Windows 7 Pro machines trust relationship fails

Can you attach your smb.conf and /var/log/samba/log.smbd and /var/log/samba/log.nmbd please?

Thanks
chuck

Ok, attaching log file from nmbd, smbd log file for the computer having problems logging in, excepts from syslog, smb.conf and part of slapd database in ldif format.

Thanks for the information.Which version of samba are you using?

Regards
chuck

Looking at the description, he is using 3.4.0-3ubuntu5.3.

I am running 3.4.0-3ubuntu5.6 as a PDC on Karmic and seeing much the same problem with my Windows 7 Pro 64 client. My client loses trust relationship every 30 days like clockwork, but can be restored manually. I will attach my smb.conf and client log. Let me know if I should provide more.

I am seeing the same problem..... I introduced a Win7 Pro (Retail) client to the domain during January 2010, then sometime late in February, the client lost its trust relationship. So I rejoined it to the domain, and again today, the user has complained that the Trust Relationship is lost. All other Domain members are running Vista Business and do not experience this problem.

I've attached smb.conf, log.nmbd (only mentions a Win7 Pro [OEM] Client called 'ANDREW-PC', which was joined about two weeks ago), log.smbd and also log.win7pro32-pc which shows the actual denial of access.

There are now three win7 pro clients on this domain and I'm anticipating that the new ones will loose their trust relationship sometime too! Fixing the problem remotely is a pain as I have to get a user to log in to a local admin account and enable remote access for me.

Samba data store is "passdb backend = tdbsam".

To rejoin the domain I do:
1) Logon as local administrator.
2) pdbedit -x [MACHINE_NAME]$
3) Use Windows Network Identity Wizard to Join the domain "Total", keeping Computer Name the same.

I am willing to alter my configuration or test any proposed fixes for this problem, and I'm happy to provide further logs or debug if required.

Oh and Samba version is:
# smbstatus -V
Version 3.4.0

# dpkg --list | grep samba
ii egroupware-sambaadmin 1.6.001+dfsg-2 web-based groupware suite - Samba administra
ii samba 2:3.4.0-3ubuntu5.6 SMB/CIFS file, print, and login server for U
ii samba-common 2:3.4.0-3ubuntu5.6 common files used by both the Samba server a
ii samba-common-bin 2:3.4.0-3ubuntu5.6 common files used by both the Samba server a
ii samba-doc 2:3.4.0-3ubuntu5.6 Samba documentation

Ubuntu release is Karmic (9.10) - Live-Upgraded from Jaunty.

Don't know if it will work, but today I remove the windows 7 from the domain, changed the HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange to 1, rejoined the domain.
We will see in 30 days..

BUMP! This is becoming a real Pain in the backside now.. The more Windows 7 Clients I add the more times each month I'm disturbed to rejoin machines to the Domain after they've lost their trust relationship.

Can anyone shed any light on this problem??? Either an explanation of why it happens, how to prevent it, or whether upgrading to Ubuntu 10.04LTS will make any odds.

Many thanks in advance to anyone who can help.

previous comment by macno is the best guess to prevent it. as you can see, it was posted roughly 29 days ago so wait a few days, hopefully he/she will report back and we all will be wiser.

Why not change the HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge to 1 or 2 and see what happens with DisablePasswordChange changed to 1? I can't test right now. Anyone else care to?

Today, 30 days after the change, user logged in without any problem.
I'll give you another feedback on Monday

Michele

I confirm that workaround used in #9 works.

The issue seems to be that the workstation user accounts change their passwords every 30 days. Take a look at one of my workstations log files:

[2010/06/24 09:43:25, 1] auth/auth_util.c:577(make_server_info_sam)
  User WORKSTATION29$ in passdb, but getpwnam() fails!
[2010/06/24 09:43:25, 0] auth/auth_sam.c:355(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'