Samba 2.0.7 is sometimes zeroing out machine account password file

Tue Aug 8 13:38:55 GMT 2000

I've been experiencing a problem with the machine account file when 

security = domain

In the past, I've had the machine account file (DOMAIN.HOSTNAME.mac)
mysteriously become a zero length file. This breaks authentication when
"security = domain".

I had taken the precautionary measure of copying the mac file to another
location on a daily basis in the event that it occurred again. 

Yesterday, the mac file on one of my Samba servers was zeroed. I checked my
backup copy and it was dated

-rw-------   1 root     other         46 Jul 31 13:21 PCNTRTP.ZRTPS078.mac

It's normal update time would have been around 13:21 yesterday (August 7). I
noticed the problem about 16:30 when I found

-rw-------   1 root     other          0 Aug  7 16:38 PCNTRTP.ZRTPS078.mac

I shutdown Samba, copied in my backup file and restarted Samba. Authentication
started working again and the file was updated shortly thereafter.

-rw-------   1 root     other         46 Aug  7 16:46 PCNTRTP.ZRTPS078.mac

So ... it looks like a bug to me. I would think that it shouldn't create a
zero length file.

I also get errors in the log that it can't open this file. However, I check
and the file is there.

Here's the pertinent section from the log from around 13:21 on Aug 7.

[2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:32:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
  process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was No such file or directory.
[2000/08/07 13:33:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
  process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:34:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
  process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(119)
  trust_password_lock: cannot open file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac - Error was Error 0.
[2000/08/07 13:35:45, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
  process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.

[2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:get_trust_account_password(202)
  get_trust_account_password: Malformed trust password file (wrong length - was 0, should be 45).
[2000/08/07 13:57:36, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(294)
  domain_client_validate: unable to read the machine account password for machine ZRTPS078 in domain PCNTRTP.

This continues on until 16:42 when I restarted samba. It appears to have had
some trouble updating the machine account password.

[2000/08/07 16:42:41, 1] smbd/server.c:main(649)
  smbd version 2.0.7 started.
  Copyright Andrew Tridgell 1992-1998
[2000/08/07 16:43:10, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
  2327mgx1 (47.140.8.22) connect to service export as user boehm (uid=20718, gid=2245) (pid 19830)
[2000/08/07 16:43:29, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
  prtpd109 (47.192.1.167) connect to service export as user shafi (uid=8700, gid=3675) (pid 19831)
[2000/08/07 16:43:35, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/service.c:make_connection(550)
  prtpd1zq (47.202.36.112) connect to service export as user davidval (uid=8916, gid=3675) (pid 19832)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
  cli_nt_setup_creds: request challenge failed
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
  modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
  cli_nt_setup_creds: request challenge failed
[2000/08/07 16:44:11, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
  modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP02. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61)
  do_file_lock: failed to lock file.
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129)
  trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac
[2000/08/07 16:45:35, 0] /usr/local2/software/source/common/samba-2.0.7/source/smbd/process.c:timeout_processing(930)
  process: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/lib/util_file.c:do_file_lock(61)
  do_file_lock: failed to lock file.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_password_lock(129)
  trust_password_lock: cannot lock file /usr/local/samba/private/PCNTRTP.ZRTPS078.mac
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpassfile.c:trust_get_passwd(288)
  domain_client_validate: unable to open the machine account password file for machine ZRTPS078 in domain PCNTRTP.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87)
  startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149)
  unable to open smb password database.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500)
  Couldn't find user 'idahel' in smb_passwd file.
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/smbpass.c:startsmbfilepwent_internal(87)
  startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was No such file or directory
[2000/08/07 16:46:43, 0] /usr/local2/software/source/common/samba-2.0.7/source/passdb/passdb.c:iterate_getsmbpwnam(149)
  unable to open smb password database.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/password.c:pass_check_smb(500)
  Couldn't find user 'idahel' in smb_passwd file.
[2000/08/07 16:46:43, 1] /usr/local2/software/source/common/samba-2.0.7/source/smbd/reply.c:reply_sesssetup_and_X(925)
  Rejecting user 'idahel': authentication failed
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_pipe.c:rpc_api_pipe(346)
  cli_pipe: return critical error. Error was ERRSRV - ERRerror (Non-specific error code.)
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_login.c:cli_nt_setup_creds(49)
  cli_nt_setup_creds: request challenge failed
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:modify_trust_password(594)
  modify_trust_password: unable to setup the PDC credentials to machine PCNTRTP01. Error was : ERRSRV - ERRerror (Non-specific error code.).
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(700)
  2000/08/07 16:46:53 : change_trust_account_password: Failed to change password for domain PCNTRTP.
[2000/08/07 16:46:53, 0] /usr/local2/software/source/common/samba-2.0.7/source/rpc_client/cli_netlogon.c:change_trust_account_password(684)
  2000/08/07 16:46:53 : change_trust_account_password: Changed password for domain PCNTRTP.

Are there any actions I should take to prevent this from happening? Or is
the error really on the domain controller and samba doesn't know how to deal
with it?

-- 
Eric M. Boehm                               boehm at nortelnetworks.com