[Samba] NT4 machine trust breaks on a Samba-BDC

[Mikko Kortelainen]

Hello all,

We have Samba (2.2.5) running on three servers, each in a different
subnet.  One of them is a PDC (domain master = yes). The Samba PDC is
also the NIS master. The smbpasswd is replicated using rsync to the
other machines that act as Samba BDCs (domain master = no). They are
also NIS slave servers. The smbpasswd synchronization takes place
automatically every time smbpasswd is updated, and the NIS maps are
updated and pushed automatically to the slaves whenever a machine joins
the domain.

Let's say that the Samba PDC is in subnet A, and the BDCS are in subnets
B and C.

I can join the domain with NT, W2k and WXP from all of the subnets, and
the machine trust accounts and passwords are being replicated as they
should be.   

Nothing ever stops working in subnet A, where the PDC is (NT4, W2k and
WXP join and never stop working). Also, the W2k and WXP clients never
stop co-operating in subnet B and C. When I join the domain from subnet
B or C with an NT4 workstation, it also works. But after I've joined the
domain with some other machine, the previously joined NT4 will complain
that the domain doesn't trust the machine anymore (I don't know the
exact phrase in English, because all of our NT4s speak Finnish).

I've checked that the machine trust account password doesn't change, so
it shouldn't be that.

I've also tried doing the smbpasswd synchronization manually after
joining the domain (with rsync, also), but the results are similar. The
second joining host breaks the first host's trust account, if the first
host was an NT4 in a subnet of either of the BDCs.

The NT4 workstations all have SP6 installed.

Anybody have any ideas or suggestions? Where should I start debugging?

-Mikko-