[Samba] my samba clients keep randomly dropping out of domain trust

Craig White craigwhite at azapple.com
Tue Oct 3 14:59:47 GMT 2006

On Tue, 2006-10-03 at 10:44 -0300, Felipe Augusto van de Wiel wrote:
> Hash: SHA1
> On 09/27/2006 05:37 PM, Paul Raines escreveu:
> > I have one Linux RHEL4 box setup as a PDC and several other Linux RHEL4
> > samba servers and Windows XP boxes joined to the domain.  Ever since
> > upgrading the Linux box to Samba 3 (they are currently running
> > samba-3.0.10) I have problems with the Linux samba clients suddenly
> > dropping out of the domain.  Operations suddenly start failing with
> > 
> > [2006/09/27 16:03:25, 3] libsmb/cliconnect.c:cli_session_setup(868)
> >   SPNEGO login failed: Trust relationship failure
> > [2006/09/27 16:03:25, 1] libsmb/cliconnect.c:cli_full_connection(1476)
> >   failed session setup with NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
> > 
> > If I simply try running 'net join' it fails.  I have to go to the PDC
> > and remove the machine account completely from smbpasswd and
> > /etc/passwd. Then I re-add it and can then go to the client and run 'net
> > join' and it joins again just fine and everything if happy for another
> > several weeks till it seems to randomly drop out again.
> 	The same machines? Or different ones?
> > When it happens it is always after a reboot and there is evidence it
> > might be only after a kernel change.  But I never had this problem
> > before I upgraded the boxes to RHEL4 and started using Samba 3
> 	I have almost no contact with RHEL4, but I would suggest
> that you upgrade your samba version. You can use [1]Samba
> Enterprise, samba 3.0.23c is available for RHEL4.
> 1.http://www.sambaenterprise.org/
I can't see that upgrading is going to help OP

It is normal for a computer account to change it's password about once a
month which sounds like what is happening but it seems that the computer
thinks it has successfully changed the password but the samba PDC
doesn't see it that way. Thus deleting the machine account and then
joining again seems to work but the changing down the road doesn't.

Perhaps OP should verify the machine accounts with pdbedit but just
guessing that the smb.conf on the samba member servers isn't set up
correctly...try reviewing the 'By Example' documentation for member
servers at http://www.samba.org/samba/docs


More information about the samba mailing list