Lock not granted on cross-domain trust ...

[Richard Sharpe]

On Thu, Jul 23, 2015 at 10:45 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Thu, Jul 23, 2015 at 02:31:14PM -0700, Richard Sharpe wrote:
>> Hi folks,
>>
>> I have gotten further with the cross-domain trusts issue (damn wrong
>> krb5.conf file)
>>
>> Now I get this when NTLM Auth is being used:
>>
>> [2015/07/23 14:25:22.434689, 10, pid=4043, effective(0, 0), real(0,
>> 0), class=rpc_cli]
>> ../source3/rpc_client/cli_pipe.c:3207(cli_rpc_pipe_open_schannel_with_key)
>>   cli_rpc_pipe_open_schannel_with_key: opened pipe netlogon to machine
>> DRTxxxyyyzzz.ENG.xxx.yyy for domain ENG and bound using schannel.
>> [2015/07/23 14:25:22.434741, 10, pid=4043, effective(0, 0), real(0,
>> 0)] ../source3/libsmb/namequery.c:86(saf_store)
>>   saf_store: domain = [ENG], server = [DRTxxxyyyzzz.ENG.xxx.yyy],
>> expire = [1437687622]
>> [2015/07/23 14:25:22.434790, 10, pid=4043, effective(0, 0), real(0,
>> 0), class=tdb] ../source3/lib/gencache.c:323(gencache_set_data_blob)
>>   Adding cache entry with key=[SAF/DOMAIN/ENG] and timeout=[Thu Jul 23
>> 14:40:22 2015 PDT] (900 seconds ahead)
>> [2015/07/23 14:25:22.458159, 10, pid=4043, effective(0, 0), real(0,
>> 0), class=tdb] ../source3/lib/gencache.c:697(gencache_stabilize)
>>   tdb_traverse with wipe_fn on gencache_notrans.tdb failed: Success
>> [2015/07/23 14:25:22.458246,  0, pid=4043, effective(0, 0), real(0,
>> 0), class=auth]
>> ../source3/auth/auth_domain.c:302(domain_client_validate)
>>   domain_client_validate: unable to validate password for user
>> richard.sharpe in domain CORP to Domain controller
>> DRTxxxyyyzzz.ENG.xxx.yyy. Error was NT_STATUS_LOCK_NOT_GRANTED.
>
> Any reason why you don't use winbind?

I thought I was using winbind. I have no changes in the above code paths.

This was provoked when I tried to use smbclient to test that I had the
config correct.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)