[Samba] Very odd issue with Win7 and trust relationships

Donny Brooks dbrooks at mdah.state.ms.us
Tue Jul 26 10:28:12 MDT 2011

Hello all,

       We have just concluded a very drawn out test of our domain that 
is having some trust relationship problems with Windows 7 desktops. Here 
is a breakdown of our setup:

roark PDC running samba 3.4.7 (also has OpenLDAP) on VLAN 2
archives3 BDC running samba 3.4.7 (also has OpenLDAP) on VLAN2
arrowhead BDC "home server" running samba 3.4.3 on VLAN 9
archives4 BDC "home server" running samba 3.2.14 on VLAN8
ocm BDC "home server" running samba 3.3.8 on VLAN8
defiant BDC "soon to be home server" running samba 3.5.8 on VLAN3
pubinfo BDC "home server" running samba 3.5.4 on VLAN3

Ok, so we currently have Windows 7 machines on vlan's 3, 8, and 9. The 
only ones having issues is the ones on vlan3. This problem started a few 
weeks ago when we upgraded our core network switches. Only on my 
workstation and one other are we having this problem as we are the only 
two that have windows 7 on this vlan. In order to test some possible 
fixes I setup a new machine with windows 7 to perform all the tests on. 
Usually when I or the other user have to reboot we have to shut down and 
power right back up and immediately log back in to get past the trust 
relationship error. The machines on vlan's 8 and 9 are functioning 
perfectly with no issues what so ever.

I have tried turning samba off on all of the servers on the 3 vlan and 
logging in to the domain on our test machine. Also have tried only 
having one at a time running samba. Neither way works as we always get 
the same error. I can then do nothing but change the vlan on the port 
the machine is plugged in to and then try to log back in and it works 
flawlessly every time, reboot, power on/off, or log off/on doesn't 
matter as they all work every time on a different vlan.

We have roughly 50 new pc's with Windows 7 that we are about to deploy 
and I need to get this fixed before we can do so. Would anyone have any 
idea where to begin? We are working to upgrade our version of samba on 
the main PDC and BDC but that will require doing a hand compiled version 
and we would rather just replace the machines with new ones and that has 
it's own set of challenges in terms of keeping the domain functioning. 
Looking at the Windows7 page of the wiki I see this: "

If you use older versions, Windows 7 box still can join the Samba Domain 
but after rebooting, you will receive an error message: "the trust 
relation between this workstation and the primary domain failed" and no 
one can logon as any domain user.

-- Monyo 
16:22, 5 June 2011 (UTC)"

But as you can see when on the other vlan's I am not using the latest 
samba but it works. I am at a loss and need some fresh thoughts on this. 
I appreciate any and all assistance on this problem.

Donny B.

More information about the samba mailing list