On 2010-10-04 16:23, John Drescher wrote:
On Thu, Jul 15, 2010 at 11:52 AM, Peter Rindfuss<rindf...@wzb.eu> wrote:
There was an earlier thread about failing trust relationships between
Windows 7 and Samba. Since we occasionally experience the same problem with
Win 7 clients against a Samba 3.5.4 server, I investigated this a bit
further.
I think it happens when
- the time to change the machine password has arrived
- the Win 7 machine is up, but no one is logged on (login box is shown on
the screen).
To reproduce this, I reduced the machine password change interval to one day
on a test computer, then let the login prompt sit there for a day or so -
and indeed I could not log in anymore because of a trust relationship
failure. I will try this a couple more times.
I hope this helps to find a remedy.
Did you ever solve this issue? How did you change the "machine
password change interval"?
I just had a single windows 7 box fail trust relationship and I saw
that the last modify time in ldap for that account was August 30,
2010.
John
Our solution: We disabled the machine password change on all win7
clients by setting
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
DisablePasswordChange = dword:1
We never had a single issue after that.
The "machine password change interval" can be set in the client's
registry with
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
MaximumPasswordAge = dword:n, n being a number of days.
Default is 30.
Instead "DisablePasswordChange = 1" we might have tried
"MaximumPasswordAge = 1000000", a million days.
Finally, we might have tried against an MS server
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
RefusePasswordChange = dword:1
Note that this is a server setting, not a client setting.
In Samba, it should translate to "sambaRefuseMachinePwdChange = 1" in LDAP.
Peter
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
