[Samba] Unable to get PDC to authenticate id for access

Steve Pinciak steve_pinciak at uhc.com
Wed Apr 27 20:42:41 GMT 2005 

I am in the process of upgrading Samba from version 3.0.1 to 3.0.14a.  The AIX
team applied maintenance that sent the samba processes into some sort of loop
which was impacting the machines.  We were able to upgrade one of the unix
servers with no issues but I cannot get the other one to work.  We have 3 unix
machines with samba that are working properly within this domain (the other 2
are still at 3.0.1 and did not have the AIX maintenance applied) but one of them
is causing me problems.  Here is a small excerpt from the log:

[2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118)
  connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED.
[2005/04/27 15:27:20, 3] libsmb/cliconnect.c:cli_start_connection(1406)
  Connecting to host=GDVP7SSTDC03
[2005/04/27 15:27:20, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 10.85.96.117 at port 445
[2005/04/27 15:27:20, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
  cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118)
  connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED.
[2005/04/27 15:27:20, 0] auth/auth_domain.c:domain_client_validate(170)
  domain_client_validate: Domain password server not available.
[2005/04/27 15:27:20, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [spincia] -> [spincia] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE

It appears to block access to the NT machine to authenticate the ID.

I have re-joined the domain multiple times with no luck.

It is configured to use security = domain and use NT authentication.  We have been successfully using Samba with this config for a few years and this is the
first time
we are running out of ideas to get around this problem.

Any ideas to assist in troubleshooting this issue would be greatly appreciated.

Steve Pinciak
Ingenix




This e-mail, including attachments, may include confidential and/or 
proprietary information, and may be used only by the person or entity to 
which it is addressed. If the reader of this e-mail is not the intended 
recipient or his or her authorized agent, the reader is hereby notified 
that any dissemination, distribution or copying of this e-mail is 
prohibited. If you have received this e-mail in error, please notify the 
sender by replying to this message and delete this e-mail immediately.

More information about the samba mailing list