I have a Win 7 machine which accesses a Samba NT4 Domain. That machine has been used by a single user for a couple of years. I need to change the user. I find I can log in using the old users name and password, but if I try to login using the new users name and password I get an error message that there are no login servers. Sometimes I get an error message that there is not trust relationship between machine and the domain. I am able to login to the domain with the new user from a windows XP machine. I'm completely confused how one user will work and the other user will be rejected.
Robert Steinmetz AIA via samba wrote:> I have a Win 7 machine which accesses a Samba NT4 Domain. That machine > has been used by a single user for a couple of years. I need to change > the user. I find I can log in using the old users name and password, > but if I try to login using the new users name and password I get an > error message that there are no login servers. Sometimes I get an > error message that there is not trust relationship between machine and > the domain. > > I am able to login to the domain with the new user from a windows XP > machine. > > I'm completely confused how one user will work and the other user will > be rejected. > >OK, I tried removing the machine from the domain and re-adding it. Now the old user can't log in either.
Post your smb.conf file that you are running. On Mon, Nov 19, 2018 at 2:05 PM Robert Steinmetz AIA via samba < samba at lists.samba.org> wrote:> Robert Steinmetz AIA via samba wrote: > > I have a Win 7 machine which accesses a Samba NT4 Domain. That machine > > has been used by a single user for a couple of years. I need to change > > the user. I find I can log in using the old users name and password, > > but if I try to login using the new users name and password I get an > > error message that there are no login servers. Sometimes I get an > > error message that there is not trust relationship between machine and > > the domain. > > > > I am able to login to the domain with the new user from a windows XP > > machine. > > > > I'm completely confused how one user will work and the other user will > > be rejected. > > > > > OK, > > I tried removing the machine from the domain and re-adding it. Now the > old user can't log in either. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
1) Not a complete solution, but the old user might have been able to login locally using cached credentials, which, if their is no contact to the domain controller (perhaps from having lost sync with it and being considered no longer part of the domain). Upon forcing a domain resync by unjoin/join, now the old users cached creds are invalid. 2) as far as the users go, are both logins "known" by the server to be part of the domain? I might verify this by having the user login to the domain server, but I don't restrict domain-users from server-access/login. But any other way of verifying the user/password combination leading to a valid server-userid, would work. On 11/19/2018 2:05 PM, Robert Steinmetz AIA via samba wrote:> Robert Steinmetz AIA via samba wrote: > >> I have a Win 7 machine which accesses a Samba NT4 Domain. That machine >> has been used by a single user for a couple of years. I need to change >> the user. I find I can log in using the old users name and password, >> but if I try to login using the new users name and password I get an >> error message that there are no login servers. Sometimes I get an >> error message that there is not trust relationship between machine and >> the domain. >> >> I am able to login to the domain with the new user from a windows XP >> machine. >> >> I'm completely confused how one user will work and the other user will >> be rejected. >> >> >> > OK, > > I tried removing the machine from the domain and re-adding it. Now the > old user can't log in either. > >
I'm at home for the holidays so i'll respond later with some relevant log files if it helps you compare against yours. I have recently seen very similar behavior (not exactly the same) with Windows 7 systems using our Samba NT4 domain after upgrading Ubuntu 14.04 to 16.04 on our Domain Controller which upped the Samba version (I don't have those off the top of my head either). No matter how long I try to log in with a valid username and password it will fail with the error "no logon servers found", however older "cached" accounts would sometimes still work. The workaround has been to try and log in with a username that doesn't exist (randomly hitting keys on the keyboard). You do this once (or twice) in about a minute time-span and then the error message will switch from no logon servers to invalid username/password (and then work for normal users). The more the system is used, the less its likely to re-appear, but if a system remains idle for about a week then I get it again or sometimes right after re-adding it to the domain. I have on one occasion had the trust relationship error in the same time period while I was troubleshooting the no logon servers found, but after rejoining the specific system that error went away. Off the top of my head the error in the samba log files for that system showed something about not being able to enumerate the groups for the user, showing that it indeed found the logon server but got some error causing it to display no logon servers (so a false error). You might want to see if logs are being generated for that system showing something wrong going on. After using the fake username the groups enumerate properly when logging in with a valid username. On Mon, Nov 19, 2018 at 10:33 AM Robert Steinmetz AIA via samba < samba at lists.samba.org> wrote:> I have a Win 7 machine which accesses a Samba NT4 Domain. That machine > has been used by a single user for a couple of years. I need to change > the user. I find I can log in using the old users name and password, but > if I try to login using the new users name and password I get an error > message that there are no login servers. Sometimes I get an error > message that there is not trust relationship between machine and the > domain. > > I am able to login to the domain with the new user from a windows XP > machine. > > I'm completely confused how one user will work and the other user will > be rejected. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- Daryl Lee defactoman at gmail.com