[Samba] Windows 7 machine trust accounts expiring

[John Drescher]

On Mon, Oct 4, 2010 at 12:58 PM, Martin Hochreiter <linuxbox at wavenet.at> wrote:
>  Am 04.10.2010 16:23 schrieb John Drescher:
>>
>> On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss<rindfuss at wzb.eu>  wrote:
>>>
>>> There was an earlier thread about failing trust relationships between
>>> Windows 7 and Samba. Since we occasionally experience the same problem
>>> with
>>> Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
>>> further.
>>>
>>> I think it happens when
>>> - the time to change the machine password has arrived
>>> - the Win 7 machine is up, but no one is logged on (login box is shown on
>>> the screen).
>>>
>>> To reproduce this, I reduced the machine password change interval to one
>>> day
>>> on a test computer, then let the login prompt sit there for a day or so -
>>> and indeed I could not log in anymore because of a trust relationship
>>> failure. I will try this a couple more times.
>>>
>>> I hope this helps to find a remedy.
>>>
>> Did you ever solve this issue? How did you change the "machine
>> password change interval"?
>>
>> I just had a single windows 7 box fail trust relationship and I saw
>> that the last modify time in ldap for that account was August 30,
>> 2010.
>>
>> John
>
> Hi John!
>
> Just for information -
> We too do use the DisableMachinePasswordChange option of the registry
> because
> the "Refuse Machine Password Change" option on the samba server is not
> working with win 7, and
> we do not have any problems with the expiring issue.
>
> As I wrote some threads before - I think the thrustship problem is related
> to the "Reject machine account"
> logs we see if a user logs on on a samba server ... the samba server refuses
> it and according to that is not
> doing the password change too. But thats just theory.
>

Thanks both of you. I will do this for all windows 7 boxes to avoid
the issue for now.

John