[clug] Samba server upgrade _net_auth2: creds_server_check failed.
Rejecting auth request from
Steve Granger
steveg at magellan-technology.com
Thu May 24 00:37:16 GMT 2007
Discussion moved to samba mailing list
http://lists.samba.org/archive/samba/2007-May/132264.html
Anyone want to give me any hints on this one?
--
Steve
Steve Granger wrote:
> Hi,
>
> I know I'm breaking some cardinal rules by posting a samba specific
> question to this list but I'm doing on the pretence of "Some one has
> been through this before" to the general linux population. (and I'm
> willing to go to hell to get a solution to this problem >:-} )
>
> I'm trying to upgrade (migrate) from one linux distro (hostname blah) to
> another (hostname foobar) using the same server layout, domain and
> netbios name and smbpasswd password file. This is a PDC for a windows
> domain DOMAIN. The IP has remained the same as the hardware is being
> upgraded though I'm changing the hostname and linux distro.
>
> I have copied over the user accounts (/etc/passwd|group|shadow) from the
> old machine to the new machine. These have been tested and are okay. The
> smbpasswd file has been directly copied over too. Wins.dat has been
> deleted, and all of the tdb files have been copied over (especially
> secrets.tdb... several times infact!)
>
> So the systems uid and group id's are the same.
>
> The domain and netbios name are the same.
>
> The smbpasswd files are the same.
>
> The secrets.tdb files are the same.
>
> On clients (eg INSTALL-XP) I cannot log into the new server (foobar)
> saying .. cannot contact domain controller... account name ..etc
>
> This appears in the log file for the machine
>
> [2007/05/22 16:26:43, 2] libsmb/credentials.c:creds_server_check(218)
> creds_server_check: credentials check failed.
> [2007/05/22 16:26:43, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
> _net_auth2: creds_server_check failed. Rejecting auth request from
> client INSTALL-XP machine account INSTALL-XP$
>
> Which after google-ing etc. for most of the last two days means that the
> new PDC is not trusted, has the wrong SID.
>
>
> Yes I can remove the client PC from the domain and then re add them but
> then I have to spend time on making sure local profiles are happy... and
> this sucks (technically speaking).
>
> I've also tried manually setting the domain and local sid
>
> net setlocalsid
> net setdomainsid
>
> and they report the same values for the old and new machine. Clients
> still fail to login.
>
> I haven't tried changing the hostname and I don't feel this is necessary
> according to the official documentation (I've even read the official
> documentation!!)
>
> http://samba.org/samba/docs/man/Samba-Guide/upgrades.html
>
> Further more I have set up a test domain TEST see if I can do a switch
> between two of the same linux distro (Ubuntu feisty) with different
> hostnames and come up with the same results, client login failure, same
> messsage in the log file.
>
> Could anyone give me any other pointers, hints?
>
> All machines are running samba 3.0.24 vendor editions. I have checked
> the file locations
> smbd -b
> to make sure everything is in the write place.
>
> --
> Steve
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the linux
mailing list