[Samba] domain_client_validate: unable to validate password for user MACHINE$ in domain DOMAIN to Domain controller \\DC. Error was NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

Jay Libove libove at felines.org
Sat Jul 8 01:37:46 GMT 2006


Hi Samba users -


I recently upgraded my domain at home from being controlled by two

somewhat messed up Windows DCs (one 2000 and the other 2003, messed up

my own inexpert management..) to a nice clean new single 2003 DC (SBS,

it matters).


I rejoined all workstations, including a Redhat Fedora FC3 based

to the new domain. (Actually, I migrated all of the Windows workstations

and servers, and simply rejoined the Linux machine).


Since then, I'm getting lots (roughly 70 per day) of the following

in /var/log/samba/log.hostname where log.hostname is the hostname

log file for one of the domain member workstations:


[2006/06/26 05:18:25, 0] auth/auth_domain.c:domain_client_validate(199) 

domain_client_validate: unable to validate password for user BEAST5$ in 

domain FELINESAD2 to Domain controller \\RESET6 <file:///\\RESET6> .
Error was 




I've done several Google searches and found very few mentions of this at

all (except for many places where Google has indexed copies of the Samba

source code, heh).


Since users of that Windows workstation are successfully attaching to

Samba shares on that Linux machine, and the Linux machine is able to

authenticate those users to the 2003 DC, it seems that the Kerberos

is complete.


Why am I get the errors about the Linux machine being unable to

authenticate the Windows workstation's Domain account to the Domain? It

ought to be able to (since the Windows workstations is a valid Domain

member), and why is it even trying in the first place (since it is a

not the machine, which is connecting to the shares offered by the Samba

server on the Linux machine) ?



-Jay Libove, CISSP

Atlanta, GA, US



More information about the samba mailing list