[Samba] Machine failing to keep its trust with Domain Controller

Masopust, Christian christian.masopust at siemens.com
Fri Jan 27 06:42:32 GMT 2006


I had the same problem on my RHEL 4 system.
after setting "machine password timeout = 0" the problems have
gone away.

chris
 

> -----Original Message-----
> From: 
> samba-bounces+christian.masopust=siemens.com at lists.samba.org 
> [mailto:samba-bounces+christian.masopust=siemens.com at lists.sam
> ba.org] On Behalf Of Dukhan, Meir
> Sent: Tuesday, January 24, 2006 8:15 PM
> To: samba at lists.samba.org
> Cc: Dukhan, Meir
> Subject: [Samba] Machine failing to keep its trust with 
> Domain Controller
> 
> Hi, 
>  
> We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
> for months
> but suddently have trouble to keep its trust with the DC server. 
>  
> The only way to recover is to reset the machine account from 
> the Windows
> DC side 
> and do a "net join" to the domain from the Linux side. The 
> Linux machine
> is able to 
> keep its "trust" with the domain exactly 7 days, which, AFAIU, is the
> default in Samba and 
> also in the DC side.
>  
> It is somewhat surprizing since this Linux Samba server w/o 
> problems for
> months. 
> >From the Windows DC side, the only thing which was done just 
> before this
> problem 
> appeared, was to patch the DC to SP1 as far as I remember. 
>  
> Below are the messages we can see in the 
> /var/log/samba/samba.log file: 
>  
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(45)
>   Can't get IP for PDC for domain MY_DOMAIN
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(93)
>   2006/01/18 10:49:57 : change_trust_account_password: Failed 
> to change
> password for domain MY_DOMAIN.
> 
> Linux Kernel: 2.4.21-20.ELsmp
> Samba: 
>         samba-3.0.4-6.3E              
>         samba-common-3.0.4-6.3E 
>  
> /etc/smb.conf: see below
>  
> Tia 
>  
> -- Meir 
> /etc/smb.conf
> # Global parameters
> 
> [global]
> workgroup = MY_DOMAIN
> netbios name = Samba_Server
> server string = Samba Server
> security = DOMAIN
> encrypt passwords = Yes
> password server = mydc-server.com
> log file = /var/log/samba/samba.log
> log level = 1
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = our_wins
> kernel oplocks = No
> create mask = 0775
> directory mask = 0775
> oplocks = No
> username map = /etc/samba/username.map
> case sensitive = no
> preserve case = yes
> local master = no
> use sendfile = no
> 
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> browseable = No
> 
>  
> 
>  
> 
> **************************************************************
> *********************
> This email message and any attachments thereto are intended 
> only for use by the addressee(s) named above, and may contain 
> legally privileged and/or confidential information. If the 
> reader of this message is not the intended recipient, or the 
> employee or agent responsible to deliver it to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, 
> please immediately notify the postmaster at nds.com and destroy 
> the original message.
> **************************************************************
> *********************
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 


More information about the samba mailing list