Lock not granted on cross-domain trust ...
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Jul 24 05:45:40 UTC 2015
On Thu, Jul 23, 2015 at 02:31:14PM -0700, Richard Sharpe wrote:
> Hi folks,
>
> I have gotten further with the cross-domain trusts issue (damn wrong
> krb5.conf file)
>
> Now I get this when NTLM Auth is being used:
>
> [2015/07/23 14:25:22.434689, 10, pid=4043, effective(0, 0), real(0,
> 0), class=rpc_cli]
> ../source3/rpc_client/cli_pipe.c:3207(cli_rpc_pipe_open_schannel_with_key)
> cli_rpc_pipe_open_schannel_with_key: opened pipe netlogon to machine
> DRTxxxyyyzzz.ENG.xxx.yyy for domain ENG and bound using schannel.
> [2015/07/23 14:25:22.434741, 10, pid=4043, effective(0, 0), real(0,
> 0)] ../source3/libsmb/namequery.c:86(saf_store)
> saf_store: domain = [ENG], server = [DRTxxxyyyzzz.ENG.xxx.yyy],
> expire = [1437687622]
> [2015/07/23 14:25:22.434790, 10, pid=4043, effective(0, 0), real(0,
> 0), class=tdb] ../source3/lib/gencache.c:323(gencache_set_data_blob)
> Adding cache entry with key=[SAF/DOMAIN/ENG] and timeout=[Thu Jul 23
> 14:40:22 2015 PDT] (900 seconds ahead)
> [2015/07/23 14:25:22.458159, 10, pid=4043, effective(0, 0), real(0,
> 0), class=tdb] ../source3/lib/gencache.c:697(gencache_stabilize)
> tdb_traverse with wipe_fn on gencache_notrans.tdb failed: Success
> [2015/07/23 14:25:22.458246, 0, pid=4043, effective(0, 0), real(0,
> 0), class=auth]
> ../source3/auth/auth_domain.c:302(domain_client_validate)
> domain_client_validate: unable to validate password for user
> richard.sharpe in domain CORP to Domain controller
> DRTxxxyyyzzz.ENG.xxx.yyy. Error was NT_STATUS_LOCK_NOT_GRANTED.
Any reason why you don't use winbind?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list