[clug] Samba server upgrade _net_auth2: creds_server_check failed. Rejecting auth request from

Steve Granger steveg at magellan-technology.com
Tue May 22 07:55:18 GMT 2007


I know I'm breaking some cardinal rules by posting a samba specific
question to this list but I'm doing on the pretence of "Some one has
been through this before" to the general linux population. (and I'm
willing to go to hell to get a solution to this problem >:-} )

I'm trying to upgrade (migrate) from one linux distro (hostname blah) to
another (hostname foobar) using the same server layout, domain and
netbios name and smbpasswd password file. This is a PDC for a windows
domain DOMAIN. The IP has remained the same as the hardware is being
upgraded though I'm changing the hostname and linux distro.

I have copied over the user accounts (/etc/passwd|group|shadow) from the
old machine to the new machine. These have been tested and are okay. The
smbpasswd file has been directly copied over too. Wins.dat has been
deleted, and all of the tdb files have been copied over (especially
secrets.tdb... several times infact!)

So the systems uid and group id's are the same.

The domain and netbios name are the same.

The smbpasswd files are the same.

The secrets.tdb files are the same.

On clients (eg INSTALL-XP) I cannot log into the new server (foobar)
saying .. cannot contact domain controller... account name ..etc

This appears in the log file for the machine

[2007/05/22 16:26:43, 2] libsmb/credentials.c:creds_server_check(218)
  creds_server_check: credentials check failed.
[2007/05/22 16:26:43, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from
client INSTALL-XP machine account INSTALL-XP$

Which after google-ing etc. for most of the last two days means that the
new PDC is not trusted, has the wrong SID.

Yes I can remove the client PC from the domain and then re add them but
then I have to spend time on making sure local profiles are happy... and
this sucks (technically speaking).

I've also tried manually setting the domain and local sid

net setlocalsid
net setdomainsid

and they report the same values for the old and new machine. Clients
still fail to login.

I haven't tried changing the hostname and I don't feel this is necessary
according to the official documentation (I've even read the official


Further more I have set up a test domain TEST see if I can do a switch
between two of the same linux distro (Ubuntu feisty) with different
hostnames and come up with the same results, client login failure, same
messsage in the log file.

Could anyone give me any other pointers, hints?

All machines are running samba 3.0.24 vendor editions. I have checked
the file locations
smbd -b
to make sure everything is in the write place.


This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 

More information about the linux mailing list