[Samba] Windows 7 machine trust accounts expiring
Thomas Gutzler
thomas.gutzler at gmail.com
Mon Jan 18 01:19:44 MST 2010
Hi,
I'm having the same problem with my Windows 7 machines (64 bit
Enterprise) but not Vista. After exactly one month they complain that
"The trust relationship between this workstation and the primary domain
failed." and I have to rejoin the domain, which fixes it for another
month. This happens with and without the "X" account flag set.
I'm running samba 3.4.0-3ubuntu5 on ubuntu jaunty with tdbsam.
When the trust relationship expires, the samba log says:
rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client IX machine account IX$
Interestingly, even after rejoining the domain, when I log on as a
domain user for the first time, it shows the above error once more and
then logs on happily.
I also found this line several times:
smbd/service.c:1009(make_connection_snum) '/path/to/IX_' does not exist
or permission denied when connecting to [tom] Error was No such file or
directory
I'm logging on to the machine "ix" as user "tom" and none of the
machine accounts have home directories and so far none of them
complained about it missing; except the Windows7 ones. If I create the
directory and log in it says:
smbd/service.c:1047(make_connection_snum) ix (130.95.136.139) connect to
service tom initially as user tom (uid=1050, gid=1050) (pid 6387)
smbd/service.c:1047(make_connection_snum) ix (130.95.136.139) connect to
service tom initially as user IX$ (uid=1214, gid=200) (pid 6387)
smbd/nttrans.c:2076(call_nt_transact_ioctl)
call_nt_transact_ioctl(0x1401c4): Currently not implemented.
and logs in happily. There are no files in the newly created directories.
Alex: You mentioned that you wouldn't know until early this month if the
update to 3.4.3 solve this problem; did it?
Tom
On Wed, Dec 16, 2009 at 13:06, Alex Ferrara <alex at receptiveit.com.au> wrote:
> I think I have narrowed this down even further.
>
> I have been working through getting rid of error messages in the
> logs, and I have updated Samba to 3.4.3. This might have fixed the
> issue, and I won't know for some time, but I can still see the
> following error appearing in the logs, which seems to line up with
> the core issue of machine trust accounts expiring.
>
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client AC-2150 machine account AC-2150$
>
> I have noticed that the new Windows 7 machines say the password has
> expired on the same date that is in "sambaPwdLastSet". I added the
> "X" attribute in sambaAcctFlags in an attempt to stop the accounts
> from expiring.
More information about the samba
mailing list