[Samba] _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request

Paul Tietjens paul.tietjens at mesd.us
Tue Jul 26 13:04:49 MDT 2011

I am getting errors in my samba logs like "_netr_ServerAuthenticate3:
netlogon_creds_server_check failed. Rejecting auth request from client
XXX machine account XXX$" (Host log: http://pastebin.com/QXhbngN5).

So far, machines do seem to join the domain (Machine account is
created in LDAP, user can log in, etc), but I am concerned that when
Windows 7 machines reach their 30 days they will begin issuing "trust
account has expired or is incorrect" messages.

Since we have a couple thousand machines, I wish to avoid that.  I
have followed the instructions at
http://wiki.samba.org/index.php/Windows7 and tried a few other thnigs
(but have not touch the sign/seal regkeys) and still get these errors
in the logs when a machine boots and auths any user.  I have updated
the samba bins from debian backports to run version  3.5.8.

I have made sure that our DNS server registers the machine account
with hostname.DOMAIN, have tried turning off/on ntlmv2 on the server
and using gpedit on the client, have made sure that time is
synchronous on the server/client, have removed and re-added the
machine account many times, and have tried some registry hacks like:
Domain: XXX.com
NV Domain: XXX.com

Where should I look next?

More information about the samba mailing list