[Samba] windows 7 samba domain

Anselm Heaton anselm at netuxo.co.uk
Tue Jul 6 05:33:48 MDT 2010

On Monday 05 July 2010 09:14:47 Ufficiotecnico Acknow Srl wrote:
> Hi,
> I succesfuly joined five windows 7 client to a samba (version
> 3-3.2.15-40) domain with passdb backend = tdbsam, the client works
> correctly, user domain, network share printers etc, after 2 weeks the
> client does not access to domain, with this error: the trust
> relationship between this workstation and the primary domain failed, to
> resolve I remove the client from domain and join again, the problem
> reappears after a few days.

I have a similar problem with Samba 3.4.0, running on an Ubuntu server. I have 
seen this problem reported a number of times (on this list and elsewhere), but 
I have not seen any solution for it yet (still searching!). It seems to affect 
a number of people, but not all - some setups with Windows 7 work fine.

> I read in a forum that could be a cache password  problem related with 
> nscd, now i disabled service ncsd and enable winbind.

I noticed after a trust relationship had broken that this machine's trust 
password had changed on the same day. I assume this is linked, though I am not 
sure who initiates this password change - is it Samba or is it the Windows 7 
computer ? 

Here is a scenario I noticed :

1. User logs on fine in the morning ;
2. The pdb entry for that user suggests that the machine account password gets 
changed after the user has logged in ;
3. After a restart, the machine complains of a broken trust relationship.

For instance here is the entry for a machine that was reported to have lost 
it's trust relation ship on Friday 2nd of July. The 'Password last set' field 
corresponds roughly to the time the user logged on. After restart, the trust 
relationship was broken :

# pdbedit -Lv -u ct405$
Unix username: CT405$
NT username:
Account Flags: [W ]
User SID: S-1-5-21-4063849384-1695801231-3426977757-1029
Primary Group SID: S-1-5-21-4063849384-1695801231-3426977757-513
Full Name: CT405$
Home Directory: \\xxxx\ct405_
HomeDir Drive: H:
Logon Script: ct405_.bat
Profile Path: \\xxxx\Profiles\ct405_
Domain: xxxxxx
Account desc:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fri, 02 Jul 2010 09:20:39 BST
Password can change: Fri, 02 Jul 2010 09:20:39 BST
Password must change: never
Last bad password : 0
Bad password count : 0

I don't know if any of this can help people suggest a fix. If you have ideas of 
things I could try, or would like me to run some tests, I will be more than 
happy to oblige !


Netuxo Ltd
a workers' co-operative
providing low-cost IT solutions
for peace, environmental and social justice groups
and the radical NGO sector

VAT Registration No 943 6779 76
Registered as a company in England and Wales. No 4798478
Registered office: Unit 31, Daro Works, 80-84 Wallis Road, London E9 5LW, 
office: 020 8985 6843
mobile: 07921 466 360
general enquiries: office at netuxo.co.uk
support requests: support at netuxo.co.uk

More information about the samba mailing list