
create mask = 0775
directory mask = 0775
oplocks = No
username map = /etc/samba/username.map
case sensitive = no
preserve case = yes
local master = no
use sendfile = no

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
browseable = No

 

 

***********************************************************************************
This email message and any attachments thereto are intended only for use by the
addressee(s) named above, and may contain legally privileged and/or confidential
information. If the reader of this message is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this communication in
error, please immediately notify the postmaster@nds.com and destroy the original
message.
***********************************************************************************

Hi, 
 
We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
for months
but suddently have trouble to keep its trust with the DC server. 
 
The only way to recover is to reset the machine account from the Windows
DC side 
and do a "net join" to the domain from the Linux side. The Linux
machine
is able to 
keep its "trust" with the domain exactly 7 days, which, AFAIU, is the
default in Samba and also in the DC side.
 
It is somewhat surprizing since this Linux Samba server w/o problems for
months. 
>From the Windows DC side, the only thing which was done just before this
problem 
appeared, was to patch the DC to SP1 as far as I remember. 
 
Below are the messages we can see in the /var/log/samba/samba.log file: 
 
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(45)
  Can't get IP for PDC for domain MY_DOMAIN
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(93)
  2006/01/18 10:49:57 : change_trust_account_password: Failed to change
password for domain MY_DOMAIN.

Linux Kernel: 2.4.21-20.ELsmp
Samba: 
        samba-3.0.4-6.3E              
        samba-common-3.0.4-6.3E 
 
/etc/smb.conf: see below
 
Tia 
 
-- Meir 
/etc/smb.conf
# Global parameters

[global]
workgroup = MY_DOMAIN
netbios name = Samba_Server
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = mydc-server.com
log file = /var/log/samba/samba.log
log level = 1
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = our_wins
kernel oplocks = No
create mask = 0775
directory mask = 0775
oplocks = No
username map = /etc/samba/username.map
case sensitive = no
preserve case = yes
local master = no
use sendfile = no

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
browseable = No

 

 
***********************************************************************************
This email message and any attachments thereto are intended only for use by the
addressee(s) named above, and may contain legally privileged and/or confidential
information. If the reader of this message is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this communication in
error, please immediately notify the postmaster@nds.com and destroy the original
message.
***********************************************************************************

I had the same problem on my RHEL 4 system.
after setting "machine password timeout = 0" the problems have
gone away.

chris
 
> -----Original Message-----
> From: 
> samba-bounces+christian.masopust=siemens.com@lists.samba.org 
> [mailto:samba-bounces+christian.masopust=siemens.com@lists.sam
> ba.org] On Behalf Of Dukhan, Meir
> Sent: Tuesday, January 24, 2006 8:15 PM
> To: samba@lists.samba.org
> Cc: Dukhan, Meir
> Subject: [Samba] Machine failing to keep its trust with 
> Domain Controller
> 
> Hi, 
>  
> We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
> for months
> but suddently have trouble to keep its trust with the DC server. 
>  
> The only way to recover is to reset the machine account from 
> the Windows
> DC side 
> and do a "net join" to the domain from the Linux side. The 
> Linux machine
> is able to 
> keep its "trust" with the domain exactly 7 days, which, AFAIU, is
the
> default in Samba and 
> also in the DC side.
>  
> It is somewhat surprizing since this Linux Samba server w/o 
> problems for
> months. 
> >From the Windows DC side, the only thing which was done just 
> before this
> problem 
> appeared, was to patch the DC to SP1 as far as I remember. 
>  
> Below are the messages we can see in the 
> /var/log/samba/samba.log file: 
>  
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(45)
>   Can't get IP for PDC for domain MY_DOMAIN
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(93)
>   2006/01/18 10:49:57 : change_trust_account_password: Failed 
> to change
> password for domain MY_DOMAIN.
> 
> Linux Kernel: 2.4.21-20.ELsmp
> Samba: 
>         samba-3.0.4-6.3E              
>         samba-common-3.0.4-6.3E 
>  
> /etc/smb.conf: see below
>  
> Tia 
>  
> -- Meir 
> /etc/smb.conf
> # Global parameters
> 
> [global]
> workgroup = MY_DOMAIN
> netbios name = Samba_Server
> server string = Samba Server
> security = DOMAIN
> encrypt passwords = Yes
> password server = mydc-server.com
> log file = /var/log/samba/samba.log
> log level = 1
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = our_wins
> kernel oplocks = No
> create mask = 0775
> directory mask = 0775
> oplocks = No
> username map = /etc/samba/username.map
> case sensitive = no
> preserve case = yes
> local master = no
> use sendfile = no
> 
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> browseable = No
> 
>  
> 
>  
> 
> **************************************************************
> *********************
> This email message and any attachments thereto are intended 
> only for use by the addressee(s) named above, and may contain 
> legally privileged and/or confidential information. If the 
> reader of this message is not the intended recipient, or the 
> employee or agent responsible to deliver it to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, 
> please immediately notify the postmaster@nds.com and destroy 
> the original message.
> **************************************************************
> *********************
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>