[clug] Samba server upgrade _net_auth2: creds_server_check failed.
Rejecting auth request from
steveg at magellan-technology.com
Thu May 24 00:37:16 GMT 2007
Discussion moved to samba mailing list
Anyone want to give me any hints on this one?
Steve Granger wrote:
> I know I'm breaking some cardinal rules by posting a samba specific
> question to this list but I'm doing on the pretence of "Some one has
> been through this before" to the general linux population. (and I'm
> willing to go to hell to get a solution to this problem >:-} )
> I'm trying to upgrade (migrate) from one linux distro (hostname blah) to
> another (hostname foobar) using the same server layout, domain and
> netbios name and smbpasswd password file. This is a PDC for a windows
> domain DOMAIN. The IP has remained the same as the hardware is being
> upgraded though I'm changing the hostname and linux distro.
> I have copied over the user accounts (/etc/passwd|group|shadow) from the
> old machine to the new machine. These have been tested and are okay. The
> smbpasswd file has been directly copied over too. Wins.dat has been
> deleted, and all of the tdb files have been copied over (especially
> secrets.tdb... several times infact!)
> So the systems uid and group id's are the same.
> The domain and netbios name are the same.
> The smbpasswd files are the same.
> The secrets.tdb files are the same.
> On clients (eg INSTALL-XP) I cannot log into the new server (foobar)
> saying .. cannot contact domain controller... account name ..etc
> This appears in the log file for the machine
> [2007/05/22 16:26:43, 2] libsmb/credentials.c:creds_server_check(218)
> creds_server_check: credentials check failed.
> [2007/05/22 16:26:43, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
> _net_auth2: creds_server_check failed. Rejecting auth request from
> client INSTALL-XP machine account INSTALL-XP$
> Which after google-ing etc. for most of the last two days means that the
> new PDC is not trusted, has the wrong SID.
> Yes I can remove the client PC from the domain and then re add them but
> then I have to spend time on making sure local profiles are happy... and
> this sucks (technically speaking).
> I've also tried manually setting the domain and local sid
> net setlocalsid
> net setdomainsid
> and they report the same values for the old and new machine. Clients
> still fail to login.
> I haven't tried changing the hostname and I don't feel this is necessary
> according to the official documentation (I've even read the official
> Further more I have set up a test domain TEST see if I can do a switch
> between two of the same linux distro (Ubuntu feisty) with different
> hostnames and come up with the same results, client login failure, same
> messsage in the log file.
> Could anyone give me any other pointers, hints?
> All machines are running samba 3.0.24 vendor editions. I have checked
> the file locations
> smbd -b
> to make sure everything is in the write place.
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
More information about the linux