Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Wed, 2013-05-22 at 10:53 +1200, Steve Holdoway wrote: On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett This is a local charity that I support in my spare (non-existant!) time. I'm offsite at the moment, but received this message... When Cath tried to logon today she got this message: There are currently no logon servers available to service the logon request I have done a small experiment, I can logon as Dawn or Bill on Bill's computer and switch between them but I can't logon as Cath (get the lack of trust message). On Cath's computer I can't logon as anyone. On Bill's computer I logged in as Bill then went to Dawn's computer and tried to logon as Dawn and got the no logon servers message. How on earth has a simple domain been working ok for years, and now end up in this mess? Is there a simple way to just reset the server-side information so everyone starts with a clean sheet? Could it be that the server really is offline or not responding to logon requests, and the logins which 'work' are from the local cache? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery... [SOLVED]
On Thu, 2013-05-23 at 08:28 +1000, Andrew Bartlett wrote: On Wed, 2013-05-22 at 10:53 +1200, Steve Holdoway wrote: On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett This is a local charity that I support in my spare (non-existant!) time. I'm offsite at the moment, but received this message... When Cath tried to logon today she got this message: There are currently no logon servers available to service the logon request I have done a small experiment, I can logon as Dawn or Bill on Bill's computer and switch between them but I can't logon as Cath (get the lack of trust message). On Cath's computer I can't logon as anyone. On Bill's computer I logged in as Bill then went to Dawn's computer and tried to logon as Dawn and got the no logon servers message. How on earth has a simple domain been working ok for years, and now end up in this mess? Is there a simple way to just reset the server-side information so everyone starts with a clean sheet? Could it be that the server really is offline or not responding to logon requests, and the logins which 'work' are from the local cache? Andrew Bartlett It's possible. Windows never ceases to amaze me in the ways that it flouts all logic! Anyway, after another mammoth session today, I finally got these workstations to talk to the server. In the meantime, my failed attempts have upgraded from squeeze default 3.5.6 to sernet's 3.6.15, enabled local admin accounts, left and rejoined the domain, renamed workstations, destroyed and recreated user accounts... you get the picture??? In the end, server signing = auto - off is what fixed the problem. Why half of the PC's were running OK, and the rest not, I have no idea - could well have been local caching?, but then how did I join them in the first place! At least I now have a list of instructions that make the PCs useable again. Many thanks to all who contributed, especially to Dewayne Geraghty, who's offline help was immensely useful, went way beyond. Beers are owed if you're passing. Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS st...@greengecko.co.nz http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett This is a local charity that I support in my spare (non-existant!) time. I'm offsite at the moment, but received this message... When Cath tried to logon today she got this message: There are currently no logon servers available to service the logon request I have done a small experiment, I can logon as Dawn or Bill on Bill's computer and switch between them but I can't logon as Cath (get the lack of trust message). On Cath's computer I can't logon as anyone. On Bill's computer I logged in as Bill then went to Dawn's computer and tried to logon as Dawn and got the no logon servers message. How on earth has a simple domain been working ok for years, and now end up in this mess? Is there a simple way to just reset the server-side information so everyone starts with a clean sheet? Steve -- Steve Holdoway BSc(Hons) MNZCS st...@greengecko.co.nz http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
The problem is that I'm descending further into the mire. Can't log on to the PC as local administrator account is disabled, can't log on in safe mode without arriving at the domain login screen, can't seem to find anything on the server side to fix this. Remembering well why I chose the dark side years ago, and losing the will to live... Steve On 20/05/13 19:22, Dewayne Geraghty wrote: Steve, Linda's on the money. We experience this problem when staff are absent for as little as a week, could just be a timing problem. Though if your PC's and server has been continuously up, then your PC's may have dropped the location of where the server is. If that is the case, then you might need to examine either: how your pdc advertises itself, or where you've told the PC's to find the WINS server. Typically an administrator accesses the PC and tells it to rejoin the domain. A simple leave and rejoin does the trick. Regards, Dewayne. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Linda Walsh Sent: Monday, 20 May 2013 11:29 AM To: Chris Rowson; Samba mailing list Subject: Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery... Chris Rowson wrote: On 19 May 2013 23:13, Steve Holdoway st...@greengecko.co.nz wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' I had this problem alot until I told my windows computer to disable machine account password changes. I think it changes them about every 30 days or maybe less -- but it would change it's password and the server wouldn't be informed, so the shared-secret between the two of them was no longer decipherable. To be honest, it doesn't sound like the BEST way, or the most SECURE way to fix the problem, BUT, given my windows machine is on a closed internal net, practicality trumps imaginary security problems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
