Martin Hochreiter
2010-Sep-30 08:38 UTC
[Samba] Recject machine password change & reject auth request from client ... related?
Hi! We still suffering on that "Rejecting auth request from client" with our windows 7 machines, and additionally have the problem that windows 7 machines are randomly loosing there trustship. May it be that both topics are related, that simply windows 7 can not set a proper machine account password from the domain join on and looses trustship if it tries to change the password ...? regards martin Both issues: ********************************************************************************************************** I have samba 3.5.4 on an Ubuntu 8.04 running with windows 7 clients. (ldapsam as background tdb) I do have log entries of some machines in my samba log: /netlogon_creds_server_check failed. Rejecting auth request from client XXXXX machine account XXXXX$/ The user working on the machine does not seem affected in any way by that "problem" but It would be interesting how to solve that (that machines still have that behaviour after unjoin an rejoin the domain - as I thought it would be helpful to set the password again) Can somebody give me a hint please? regards martin ******************************************************************************************************* On 2010-08-09 14:18, Stefan Oberwahrenbrock wrote:> > We are observing the following phenomenon: After 30 days our Windows 7 > clients lose their trust relationship with the samba domain. We think, > that > the automatic machine password change on these clients fails.I posted a message about the very same problem on July 15. I think it does not always happen after 30 days (or whatever the change interval is set to), but only occurs when the machine password change time has arrived and the computer is on, but not no one is logged on (i.e. the login box is shown). Since we are only starting to deploy Windows 7, we simply turned the machine password change off in the registry of our imaged installation and the few real installations. We had no more problems afterwards. There are three ways to change the machine password behavior: Client-Registry: HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 or Client-Registry: HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters MaximumPasswordAge = dword:1000000 or Server-Registry (if you have a Windows server) HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters RefusePasswordChange = dword:1 With Samba + OpenLDAP, set sambaRefuseMachinePwdChange = 1 in the sambaDomainName=.... entry. Peter