Hello everyone, I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, some computers, mainly the ones with Windows 7, are getting trust relationship problems and I cannot find the source of the problem. All my windows boxes do automatic updates, and there was a pack of 9 or 10 updates yesterday, but i don't know if this have some relation with the problem. I don't know exactly what kind of information i should give to get extra help, so any help is welcome. Tks in advance
On Wed, Feb 9, 2011 at 1:04 PM, Leonardo Carneiro <chesterman86 at gmail.com> wrote:> Hello everyone, > > I have a Samba 3.4.7 + OpenLDAP working as PDC. Since this morning, > some computers, mainly the ones with Windows 7, are getting trust > relationship problems and I cannot find the source of the problem. All > my windows boxes do automatic updates, and there was a pack of 9 or 10 > updates yesterday, but i don't know if this have some relation with > the problem. > > I don't know exactly what kind of information i should give to get > extra help, so any help is welcome. >http://www.mail-archive.com/samba at lists.samba.org/msg110665.html John
> > >> >> Hi John and others, >> >> Tks for the feedback. I tried the configs you showed to me and >> unfortunally did not work. Also, there is a [small] number of windows >> xp and vista getting the same problem too. Any new ideas? > > You need to re add the systems back to the domain after the trust > expires. The registry entries are to prevent the expiration not to fix > an already expired trust.The easy way to test is to use the Windoze network wizard and keep the name the same. If the join works and on reboot the trust works then it is most definately the machine pass issue.> > > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Wed, Feb 9, 2011 at 4:36 PM, <tms3 at tms3.com> wrote:> > > Hi John and others, > > Tks for the feedback. I tried the configs you showed to me and > unfortunally did not work. Also, there is a [small] number of windows > xp and vista getting the same problem too. Any new ideas? > > You need to re add the systems back to the domain after the trust > expires. The registry entries are to prevent the expiration not to fix > an already expired trust. > > The easy way to test is to use the Windoze network wizard and keep the name > the same. If the join works and on reboot the trust works then it is most > definately the machine pass issue. > > > John > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >I tried both the "sambaRefuseMachinePwdChange = 1" in LDAP and the test in the network wizard. The wizard fails with a RPC error message. The setting in ldap had no effect. In fact, almost all machines are having this issue now, but it seems to be occasional. Once in a while, someone just logs in OK. It happens that the error is now happening on every windows machine, not just the the ones with windows 7. =S
On Thu, Feb 10, 2011 at 5:45 AM, Leonardo Carneiro <chesterman86 at gmail.com> wrote:> On Wed, Feb 9, 2011 at 4:36 PM, ?<tms3 at tms3.com> wrote: >> >> >> Hi John and others, >> >> Tks for the feedback. I tried the configs you showed to me and >> unfortunally did not work. Also, there is a [small] number of windows >> xp and vista getting the same problem too. Any new ideas? >> >> You need to re add the systems back to the domain after the trust >> expires. The registry entries are to prevent the expiration not to fix >> an already expired trust. >> >> The easy way to test is to use the Windoze network wizard and keep the name >> the same. If the join works and on reboot the trust works then it is most >> definately the machine pass issue. >> >> >> John >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > > I tried both the "sambaRefuseMachinePwdChange = 1" in LDAP and the > test in the network wizard. The wizard fails with a RPC error message. > The setting in ldap had no effect. In fact, almost all machines are > having this issue now, but it seems to be occasional. Once in a while, > someone just logs in OK. It happens that the error is now happening on > every windows machine, not just the the ones with windows 7. =S > --Set the following registry keys on each client: HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 "MaximumPasswordAge = 1000000", a million days. John
> > --- Original message --- > Subject: Re: [Samba] Problem with trust relationship > From: Leonardo Carneiro <chesterman86 at gmail.com> > To: <samba at lists.samba.org> > Date: Thursday, 10/02/2011 2:46 AM > > On Wed, Feb 9, 2011 at 4:36 PM, <tms3 at tms3.com> wrote: >> >> >> >> Hi John and others, >> >> Tks for the feedback. I tried the configs you showed to me and >> unfortunally did not work. Also, there is a [small] number of windows >> xp and vista getting the same problem too. Any new ideas? >> >> You need to re add the systems back to the domain after the trust >> expires. The registry entries are to prevent the expiration not to fix >> an already expired trust. >> >> The easy way to test is to use the Windoze network wizard and keep the >> name >> the same. If the join works and on reboot the trust works then it is >> most >> definately the machine pass issue. >> >> >> John >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > > I tried both the "sambaRefuseMachinePwdChange = 1" in LDAP and the > test in the network wizard. The wizard fails with a RPC error message.Hmmm. Details? This is begining to smell of browsing issues. Do you have a WINS server?> > > The setting in ldap had no effect. In fact, almost all machines are > having this issue now, but it seems to be occasional. Once in a while, > someone just logs in OK. It happens that the error is now happening on > every windows machine, not just the the ones with windows 7. =S > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba