[Samba] [Resolved] Reestablishing trust with PDC

iordonez at berkeley.edu iordonez at berkeley.edu
Tue Jan 11 12:24:52 MST 2011 

I have the same issue.  The workaround that worked for me is to remove the
computer from the domain and re-join the domain again.  If there is a
permanent fix to this, I would be a happy camper.  It's a waste of time to
remove and re-join the domain every time this issue happens.

I also tried this to no avail: Disabled the machine password change on all
win7 clients by setting

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
 DisablePasswordChange = dword:1


Thanks in advance.



> Thanks to both of you - exactly the piece I was missing.
>
> -----Original Message-----
> From: tms3 at tms3.com [mailto:tms3 at tms3.com]
> Sent: Monday, January 10, 2011 12:52 PM
> To: Christ Schlacta
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Reestablishing trust with PDC
>
>
>>
>>
>> you haven't tried experimenting with backing up and restoring the
>> samba password cache.  look in /var/*/samba and /var/*/*/samba for
>> files related to the password cache to backup and restore.
>
> If you use LDAP this problem goes away.  If you're using tdb's then moving
> the tdb's and using the same Samba revision should do it...IIRC
>>
>>
>>
>> On 1/10/2011 10:45, Devon Crouse wrote:
>>>
>>> I often change configurations in a home server environment, and have
>>> scripts to back up all config files etc. - on a fresh OS install I
>>> can quickly restore function of all the services I'm running.
>>>
>>> I'm using version 3.4.7 as a PDC on Ubuntu with 4 Windows 7 clients.
>>> I can
>>> restore smb.conf which gets the file shares and server configuration
>>> back, but I lose the trust relationship with the clients and I can't
>>> figure out how to get it back (short of completely clearing all the
>>> profiles and dropping/adding to the domain.)  I'm making the
>>> following assumptions:
>>>
>>>      - There must be some sort of signature for the Samba/OS
>>> installation that changes
>>>      - This signature must be recorded in Windows somewhere for it to
>>> validate the relationship (like known_hosts)
>>>
>>> I've tried the following in just about every order you can imagine:
>>>
>>>      - Modifying/removing the profile registry entries in Windows
>>>      - Removing/restoring the user directory in Windows
>>>      - Removing/restoring the profile.v2 directory in Ubuntu
>>>      - Experimenting with various local policy settings in Windows
>>>      - Re-adding client to the domain
>>>      - Using smbpasswd to recreate the users
>>>
>>> There must be something I can backup/change to retain/reestablish the
>>> trust relationship without having to scrap all the user profiles?
>>> Thanks in advance - all my reading so far has been of little help.
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list