[Samba] Unable to get PDC to authenticate id for access
Steve Pinciak
steve_pinciak at uhc.com
Wed Apr 27 20:42:41 GMT 2005
I am in the process of upgrading Samba from version 3.0.1 to 3.0.14a. The AIX
team applied maintenance that sent the samba processes into some sort of loop
which was impacting the machines. We were able to upgrade one of the unix
servers with no issues but I cannot get the other one to work. We have 3 unix
machines with samba that are working properly within this domain (the other 2
are still at 3.0.1 and did not have the AIX maintenance applied) but one of them
is causing me problems. Here is a small excerpt from the log:
[2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118)
connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED.
[2005/04/27 15:27:20, 3] libsmb/cliconnect.c:cli_start_connection(1406)
Connecting to host=GDVP7SSTDC03
[2005/04/27 15:27:20, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 10.85.96.117 at port 445
[2005/04/27 15:27:20, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118)
connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED.
[2005/04/27 15:27:20, 0] auth/auth_domain.c:domain_client_validate(170)
domain_client_validate: Domain password server not available.
[2005/04/27 15:27:20, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [spincia] -> [spincia] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
It appears to block access to the NT machine to authenticate the ID.
I have re-joined the domain multiple times with no luck.
It is configured to use security = domain and use NT authentication. We have been successfully using Samba with this config for a few years and this is the
first time
we are running out of ideas to get around this problem.
Any ideas to assist in troubleshooting this issue would be greatly appreciated.
Steve Pinciak
Ingenix
This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity to
which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
More information about the samba
mailing list