Stev e Holdoway wrote: The problem is that I'm descending further into the mire. Can't log on to the PC as local administrator account is disabled, can't log on in safe mode without arriving at the domain login screen, can't seem to find anything on the server side to fix this. Remembering well why I chose the dark side years ago, and losing the will to live... Can you try to use the remote net DOM feature...on the server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
I've found a howto to enable local admin via recovery/regedit, and have now enabled it. I can leave and re-join the domain with no problem at all, BUT STILL CAN'T LOG IN, even using the same account that I used to leave/join the domain. Hair long gone ): Steve On 21/05/13 15:06, Dewayne Geraghty wrote: Oh dear! You're in a really bad place. The PC can't join the domain. Therefore you can't use domain credentials. So the domain is out of the picture. This has occurred because the PC has changed its computer password and failed to notify the server within its normal limits. So - forget the domain. A local priv'ed account is your only option. But without that, or a local Administrator password, you're really hosed. Its meant to be this way... Windows is good at one thing, making it really difficult to own a machine when you don't have credentials. But not the data. If you have critical information on the PC and it hasn't been encrypted, then you should be able to extract it by taking the disk out and inserting into a UNIX machine, or perhaps another Win PC. I vaguely recall some Linux software that broke into the security db, about 12 years ago; but I expect MS has fixed that. If I were at this point, I'd try to repair the machine and take the system back to a known local account. And when this is all over, don't forget to create a priv'ed account on all PC's with a long complex password that is your ultimate failsafe. (I do this with all customers, and I don't recall the number of times that has been the ONLY solution.) Good luck, let me know if you are able to repair the system, if you take that course. Kind regards, Dewayne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett It's certainly something I'm working on as a part of the squeeze - wheezy upgrade, but am trying to keep within standard repos for squeeze at the moment. Do you have a samba one? I haven't looked. As it happens, I think the message has changed... it now can't find a logon server. Progress?? Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS st...@greengecko.co.nz http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On Tue, 2013-05-21 at 17:32 +1200, Steve Holdoway wrote: On Tue, 2013-05-21 at 13:54 +1000, Andrew Bartlett wrote: On Mon, 2013-05-20 at 09:53 +1200, Steve Holdoway wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? One different avenue you might persue is upgrading to Samba 4.0 as an AD DC. This will bring Windows 7 back to a server it is much happier with than the current situation. Or at the very least, consider upgrading the domain as-is to Samba 4.0, running it as a classic DC. Andrew Bartlett It's certainly something I'm working on as a part of the squeeze - wheezy upgrade, but am trying to keep within standard repos for squeeze at the moment. Do you have a samba one? I haven't looked. The sernet folks maintain enterprisesamba.com with packages, but the packages in Debian currently (even experimenetal) are not complete packages of Samba 4.0 as an AD DC. I'm actively working with them to prepare a better solution for the next debian release, and users of unstable or experimental. As it happens, I think the message has changed... it now can't find a logon server. https://wiki.samba.org/index.php/Capture_Packets A network trace may provide more of an indication. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
On 19 May 2013 23:13, Steve Holdoway st...@greengecko.co.nz wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' on the client. Any suggestions?? Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS st...@greengecko.co.nz http://www.greengecko.co.nz MSN: st...@greengecko.co.nz Skype: sholdowa Hey Steve, Have you checked the time on the client and PDC? They should be pretty much the same. Cheers, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 + Samba 3.5.6 = abject misery...
Chris Rowson wrote: On 19 May 2013 23:13, Steve Holdoway st...@greengecko.co.nz wrote: Can anyone help with this? I set it all up a few months ago, the samba side being standard upgrades via debian - configured as a PDC, and the windows 7 clients being clean installs, with the standard lanmanworkstation regedits done. They've been working fine since then, but have now started failing, instead raising the error message 'The trust relationship between this work station and the primary domain has failed' I had this problem alot until I told my windows computer to disable machine account password changes. I think it changes them about every 30 days or maybe less -- but it would change it's password and the server wouldn't be informed, so the shared-secret between the two of them was no longer decipherable. To be honest, it doesn't sound like the BEST way, or the most SECURE way to fix the problem, BUT, given my windows machine is on a closed internal net, practicality trumps imaginary security problems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
