Some explanations about computer accounts expiration on AD world and potential side effect for Centrify’ed computers:
when a computer joins to a domain, they generate passwords and synchronise it with a domain controller. The computer resets the password every 30 days. If the computer misses the synchronisation with the domain controller, it no longer has a client/server trust relationship. In that case, users can not log in to the domain using the computer. This might happens if you leave the workstations off for more than 30 days.
To fix this, simply reset the computer accounts in AD users and computers, and rejoin the workstations to the domain. else, here is a long article explaining how to disable computer account password: http://blogs.msdn.com/b/john_daskalakis/archive/2010/02/01/9956266.aspx however it is valid only for Windows computers…
regarding the problem on Unix server controlled by Centrify Samba cluster resource on a Sun Cluster… it is another story ! probably a side effect on the computer object on AD, but caused by the Sun Cluster and the clustered Samba resource On Centrify support wed site; I found this interesting article: “KB-0448: Samba failover configuration (in a clustering environment)” saying “- Set “adclient.krb5.password.change.interval” to 0, in /etc/centrifydc/centrifydc.conf. This will prevent CentrifyDC from ever changing the computer account password (that way you do not have to keep refreshing the secrets.tdb and krb5.keytab to the backup samba server). ”
Hope this can help you.