[Samba] Machine account reject

Andrew Bartlett abartlet at samba.org
Sat Sep 11 01:58:22 MDT 2010


On Fri, 2010-09-10 at 09:36 +0200, Martin Hochreiter wrote:
> Am 2010-09-10 09:20, schrieb Martin Hochreiter:
> >  Hi!
> >
> > I have samba 3.5.4 on an Ubuntu 8.04 running with windows 7 clients.
> > (ldapsam as background tdb)
> >
> > I do have log entries of some machines in my samba log:
> >
> >
> > /netlogon_creds_server_check failed. Rejecting auth request from 
> > client XXXXX machine account XXXXX$/
> >
> > The user working on the machine does not seem affected in any way by 
> > that "problem" but It would be interesting
> > how to solve that (that machines still have that behaviour after 
> > unjoin an rejoin the domain - as I thought it would
> > be helpful to set the password again)
> >
> > Can somebody give me a hint please?
> >
> > regards
> > martin
> What I forgott - I found that with some googling:
> 
> HHey guys, the solution for this problem is:
> 
> In smb.conf add the follow lines:
> 
>          client ntlmv2 auth = yes
>          lanman auth = yes
>          ntlm auth = Yes
> 
> And restart samba....
> 
> I have lanman auth on default "no" - but I support ntlmv2 ... do windows 
> 7 machines still need lanman?

I wish to strongly advise that you do not do this.  You should not
enable lanman auth - it is not required by any client since windows
2000.  

It has nothing at all to do with 'netlogon_creds_server_check failed', 

I suspect the issue has happened because your Windows 7 clients have
changed their machine account password, but try and use the new password
'too soon'.  Once the password has replicated back to the local DC, then
everything works - in the meantime, they may try and succeed with their
old password. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100911/85605fe3/attachment.pgp>


More information about the samba mailing list