On 13/06/13 12:37 AM, Julien Savoie wrote: > On 21/08/12 11:46 AM, John Drescher wrote: >>> I have a samba domain with over 100 machines in it. For some reason every >>> 30-35 >>> days, 2 of the machines fail the trust relationship at login and need to be >>> removed from the domain and rejoined. >>> >>> In the logs I see the following: >>> >>> [2012/08/21 07:55:52.981302, 0] >>> rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) >>> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting >>> auth request from client RED-TEAM machine account RED-TEAM$ >>> >>> I am running samba 3.6.6 on a Centos-5 machine. >>> >>> Does anyone have any suggestions on what could cause this or how to >>> troubleshoot this problem? >>> >> I believe the problem is caused when the machine changes the password >> and no user is logged in at that time. To avoid this issue I have >> disabled the machines from changing their passwords via the registry. >> > I'm also experiencing this issue in production here. It appears to be a > "new" problem and didn't happen with my older version of Samba (3.5.6 on > Debian squeeze) > > Jun 13 00:23:49 ldap smbd[5241]: [2013/06/13 00:23:49.807899, 0] > rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) > Jun 13 00:23:49 ldap smbd[5241]: _netr_ServerAuthenticate3: > netlogon_creds_server_check failed. Rejecting auth request from client > HFX-B0253 machine account HFX-B0253$ > > I'm on Debian wheezy running Samba 3.6.6 > > # pdbedit -u HFX-B0253$ -v > Unix username: hfx-b0253$ > NT username: hfx-b0253$ > Account desc: Computer > Password last set: Thu, 02 May 2013 18:03:19 ADT > Password can change: Thu, 02 May 2013 18:03:19 ADT > Password must change: never > > It's as if machine account password changes stopped functioning. Rejoined machines to the domain, 7 days later this is reoccurring.
# pdbedit -u acct$ -v Unix username: acct$ NT username: acct$ Password last set: Wed, 12 Jun 2013 22:35:21 ADT Password can change: Wed, 12 Jun 2013 22:35:21 ADT Password must change: never rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client ACCT machine account ACCT$ [2013/06/12 22:35:21.461137, 0] rpc_server/srv_pipe.c:1254(api_pipe_bind_auth3) Anyone have any idea why this might not be working? I haven't changed anything in the configuration files between Samba 3.5.6 and 3.6.6. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
