acilug
asked on
Vista connecting to Samba domain: The trust relationship between this workstation and the primary domain failed
Hello guys,
we have about 10 Vista Enterprise Computers connecting to a Samba Domain with Kerberos.
Most of the time everything works perfectly. All the computers are inside of the domain and all the users can login with their directory profiles without a problem.
But time to time (once every two days more and less), the error message "The trust relationship between this workstation and the primary domain failed" appears. Then a few minutes or hours later they try again without changes and everything works again. The problem happens in all the computers, not just one.
Any ideas on how to solve this strange problem?
Thanks in advance,
GA
we have about 10 Vista Enterprise Computers connecting to a Samba Domain with Kerberos.
Most of the time everything works perfectly. All the computers are inside of the domain and all the users can login with their directory profiles without a problem.
But time to time (once every two days more and less), the error message "The trust relationship between this workstation and the primary domain failed" appears. Then a few minutes or hours later they try again without changes and everything works again. The problem happens in all the computers, not just one.
Any ideas on how to solve this strange problem?
Thanks in advance,
GA
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have tested the problem and we found a pattern that brakes the trust between Vista and the SMB server. Whenever we restart the computers, the trust is lost for around 2 hours, then it connects ok again. Any ideas?
Thanks,
Thanks,
I have read in several places that Vista (much more strongly than XP) prefers NTLMv2 authentication, and will only fall back to NTLM (v1) after a lengthy timeout.
So, try this on one of your Vista clients:
- Open your security policy manager (secpol.msc)
- Select Local Policies -> Security Options
- Navigate to the policy "Network Security: LAN Manager authentication level" and open it
- Change the default policy to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Then reboot your Vista system and see if it effects the change you need.
Also note that Samba has made several updates (current versions 3.0.37, 3.3.7, & just to confuse folks, the new 3.4 is now officially released) to accommodate Vista and Windows 7 as it nears release. (NOTE: Version 3.4 is a step towards merging the Samba 3 tree with the Samba 4 tree in hopes of (soon) getting a full-blooded AD server capability within Samba.
Good luck!
Dan
IT4SOHO
So, try this on one of your Vista clients:
- Open your security policy manager (secpol.msc)
- Select Local Policies -> Security Options
- Navigate to the policy "Network Security: LAN Manager authentication level" and open it
- Change the default policy to "Send LM & NTLM - use NTLMv2 session security if negotiated"
Then reboot your Vista system and see if it effects the change you need.
Also note that Samba has made several updates (current versions 3.0.37, 3.3.7, & just to confuse folks, the new 3.4 is now officially released) to accommodate Vista and Windows 7 as it nears release. (NOTE: Version 3.4 is a step towards merging the Samba 3 tree with the Samba 4 tree in hopes of (soon) getting a full-blooded AD server capability within Samba.
Good luck!
Dan
IT4SOHO
ASKER