On Wed, 2012-10-03 at 11:15 +0400, Dmitry Khromov wrote: > On Wed, 03 Oct 2012 16:22:27 +1000 > Andrew Bartlett <[email protected]> wrote: > > What happens when this error occurs? Does something fail on the client? > > Error like "cannot establish domain trust" (sorry, it's in Russian) appears > on logon screen when you try to log in using any credentials. The client > don't even req KDC for user ticket. > > > Is this only shortly after a machine account password change, and > > pending replication? Does the client retry with the previous machine > > account password? > > No, we hadn't touched these accounts for months already (and had joined Samba > DC 5 days ago). By the way, XP stations (we have more XP's than Sevens) are > unaffected.
WinXP won't use the AES password, so that's expected. The first guess I have is salting: Can you get me a comparative network trace between the Windows AD DC and the Samba4 AD DC? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
