[Samba] users cannot change their passwords in domain

Dmitry Sukhodoev raven at bingo.ru
Tue Apr 15 08:12:18 GMT 2003


hello, richard.

you wrote 15 апреля 2003 г., 8:35:24:

r> your log says......
>>domain_client_validate: could not fetch trust account password for
r> domain BINGO
r> looks like you don't have a "machine account" for your client pc on your
r> samba server.
r> you will also have to add "root" as an smb user to use to join the
r> domain...as per the docs. (if you haven't already.)
i have "root" as an smb user and with this account i have added all machines
with windows 2k/xp in my samba domain. also, i have a machine account, created
by "useradd machine$" and "smbpasswd -a -m machine". without this samba will
not join any machine to domain. why log says "could not fetch trust account
password for domain BINGO"?

with old samba 2.2.3a, one year ago it works normally :(

>> r> you cannot use "security=domain" and "domain master=yes" 
>> now i setup "security=user" and "domain master=yes", but password changing from
>> windows 2k/xp on the my samba PDC still not works. errors the same: windows
>> says "domain is not available" and samba writes those lines in log... what i
>> must change more?
>> 
>> r> On Sun, 2003-04-13 at 21:36, Dmitry Sukhodoev wrote:
>> >> hello, samba.
>> >> 
>> >> i have running samba 2.2.8a from the ports on the system:
>> >> FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT
>> >> 2003 root at bingo.ru:/usr/obj/usr/src/sys/bingo  i386
>> >> 
>> >> with config:
>> >> === cut ===
>> >> [global]
>> >>  workgroup = bingo
>> >>  netbios name = emily
>> >>  server string = bingo samba daemon
>> >>  hosts allow = 192.168.2. 127.
>> >>  hosts deny = 192.168.1.
>> >>  interfaces = xl2
>> >>  bind interfaces only = yes
>> >>  map archive = no
>> >>  inherit permissions = yes
>> >>  logon drive = z:
>> >> 
>> >>  domain logons = yes
>> >>  domain admin group = raven vova root toor
>> >> 
>> >>  logon path = \\%L\profiles\%U
>> >> 
>> >>  guest account = guest
>> >>  map to guest = bad user
>> >>  security = domain
>> >> 
>> >>  log file = /var/log/samba/%m.log
>> >>  max log size = 512
>> >>  pid directory = /var/run
>> >>  lock directory = /var/lock
>> >> 
>> >>  encrypt passwords = yes
>> >>  socket options = TCP_NODELAY
>> >> 
>> >>  local master = yes
>> >>  os level = 64
>> >>  domain master = yes
>> >>  preferred master = yes
>> >> 
>> >>  client code page = 866
>> >>  character set = KOI8-R
>> >>  syslog = 0
>> >>  hide local users = yes
>> >> 
>> >>  include = /usr/local/etc/samba/office_%U.conf
>> >> 
>> >> [profiles]
>> >>  path = /usr/local/samba/profiles
>> >>  browseable = no
>> >>  writeable = yes
>> >>  guest ok = no
>> >>  create mode = 600
>> >>  directory mode = 700
>> >>  map archive = yes
>> >>  inherit permissions = no
>> >> 
>> >> [homes]
>> >>  comment = home directories
>> >>  browsable = no
>> >>  guest ok = no
>> >>  read only = no
>> >>  create mode = 644
>> >>  root preexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I open
>> >>  root postexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I close
>> >> === cut ===
>> >> 
>> >> my samba is primary domain controller for my microsoft network with windowzes.
>> >> all was well, but from some time my users cannot change their passwords in
>> >> domain. windows reports about domain is not available and the smbd writes to
>> >> log:
>> >> 
>> >> === cut ===
>> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> >>   Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> >>   PANIC: failed to set gid
>> >> 
>> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> >>   domain_client_validate: could not fetch trust account password for domain BINGO
>> >> === cut ===
>> >> 
>> >> what happen? where is solution? please help - i don't want use native windoze
>> >> domain controlle, cause windows servers sucks.

-- 
Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315



More information about the samba mailing list