[Samba] Windows 7 machine trust accounts expiring

Martin Hochreiter linuxbox at wavenet.at
Mon Oct 4 10:58:59 MDT 2010

  Am 04.10.2010 16:23 schrieb John Drescher:
> On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss<rindfuss at wzb.eu>  wrote:
>> There was an earlier thread about failing trust relationships between
>> Windows 7 and Samba. Since we occasionally experience the same problem with
>> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
>> further.
>> I think it happens when
>> - the time to change the machine password has arrived
>> - the Win 7 machine is up, but no one is logged on (login box is shown on
>> the screen).
>> To reproduce this, I reduced the machine password change interval to one day
>> on a test computer, then let the login prompt sit there for a day or so -
>> and indeed I could not log in anymore because of a trust relationship
>> failure. I will try this a couple more times.
>> I hope this helps to find a remedy.
> Did you ever solve this issue? How did you change the "machine
> password change interval"?
> I just had a single windows 7 box fail trust relationship and I saw
> that the last modify time in ldap for that account was August 30,
> 2010.
> John
Hi John!

Just for information -
We too do use the DisableMachinePasswordChange option of the registry 
the "Refuse Machine Password Change" option on the samba server is not 
working with win 7, and
we do not have any problems with the expiring issue.

As I wrote some threads before - I think the thrustship problem is 
related to the "Reject machine account"
logs we see if a user logs on on a samba server ... the samba server 
refuses it and according to that is not
doing the password change too. But thats just theory.


More information about the samba mailing list