[Samba] Hosts leaving domain without reasons...

Bruno BEAUFILS bruno.beaufils at lifl.fr
Mon Nov 5 15:52:31 GMT 2007


Hello all,

I've got Samba 3.0.24-6etch4 (Debian revision) running on a production server
which acts as a PDC for a network of some Windows XP clients (around 250).

Since sometime (I am not able to determine exactly when) I get a strange
problem arising : some clients are banned from my domain. The only solution I
found is to reintroduced the clients into the domain. Once hosts have rejoined
the domain, everything seems fine except that some weeks later, the same
problem arise again and again.

After having reread the fantastic manual I did not find any explanation.  I
have googled a lot (try googling the sentence "_net_auth2: creds_server_check
failed. Rejecting auth request from client" for instance) and see I am not the
only one to get this kind of trouble but no solution seems to be available, or
at least stored on the net.

I do not understand where the problem come from, and what is the solution (I
did not find anything useful into the documentation).  Could you direct me
into the good directions ?

My current solution, which consist of reintregate the machines into the
domain, is not very funny since I get more than 250 differents XP boxes :-(

I attach you my smb.conf file as well as a log entry which seems to appear
when the problem begins, in case it can help.

Thank's for any help ...

------------------------------------------------------------------------------

[2007/11/05 09:48:35, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client XPCOMPLET machine account XPCOMPLET$

------------------------------------------------------------------------------

##############################################################################
#
# Les conventions utilisees :
#
# * On utilise :
#   * 'read only' et pas 'writeable'
#   * 'browseable' et pas 'browsable'
#
# * Tous les partages doivent explicitement avoir des valeurs, dans l'ordre,
#   pour les options :
#   * 'comment'
#   * 'path'
#   * 'read only'
#   * 'browseable'
#
##############################################################################

##############################################################################
#
# Variables globales
#
##############################################################################

[global]

        security = user

        # 
        # Identification
        #
        netbios name = ORANGER
        workgroup = IUT_INFO_ENS
        server string = Controleur du domaine IUT_INFO_ENS

        #
        # Nommage NetBios
        #
        os level = 254
        preferred master = yes
        domain master = yes
        local master = yes
        wins support = yes

        #
        # Temps
        #
        time server = yes

        #
        # Gestion des mots de passes 
        #       
        enable privileges = yes
        encrypt passwords = true
        passdb backend = tdbsam:/srv/samba/passdb.tdb
#OFF#        unix password sync = yes
#OFF#        passwd program = /srv/sbin/nispasswd --user %u
        passwd chat ="New password:" %n\n
#OFF#   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u 
        # On change les mots de passe des machines tous les 50 ans (pour la machine locale)
        machine password timeout = 1572480000
#OFF#   min password length = 4

        #
        # Logging
        #
        debug level = 1
        syslog = 0
        max log size = 500000
        panic action = /usr/share/samba/panic-action %d

        #
        # Support du logon de domaine
        #
        domain logons = yes
        logon drive = z:
	    # TODO: verifier que ce logon path fonctionne
        logon path = \\oranger\profiles
#OFF#   logon script = 

##############################################################################
#
# Logon et profiles windows
#
##############################################################################

[netlogon]
        comment = Connexion SMB
        path = /srv/samba/netlogon
        read only = yes
        browseable = yes
        write list = @sysadmin

[profiles]
        comment = Stockage des profiles
        path = /baie/home/%G/%U/.windows
        read only = no
        browseable = no
        create mask = 0600
        directory mask = 0700

##############################################################################
#
# Les repertoires des utilisateurs
#
##############################################################################

[homes]
        comment = Donnees de %U
        path = /baie/home/%G/%U
        read only = no
        browseable = yes

##############################################################################
#
# Les autres partages
#
##############################################################################

[public]
        comment = Espace de partage
        path = /baie/home/public
        read only = no
        browseable = yes
        guest ok = yes
        write list = @sysadmin, @infoens, @infoext

[logiciels]
        comment = Installations des logiciels
        path = /baie/admin/logiciels
        read only = no
        browseable = yes
        guest ok = no
        write list = @sysadmin
        force create mode = 0770
        force directory mode = 02770

[pilotes]
        comment = Pilotes de périphériques
        path = /baie/admin/logiciels/pilotes
        read only = yes
        browseable = yes
        guest ok = no

##############################################################################

------------------------------------------------------------------------------

-- 
Dr Bruno Beaufils

bruno.beaufils at lifl.fr - http://www.lifl.fr/~beaufils
Universite des Sciences et Technologies de Lille 
LIFL - UMR CNRS/USTL 8022 - Tel +33 3 20 43 45 04 - Fax +33 3 28 77 85 37
IUT "A" - Dpt Informatique
------------------------------------------------------------------------------
CNRS CA : http://igc.services.cnrs.fr/Doc/General/trust.html
CRU CA : http://igc.cru.fr/trust.html
==============================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2676 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20071105/ab8fa5a1/smime.bin


More information about the samba mailing list