[Samba] domain_client_validate: unable to validate password for
user MACHINE$ in domain DOMAIN to Domain controller \\DC. Error was
libove at felines.org
Mon Jun 26 11:24:36 GMT 2006
Hi Samba users -
I recently upgraded my domain at home from being controlled by two
somewhat messed up Windows DCs (one 2000 and the other 2003, messed up by
my own inexpert management..) to a nice clean new single 2003 DC (SBS, if
I rejoined all workstations, including a Redhat Fedora FC3 based machine,
to the new domain. (Actually, I migrated all of the Windows workstations
and servers, and simply rejoined the Linux machine).
Since then, I'm getting lots (roughly 70 per day) of the following message
in /var/log/samba/log.hostname where log.hostname is the hostname specific
log file for one of the domain member workstations:
[2006/06/26 05:18:25, 0] auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user BEAST5$ in domain FELINESAD2 to Domain controller \\RESET6. Error was NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT.
I've done several Google searches and found very few mentions of this at
all (except for many places where Google has indexed copies of the Samba
source code, heh).
Since users of that Windows workstation are successfully attaching to
Samba shares on that Linux machine, and the Linux machine is able to
authenticate those users to the 2003 DC, it seems that the Kerberos setup
Why am I get the errors about the Linux machine being unable to
authenticate the Windows workstation's Domain account to the Domain? It
ought to be able to (since the Windows workstations is a valid Domain
member), and why is it even trying in the first place (since it is a user,
not the machine, which is connecting to the shares offered by the Samba
server on the Linux machine) ?
-Jay Libove, CISSP
Atlanta, GA, US
More information about the samba