[Samba] users cannot change their passwords in domain

richard rcoates at bigpond.net.au
Tue Apr 15 02:35:24 GMT 2003


your log says......
>domain_client_validate: could not fetch trust account password for
domain BINGO
looks like you don't have a "machine account" for your client pc on your
samba server.
you will also have to add "root" as an smb user to use to join the
domain...as per the docs. (if you haven't already.)
regards,
Richard Coates.

On Mon, 2003-04-14 at 19:45, Dmitry Sukhodoev wrote:
> hello, richard.
> 
> you wrote 14 апреля 2003 г., 13:24:57:
> 
> r> you cannot use "security=domain" and "domain master=yes" 
> now i setup "security=user" and "domain master=yes", but password changing from
> windows 2k/xp on the my samba PDC still not works. errors the same: windows
> says "domain is not available" and samba writes those lines in log... what i
> must change more?
> 
> r> On Sun, 2003-04-13 at 21:36, Dmitry Sukhodoev wrote:
> >> hello, samba.
> >> 
> >> i have running samba 2.2.8a from the ports on the system:
> >> FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT
> >> 2003 root at bingo.ru:/usr/obj/usr/src/sys/bingo  i386
> >> 
> >> with config:
> >> === cut ===
> >> [global]
> >>  workgroup = bingo
> >>  netbios name = emily
> >>  server string = bingo samba daemon
> >>  hosts allow = 192.168.2. 127.
> >>  hosts deny = 192.168.1.
> >>  interfaces = xl2
> >>  bind interfaces only = yes
> >>  map archive = no
> >>  inherit permissions = yes
> >>  logon drive = z:
> >> 
> >>  domain logons = yes
> >>  domain admin group = raven vova root toor
> >> 
> >>  logon path = \\%L\profiles\%U
> >> 
> >>  guest account = guest
> >>  map to guest = bad user
> >>  security = domain
> >> 
> >>  log file = /var/log/samba/%m.log
> >>  max log size = 512
> >>  pid directory = /var/run
> >>  lock directory = /var/lock
> >> 
> >>  encrypt passwords = yes
> >>  socket options = TCP_NODELAY
> >> 
> >>  local master = yes
> >>  os level = 64
> >>  domain master = yes
> >>  preferred master = yes
> >> 
> >>  client code page = 866
> >>  character set = KOI8-R
> >>  syslog = 0
> >>  hide local users = yes
> >> 
> >>  include = /usr/local/etc/samba/office_%U.conf
> >> 
> >> [profiles]
> >>  path = /usr/local/samba/profiles
> >>  browseable = no
> >>  writeable = yes
> >>  guest ok = no
> >>  create mode = 600
> >>  directory mode = 700
> >>  map archive = yes
> >>  inherit permissions = no
> >> 
> >> [homes]
> >>  comment = home directories
> >>  browsable = no
> >>  guest ok = no
> >>  read only = no
> >>  create mode = 644
> >>  root preexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I open
> >>  root postexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I close
> >> === cut ===
> >> 
> >> my samba is primary domain controller for my microsoft network with windowzes.
> >> all was well, but from some time my users cannot change their passwords in
> >> domain. windows reports about domain is not available and the smbd writes to
> >> log:
> >> 
> >> === cut ===
> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
> >>   PANIC: failed to set gid
> >> 
> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
> >>   domain_client_validate: could not fetch trust account password for domain BINGO
> >> === cut ===
> >> 
> >> what happen? where is solution? please help - i don't want use native windoze
> >> domain controlle, cause windows servers sucks.
> >> 
> >> -- 
> >> Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315
> 
> 
> 
> -- 
> Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315



More information about the samba mailing list