There was an earlier thread about failing trust relationships between Windows 7 and Samba. Since we occasionally experience the same problem with Win 7 clients against a Samba 3.5.4 server, I investigated this a bit further. I think it happens when - the time to change the machine password has arrived - the Win 7 machine is up, but no one is logged on (login box is shown on the screen). To reproduce this, I reduced the machine password change interval to one day on a test computer, then let the login prompt sit there for a day or so - and indeed I could not log in anymore because of a trust relationship failure. I will try this a couple more times. I hope this helps to find a remedy. Peter
On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss <rindfuss at wzb.eu> wrote:> There was an earlier thread about failing trust relationships between > Windows 7 and Samba. Since we occasionally experience the same problem with > Win 7 clients against a Samba 3.5.4 server, I investigated this a bit > further. > > I think it happens when > - the time to change the machine password has arrived > - the Win 7 machine is up, but no one is logged on (login box is shown on > the screen). > > To reproduce this, I reduced the machine password change interval to one day > on a test computer, then let the login prompt sit there for a day or so - > and indeed I could not log in anymore because of a trust relationship > failure. I will try this a couple more times. > > I hope this helps to find a remedy. >Did you ever solve this issue? How did you change the "machine password change interval"? I just had a single windows 7 box fail trust relationship and I saw that the last modify time in ldap for that account was August 30, 2010. John
Am 04.10.2010 16:23 schrieb John Drescher:> On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss<rindfuss at wzb.eu> wrote: >> There was an earlier thread about failing trust relationships between >> Windows 7 and Samba. Since we occasionally experience the same problem with >> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit >> further. >> >> I think it happens when >> - the time to change the machine password has arrived >> - the Win 7 machine is up, but no one is logged on (login box is shown on >> the screen). >> >> To reproduce this, I reduced the machine password change interval to one day >> on a test computer, then let the login prompt sit there for a day or so - >> and indeed I could not log in anymore because of a trust relationship >> failure. I will try this a couple more times. >> >> I hope this helps to find a remedy. >> > Did you ever solve this issue? How did you change the "machine > password change interval"? > > I just had a single windows 7 box fail trust relationship and I saw > that the last modify time in ldap for that account was August 30, > 2010. > > JohnHi John! Just for information - We too do use the DisableMachinePasswordChange option of the registry because the "Refuse Machine Password Change" option on the samba server is not working with win 7, and we do not have any problems with the expiring issue. As I wrote some threads before - I think the thrustship problem is related to the "Reject machine account" logs we see if a user logs on on a samba server ... the samba server refuses it and according to that is not doing the password change too. But thats just theory. regards Martin
On Mon, Oct 4, 2010 at 12:58 PM, Martin Hochreiter <linuxbox at wavenet.at> wrote:> ?Am 04.10.2010 16:23 schrieb John Drescher: >> >> On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss<rindfuss at wzb.eu> ?wrote: >>> >>> There was an earlier thread about failing trust relationships between >>> Windows 7 and Samba. Since we occasionally experience the same problem >>> with >>> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit >>> further. >>> >>> I think it happens when >>> - the time to change the machine password has arrived >>> - the Win 7 machine is up, but no one is logged on (login box is shown on >>> the screen). >>> >>> To reproduce this, I reduced the machine password change interval to one >>> day >>> on a test computer, then let the login prompt sit there for a day or so - >>> and indeed I could not log in anymore because of a trust relationship >>> failure. I will try this a couple more times. >>> >>> I hope this helps to find a remedy. >>> >> Did you ever solve this issue? How did you change the "machine >> password change interval"? >> >> I just had a single windows 7 box fail trust relationship and I saw >> that the last modify time in ldap for that account was August 30, >> 2010. >> >> John > > Hi John! > > Just for information - > We too do use the DisableMachinePasswordChange option of the registry > because > the "Refuse Machine Password Change" option on the samba server is not > working with win 7, and > we do not have any problems with the expiring issue. > > As I wrote some threads before - I think the thrustship problem is related > to the "Reject machine account" > logs we see if a user logs on on a samba server ... the samba server refuses > it and according to that is not > doing the password change too. But thats just theory. >Thanks both of you. I will do this for all windows 7 boxes to avoid the issue for now. John