Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS <steve at greengecko.co.nz> http://www.greengecko.co.nz MSN: steve at greengecko.co.nz Skype: sholdowa
On 19 May 2013 23:13, "Steve Holdoway" <steve at greengecko.co.nz> wrote:> > Can anyone help with this? I set it all up a few months ago, the samba > side being standard upgrades via debian - configured as a PDC, and the > windows 7 clients being clean installs, with the standard > lanmanworkstation regedits done. > > They've been working fine since then, but have now started failing, > instead raising the error message > > 'The trust relationship between this work station and the primary > domain has failed' > > on the client. > > Any suggestions?? > > Cheers, > > Steve > > -- > Steve Holdoway BSc(Hons) MNZCS <steve at greengecko.co.nz> > http://www.greengecko.co.nz > MSN: steve at greengecko.co.nz > Skype: sholdowa >Hey Steve, Have you checked the time on the client and PDC? They should be pretty much the same. Cheers, Chris
The problem is that I'm descending further into the mire. Can't log on to the PC as local administrator account is disabled, can't log on in safe mode without arriving at the domain login screen, can't seem to find anything on the server side to fix this. Remembering well why I chose the dark side years ago, and losing the will to live... Steve On 20/05/13 19:22, Dewayne Geraghty wrote:> Steve, Linda's on the money. > > We experience this problem when staff are absent for as little as a week, could just be a timing problem. Though if your PC's and > server has been continuously up, then your PC's may have dropped the location of where the server is. If that is the case, then you > might need to examine either: how your pdc advertises itself, or where you've told the PC's to find the WINS server. > > Typically an administrator accesses the PC and tells it to rejoin the domain. A simple leave and rejoin does the trick. > > Regards, Dewayne. > >> -----Original Message----- >> From: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] On Behalf Of Linda Walsh >> Sent: Monday, 20 May 2013 11:29 AM >> To: Chris Rowson; Samba mailing list >> Subject: Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery... >> >> >> >> >> >> Chris Rowson wrote: >>> On 19 May 2013 23:13, "Steve Holdoway" >> <steve at greengecko.co.nz> wrote: >>> >>>> Can anyone help with this? I set it all up a few months >> ago, the samba >>>> side being standard upgrades via debian - configured as a >> PDC, and the >>>> windows 7 clients being clean installs, with the standard >>>> lanmanworkstation regedits done. >>>> >>>> They've been working fine since then, but have now started failing, >>>> instead raising the error message >>>> >>>> 'The trust relationship between this work station and the primary >>>> domain has failed' >>>> >> I had this problem alot until I told my windows computer to disable >> machine account >> password changes. I think it changes them about every 30 >> days or maybe >> less -- but >> it would change it's password and the server wouldn't be informed, so >> the shared-secret >> between the two of them was no longer decipherable. >> >> To be honest, it doesn't sound like the BEST way, or the most >> SECURE way >> to fix >> the problem, BUT, given my windows machine is on a closed >> internal net, >> practicality trumps imaginary security problems.... >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba
I've found a howto to enable local admin via recovery/regedit, and have now enabled it. I can leave and re-join the domain with no problem at all, BUT STILL CAN'T LOG IN, even using the same account that I used to leave/join the domain. Hair long gone ): Steve On 21/05/13 15:06, Dewayne Geraghty wrote:> Oh dear! You're in a really bad place. > > The PC can't join the domain. Therefore you can't use domain credentials. So the domain is out of the picture. This has occurred > because the PC has changed its computer password and failed to notify the server within its normal limits. So - forget the domain. > > > A local priv'ed account is your only option. But without that, or a local Administrator password, you're really hosed. Its meant > to be this way... > > Windows is good at one thing, making it really difficult to "own" a machine when you don't have credentials. But not the data. > > If you have critical information on the PC and it hasn't been encrypted, then you should be able to extract it by taking the disk > out and inserting into a UNIX machine, or perhaps another Win PC. > > I vaguely recall some Linux software that broke into the security db, about 12 years ago; but I expect MS has fixed that. > > If I were at this point, I'd try to "repair" the machine and take the system back to a known local account. > > And when this is all over, don't forget to create a priv'ed account on all PC's with a long complex password that is your ultimate > failsafe. (I do this with all customers, and I don't recall the number of times that has been the ONLY solution.) > > Good luck, let me know if you are able to repair the system, if you take that course. > > Kind regards, Dewayne >
On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote:> Can anyone help with this? I set it all up a few months ago, the samba > side being standard upgrades via debian - configured as a PDC, and the > windows 7 clients being clean installs, with the standard > lanmanworkstation regedits done. > > They've been working fine since then, but have now started failing, > instead raising the error message > > 'The trust relationship between this work station and the primary > domain has failed' > > on the client. > > Any suggestions??One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org