Occasional problem authenticating clients connecting to a share

Bas Vermeulen B.Vermeulen at wumn.wegener.nl
Fri Oct 20 08:25:23 GMT 2000 

The problem I am currently having is the following:

I have a Samba 2.0.7 server running on Solaris 2.6 integrated
into a NT4 SP4/SP6a domain. The samba server is not a PDC or BDC,
doesn't run as a WINS server, and does plain fileserving to about
300 users. The users are on different locations, with about 100
of them connected through various WAN connections (leased lines,
64 - 256 Kbps connections). All off-site locations have a local
BDC which they use to authenticate to, and get most of their data
from.

Occasionally users cannot connect to a specific share during logon
(they've got a logon script that connects the share for them). A
subsequent connect by hand works (most of the time). I see the following
messages in the user's log-file around the time they try to connect:

[2000/10/19 08:45:56, 3] lib/util_sock.c:(907)
  Connecting to 194.26.204.9 at port 139
[2000/10/19 08:45:56, 0] rpc_client/cli_netlogon.c:(159)
  cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
[2000/10/19 08:45:56, 0] rpc_client/cli_login.c:(72)
  cli_nt_setup_creds: auth2 challenge failed
[2000/10/19 08:45:56, 0] smbd/password.c:(1262)
  connect_to_domain_password_server: unable to setup the PDC credentials 
  to machine 003_C00003. Error was : NT_STATUS_ACCESS_DENIED.
[2000/10/19 08:45:56, 0] smbd/password.c:(1454)
  domain_client_validate: Domain password server not available.

The PDC shows this error in it's event-log as well:

Source: NETLOGON 
Event ID: 5722 
Type: Error
Description: The session setup from the computer 003_H00001 failed to 
authenticate. The name of the account referenced in the security database 
is 003_H00001$.  The following error occurred: Access is denied.

I'm not sure what's causing this problem, but any and all help in
getting this solved is appreciated.

Additional information:

Samba 2.0.7 running on a Sun E4000 with Solaris 2.6, 3GB of RAM, 
sharing 142 GB of data.

smb.conf:

# Samba config file created using SWAT
# from 194.26.204.82 (194.26.204.82)
# Date: 2000/10/20 09:54:37

# Global parameters
[global]
	workgroup = 003_D00001
	netbios name = 003_H00001
	server string = Enterprise Productie Samba 2.0.7
	interfaces = 194.26.203.0/24 127.0.0.1
	bind interfaces only = Yes
	security = DOMAIN
	encrypt passwords = Yes
	password server = 003_C00001 003_C00003
	debug level = 3
	log file = /var/opt/samba/log.%m
	time server = Yes
	deadtime = 30
	keepalive = 60
	lpq cache time = 30
	read prediction = Yes
	socket options = TCP_NODELAY IPTOS_LOWDELAY
	load printers = No
	add user script = /opt/samba/bin/adduser %u
	wins server = 194.26.203.10
	remote announce = 194.26.204.255
	comment = Samba ver. %v
	invalid users = smtp, daemon, sys, bin, adm, noaccess
	admin users = root
	preserve case = No
	short preserve case = No
	map system = Yes
	map hidden = Yes
	level2 oplocks = Yes

[enterprise$]
	comment = Enterprise Productie
	path = /enterprise
	writeable = Yes
	create mask = 0774
	directory mask = 0775
	inherit permissions = Yes

More information about the samba-ntdom mailing list