[Samba] The trust relationship between this workstation and the primary domain failed.
Andrew Spiers
7andrew at gmail.com
Mon May 23 02:00:57 MDT 2011
Samba 3.5.6 PDC, Windows 7 client.
A user was unable to log on this morning with this error. The samba
log for the machine is full of:
[2011/02/10 09:09:50.145387, 0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed.
Rejecting auth request from client CLIENT machine account CLIENT$
[2011/02/10 09:10:18.693306, 0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/02/10 09:10:18.693343, 0] lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2011/02/10 09:10:36.694575, 0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/02/10 09:10:36.694604, 0] lib/util_sock.c:1432(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
[2011/02/10 09:13:14.855541, 1] smbd/service.c:1070(make_connection_snum)
(Those messages go back as far as April when the user started using
the machine.) I've got a feeling that SambaPwdLastSet isn't getting
updated in our LDAP database.
Removing the client from the domain and rejoining it fixed the problem.
from smb.conf:
[netlogon]
comment = Network Logon Service
path = /share/common/netlogon
guest ok = yes
writable = no
share modes = no
write list = root, administrator
# getfacl /share/common/netlogon
getfacl: Removing leading '/' from absolute path names
# file: share/common/netlogon
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
Does anyone know why this might be? Or what can be done about it?
More information about the samba
mailing list