[Samba] Hosts leaving domain without reasons...
Bruno BEAUFILS
bruno.beaufils at lifl.fr
Mon Nov 5 15:52:31 GMT 2007
Hello all,
I've got Samba 3.0.24-6etch4 (Debian revision) running on a production server
which acts as a PDC for a network of some Windows XP clients (around 250).
Since sometime (I am not able to determine exactly when) I get a strange
problem arising : some clients are banned from my domain. The only solution I
found is to reintroduced the clients into the domain. Once hosts have rejoined
the domain, everything seems fine except that some weeks later, the same
problem arise again and again.
After having reread the fantastic manual I did not find any explanation. I
have googled a lot (try googling the sentence "_net_auth2: creds_server_check
failed. Rejecting auth request from client" for instance) and see I am not the
only one to get this kind of trouble but no solution seems to be available, or
at least stored on the net.
I do not understand where the problem come from, and what is the solution (I
did not find anything useful into the documentation). Could you direct me
into the good directions ?
My current solution, which consist of reintregate the machines into the
domain, is not very funny since I get more than 250 differents XP boxes :-(
I attach you my smb.conf file as well as a log entry which seems to appear
when the problem begins, in case it can help.
Thank's for any help ...
------------------------------------------------------------------------------
[2007/11/05 09:48:35, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
_net_auth2: creds_server_check failed. Rejecting auth request from client XPCOMPLET machine account XPCOMPLET$
------------------------------------------------------------------------------
##############################################################################
#
# Les conventions utilisees :
#
# * On utilise :
# * 'read only' et pas 'writeable'
# * 'browseable' et pas 'browsable'
#
# * Tous les partages doivent explicitement avoir des valeurs, dans l'ordre,
# pour les options :
# * 'comment'
# * 'path'
# * 'read only'
# * 'browseable'
#
##############################################################################
##############################################################################
#
# Variables globales
#
##############################################################################
[global]
security = user
#
# Identification
#
netbios name = ORANGER
workgroup = IUT_INFO_ENS
server string = Controleur du domaine IUT_INFO_ENS
#
# Nommage NetBios
#
os level = 254
preferred master = yes
domain master = yes
local master = yes
wins support = yes
#
# Temps
#
time server = yes
#
# Gestion des mots de passes
#
enable privileges = yes
encrypt passwords = true
passdb backend = tdbsam:/srv/samba/passdb.tdb
#OFF# unix password sync = yes
#OFF# passwd program = /srv/sbin/nispasswd --user %u
passwd chat ="New password:" %n\n
#OFF# add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
# On change les mots de passe des machines tous les 50 ans (pour la machine locale)
machine password timeout = 1572480000
#OFF# min password length = 4
#
# Logging
#
debug level = 1
syslog = 0
max log size = 500000
panic action = /usr/share/samba/panic-action %d
#
# Support du logon de domaine
#
domain logons = yes
logon drive = z:
# TODO: verifier que ce logon path fonctionne
logon path = \\oranger\profiles
#OFF# logon script =
##############################################################################
#
# Logon et profiles windows
#
##############################################################################
[netlogon]
comment = Connexion SMB
path = /srv/samba/netlogon
read only = yes
browseable = yes
write list = @sysadmin
[profiles]
comment = Stockage des profiles
path = /baie/home/%G/%U/.windows
read only = no
browseable = no
create mask = 0600
directory mask = 0700
##############################################################################
#
# Les repertoires des utilisateurs
#
##############################################################################
[homes]
comment = Donnees de %U
path = /baie/home/%G/%U
read only = no
browseable = yes
##############################################################################
#
# Les autres partages
#
##############################################################################
[public]
comment = Espace de partage
path = /baie/home/public
read only = no
browseable = yes
guest ok = yes
write list = @sysadmin, @infoens, @infoext
[logiciels]
comment = Installations des logiciels
path = /baie/admin/logiciels
read only = no
browseable = yes
guest ok = no
write list = @sysadmin
force create mode = 0770
force directory mode = 02770
[pilotes]
comment = Pilotes de périphériques
path = /baie/admin/logiciels/pilotes
read only = yes
browseable = yes
guest ok = no
##############################################################################
------------------------------------------------------------------------------
--
Dr Bruno Beaufils
bruno.beaufils at lifl.fr - http://www.lifl.fr/~beaufils
Universite des Sciences et Technologies de Lille
LIFL - UMR CNRS/USTL 8022 - Tel +33 3 20 43 45 04 - Fax +33 3 28 77 85 37
IUT "A" - Dpt Informatique
------------------------------------------------------------------------------
CNRS CA : http://igc.services.cnrs.fr/Doc/General/trust.html
CRU CA : http://igc.cru.fr/trust.html
==============================================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2676 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20071105/ab8fa5a1/smime.bin
More information about the samba
mailing list