[Samba] Machine account reject
Andrew Bartlett
abartlet at samba.org
Sat Sep 11 01:58:22 MDT 2010
On Fri, 2010-09-10 at 09:36 +0200, Martin Hochreiter wrote:
> Am 2010-09-10 09:20, schrieb Martin Hochreiter:
> > Hi!
> >
> > I have samba 3.5.4 on an Ubuntu 8.04 running with windows 7 clients.
> > (ldapsam as background tdb)
> >
> > I do have log entries of some machines in my samba log:
> >
> >
> > /netlogon_creds_server_check failed. Rejecting auth request from
> > client XXXXX machine account XXXXX$/
> >
> > The user working on the machine does not seem affected in any way by
> > that "problem" but It would be interesting
> > how to solve that (that machines still have that behaviour after
> > unjoin an rejoin the domain - as I thought it would
> > be helpful to set the password again)
> >
> > Can somebody give me a hint please?
> >
> > regards
> > martin
> What I forgott - I found that with some googling:
>
> HHey guys, the solution for this problem is:
>
> In smb.conf add the follow lines:
>
> client ntlmv2 auth = yes
> lanman auth = yes
> ntlm auth = Yes
>
> And restart samba....
>
> I have lanman auth on default "no" - but I support ntlmv2 ... do windows
> 7 machines still need lanman?
I wish to strongly advise that you do not do this. You should not
enable lanman auth - it is not required by any client since windows
2000.
It has nothing at all to do with 'netlogon_creds_server_check failed',
I suspect the issue has happened because your Windows 7 clients have
changed their machine account password, but try and use the new password
'too soon'. Once the password has replicated back to the local DC, then
everything works - in the meantime, they may try and succeed with their
old password.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100911/85605fe3/attachment.pgp>
More information about the samba
mailing list