Samba 2.0.7 is sometimes zeroing out machine account password file
Eric Boehm
boehm at nortelnetworks.com
Wed Aug 16 15:14:42 GMT 2000
I originally sent this to samba-technical -- I thought that was the right
list. I've been trying for several days to get subscribed to samba-ntdom
without success. If you respond, please cc to my email address as I am still
unable to subscribe to samba-ntdom.
I've been experiencing a problem with the machine account file when
security = domain
In the past, I've had the machine account file (DOMAIN.HOSTNAME.mac)
mysteriously become a zero length file. This breaks authentication when
"security = domain".
I had taken the precautionary measure of copying the mac file to another
location on a daily basis in the event that it occurred again.
Yesterday, the mac file on one of my Samba servers was zeroed. I checked my
backup copy and it was dated
-rw------- 1 root other 46 Jul 31 13:21 PCNTRTP.ZRTPS078.mac
It's normal update time would have been around 13:21 yesterday (August 7). I
noticed the problem about 16:30 when I found
-rw------- 1 root other 0 Aug 7 16:38 PCNTRTP.ZRTPS078.mac
I shutdown Samba, copied in my backup file and restarted Samba. Authentication
started working again and the file was updated shortly thereafter.
-rw------- 1 root other 46 Aug 7 16:46 PCNTRTP.ZRTPS078.mac
So ... it looks like a bug to me. I would think that it shouldn't create a
zero length file.
I also get errors in the log that it can't open this file. However, I check
and the file is there.
Here's the pertinent section from the log from around 13:21 on Aug 7.
[2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was No such file or directory.
[2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:get_trust_account_password(202)
get_trust_account_password: Malformed trust password file (wrong length - was 0, should be 45).
[2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(294)
domain_client_validate: unable to read the machine account password for machine ZRTPS078 in domain PCNTRTP.
This continues on until 16:42 when I restarted samba. It appears to have had
some trouble updating the machine account password.
[2000/08/07 16:42:41, 1] smbd/server.c:main(649)
smbd version 2.0.7 started.
Copyright Andrew Tridgell 1992-1998
[2000/08/07 16:43:10, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
2327mgx1 (47.140.8.22) connect to service export as user boehm (uid=20718, gid=2245) (pid 19830)
[2000/08/07 16:43:29, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
prtpd109 (47.192.1.167) connect to service export as user shafi (uid=8700, gid=3675) (pid 19831)
[2000/08/07 16:43:35, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
prtpd1zq (47.202.36.112) connect to service export as user davidval (uid=8916, gid=3675) (pid 19832)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
cli_nt_setup_creds: request challenge failed
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
cli_nt_setup_creds: request challenge failed
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP02. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61)
do_file_lock: failed to lock file.
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129)
trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61)
do_file_lock: failed to lock file.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129)
trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(288)
domain_client_validate: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87)
startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149)
unable to open smb password database.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500)
Couldn't find user 'idahel' in smb_passwd file.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87)
startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149)
unable to open smb password database.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500)
Couldn't find user 'idahel' in smb_passwd file.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/reply.c:reply_sesssetup_and_X(925)
Rejecting user 'idahel': authentication failed
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
cli_nt_setup_creds: request challenge failed
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(700)
2000/08/07 16:46:53 : change_trust_account_password: Failed to change password for domain PCNTRTP.
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(684)
2000/08/07 16:46:53 : change_trust_account_password: Changed password for domain PCNTRTP.
Are there any actions I should take to prevent this from happening? Or is
the error really on the domain controller and samba doesn't know how to deal
with it?
--
Eric M. Boehm boehm at nortelnetworks.com
--
Eric M. Boehm boehm at nortelnetworks.com
More information about the samba-ntdom
mailing list