[Samba] Very odd issue with Win7 and trust relationships
dbrooks at mdah.state.ms.us
Tue Jul 26 10:28:12 MDT 2011
We have just concluded a very drawn out test of our domain that
is having some trust relationship problems with Windows 7 desktops. Here
is a breakdown of our setup:
roark PDC running samba 3.4.7 (also has OpenLDAP) on VLAN 2
archives3 BDC running samba 3.4.7 (also has OpenLDAP) on VLAN2
arrowhead BDC "home server" running samba 3.4.3 on VLAN 9
archives4 BDC "home server" running samba 3.2.14 on VLAN8
ocm BDC "home server" running samba 3.3.8 on VLAN8
defiant BDC "soon to be home server" running samba 3.5.8 on VLAN3
pubinfo BDC "home server" running samba 3.5.4 on VLAN3
Ok, so we currently have Windows 7 machines on vlan's 3, 8, and 9. The
only ones having issues is the ones on vlan3. This problem started a few
weeks ago when we upgraded our core network switches. Only on my
workstation and one other are we having this problem as we are the only
two that have windows 7 on this vlan. In order to test some possible
fixes I setup a new machine with windows 7 to perform all the tests on.
Usually when I or the other user have to reboot we have to shut down and
power right back up and immediately log back in to get past the trust
relationship error. The machines on vlan's 8 and 9 are functioning
perfectly with no issues what so ever.
I have tried turning samba off on all of the servers on the 3 vlan and
logging in to the domain on our test machine. Also have tried only
having one at a time running samba. Neither way works as we always get
the same error. I can then do nothing but change the vlan on the port
the machine is plugged in to and then try to log back in and it works
flawlessly every time, reboot, power on/off, or log off/on doesn't
matter as they all work every time on a different vlan.
We have roughly 50 new pc's with Windows 7 that we are about to deploy
and I need to get this fixed before we can do so. Would anyone have any
idea where to begin? We are working to upgrade our version of samba on
the main PDC and BDC but that will require doing a hand compiled version
and we would rather just replace the machines with new ones and that has
it's own set of challenges in terms of keeping the domain functioning.
Looking at the Windows7 page of the wiki I see this: "
If you use older versions, Windows 7 box still can join the Samba Domain
but after rebooting, you will receive an error message: "the trust
relation between this workstation and the primary domain failed" and no
one can logon as any domain user.
16:22, 5 June 2011 (UTC)"
But as you can see when on the other vlan's I am not using the latest
samba but it works. I am at a loss and need some fresh thoughts on this.
I appreciate any and all assistance on this problem.
More information about the samba