[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT - but it exists!

Zoltan Zolcer zoltan at zolcer.ch
Mon May 19 23:41:41 GMT 2003 

Dear All,

What can I do if my Windows PDC won't recognize the machine account it
has just created for my samba server? I made sure I followed all
instructions in the DOMAIN-SECURITY HOWTO:

	# smbpasswd -j DOM -r DOMPDC1 -Uadministrator%password
	Joined domain DOM.
	#
		
And smb.conf containing the following:

	[global]
		security = domain
		domain logons = yes
		workgroup = DOM
		password server = DOMPDC1

But here's what I get when I try to access the samba shares:

(client.log:)

[2003/05/20 01:14:11, 2] libsmb/namequery.c:name_query(421)
  Got a positive name query response from 10.0.0.2 ( 10.0.0.2 )
[2003/05/20 01:14:12, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157)
  cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2003/05/20 01:14:12, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72)
  cli_nt_setup_creds: auth2 challenge failed
[2003/05/20 01:14:12, 0]
smbd/password.c:connect_to_domain_password_server(1367)
  connect_to_domain_password_server: unable to setup the PDC credentials
to machine DOMPDC1. Error was : NT_STATUS_OK.
[2003/05/20 01:14:12, 0] smbd/password.c:domain_client_validate(1599)
  domain_client_validate: Domain password server not available.
[2003/05/20 01:14:12, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [zoltan]
[2003/05/20 01:14:12, 2] smbd/reply.c:reply_sesssetup_and_X(975)
  NT Password did not match for user 'zoltan'!

(log.nmbd:)

[2003/05/20 00:02:02, 0] nmbd/nmbd_logonnames.c:add_logon_names(165)
  add_domain_logon_names:
  Attempting to become logon server for workgroup DOM on subnet 10.0.0.3
[2003/05/20 00:02:02, 2] nmbd/nmbd_logonnames.c:become_logon_server(136)
  become_logon_server: Atempting to become logon server for workgroup
DOM on subnet 10.0.0.3
[2003/05/20 00:02:06, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
  become_logon_server_success: Samba is now a logon server for workgroup
DOM on subnet 10.0.0.3
[2003/05/20 00:02:06, 0]
nmbd/nmbd_responserecordsdb.c:find_response_record(235)
  find_response_record: response packet id 21063 received with no
matching record.
[2003/05/20 00:02:06, 0]
nmbd/nmbd_responserecordsdb.c:find_response_record(235)
  find_response_record: response packet id 21064 received with no
matching record.

Strange ... I can see the samba server's SAM account using the Active
Directory MMC snap-in, but Windows seems to deny it exists. Could
anybody please shed some light on this?

I'm running 2.2.7a on Red Hat 9 and Windows 2000 Server SP3, mixed-mode,
German.

Many thanks in advance,

Zoltan

More information about the samba mailing list