[Samba] The trust relationship between this workstation and the primary domain failed.

John Drescher drescherjm at gmail.com
Mon May 23 06:14:00 MDT 2011 

On Mon, May 23, 2011 at 4:00 AM, Andrew Spiers <7andrew at gmail.com> wrote:
> Samba 3.5.6 PDC, Windows 7 client.
> A user was unable to log on this morning with this error. The samba
> log for the machine is full of:
>
> [2011/02/10 09:09:50.145387,  0]
> rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
>  _netr_ServerAuthenticate3: netlogon_creds_server_check failed.
> Rejecting auth request from client CLIENT machine account CLIENT$
> [2011/02/10 09:10:18.693306,  0] lib/util_sock.c:474(read_fd_with_timeout)
> [2011/02/10 09:10:18.693343,  0] lib/util_sock.c:1432(get_peer_addr_internal)
>  getpeername failed. Error was Transport endpoint is not connected
>  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
> [2011/02/10 09:10:36.694575,  0] lib/util_sock.c:474(read_fd_with_timeout)
> [2011/02/10 09:10:36.694604,  0] lib/util_sock.c:1432(get_peer_addr_internal)
>  getpeername failed. Error was Transport endpoint is not connected
>  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
> [2011/02/10 09:13:14.855541,  1] smbd/service.c:1070(make_connection_snum)
>
> (Those messages go back as far as April when the user started using
> the machine.) I've got a feeling that SambaPwdLastSet isn't getting
> updated in our LDAP database.
> Removing the client from the domain and rejoining it fixed the problem.
>
> from smb.conf:
> [netlogon]
>   comment = Network Logon Service
>   path = /share/common/netlogon
>   guest ok = yes
>   writable = no
>   share modes = no
>   write list = root, administrator
>
> # getfacl /share/common/netlogon
> getfacl: Removing leading '/' from absolute path names
> # file: share/common/netlogon
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> Does anyone know why this might be? Or what can be done about it?

I believe you have to disable the machine password from being
automatically changed on the client. The default is every 30 days. I
believe if no user is logged in during the password exchange the
Windows 7 box changes the password but samba does not get the change.

See this thread:
http://samba.2283325.n4.nabble.com/Windows-7-machine-trust-accounts-expiring-td2456812.html

John

More information about the samba mailing list