[Samba] Problem with trust relationship

John Drescher drescherjm at gmail.com
Thu Feb 10 05:54:17 MST 2011


On Thu, Feb 10, 2011 at 5:45 AM, Leonardo Carneiro
<chesterman86 at gmail.com> wrote:
> On Wed, Feb 9, 2011 at 4:36 PM,  <tms3 at tms3.com> wrote:
>>
>>
>> Hi John and others,
>>
>> Tks for the feedback. I tried the configs you showed to me and
>> unfortunally did not work. Also, there is a [small] number of windows
>> xp and vista getting the same problem too. Any new ideas?
>>
>> You need to re add the systems back to the domain after the trust
>> expires. The registry entries are to prevent the expiration not to fix
>> an already expired trust.
>>
>> The easy way to test is to use the Windoze network wizard and keep the name
>> the same. If the join works and on reboot the trust works then it is most
>> definately the machine pass issue.
>>
>>
>> John
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
> I tried both the "sambaRefuseMachinePwdChange = 1" in LDAP and the
> test in the network wizard. The wizard fails with a RPC error message.
> The setting in ldap had no effect. In fact, almost all machines are
> having this issue now, but it seems to be occasional. Once in a while,
> someone just logs in OK. It happens that the error is now happening on
> every windows machine, not just the the ones with windows 7. =S
> --

Set the following registry keys on each client:

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 DisablePasswordChange = dword:1

"MaximumPasswordAge = 1000000", a million days.

John


More information about the samba mailing list