[Samba] Strange winbindd messages

John Center john.center at villanova.edu
Fri Feb 8 09:50:55 MST 2013


Hi Andrew,

Thanks for getting back to me.

On 02/07/2013 04:52 PM, Andrew Bartlett wrote:
> On Fri, 2013-02-08 at 08:43 +1100, Andrew Bartlett wrote:
>> On Wed, 2013-01-23 at 11:59 -0500, John Center wrote:
>>> Hi,
>>>
>>> We are running samba v3.6.3 on Ubuntu 12.04 server.  This is being used
>>> with FreeRADIUS for wireless authentication with AD.  We just logged a
>>> set of messages from winbindd that I don't understand:
>>>
>>> Jan 23 10:35:28 as3 winbindd[25371]: [2013/01/23 10:35:28.056846,  0]
>>> rpc_client/cli_netlogon.c:677(rpccli_netlogon_set_trust_password)
>>> Jan 23 10:35:28 as3 winbindd[25371]:   dcerpc_netr_ServerPasswordSet{2}
>>> failed: NT code 0xc00002a5
>>> Jan 23 10:35:28 as3 winbindd[26636]: [2013/01/23 10:35:28.105143,  0]
>>> rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password)
>>> Jan 23 10:35:28 as3 winbindd[26636]:   credentials chain check failed
>>> Jan 23 10:35:28 as3 winbindd[25518]: [2013/01/23 10:35:28.310288,  0]
>>> rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password)
>>> Jan 23 10:35:28 as3 winbindd[25518]:   credentials chain check failed
>>> Jan 23 10:36:28 as3 winbindd[25371]: [2013/01/23 10:36:28.121861,  0]
>>> rpc_client/cli_netlogon.c:671(rpccli_netlogon_set_trust_password)
>>> Jan 23 10:36:28 as3 winbindd[25371]:   credentials chain check failed
>>>
>>> Authentications went through ok at 10:35:23 & again at 10:35:29.  We
>>> haven't seen them before, & searching, I couldn't find much info.  What
>>> do these messages mean?  What would have caused them?  Do we need to be
>>> concerned?  Any help would be greatly appreciated.
>>
>> What is happening here is that we are trying and failing to change our
>> machine account password.  Can you try Samba 3.6.12 and see if the
>> changes in the meantime have fixed this?
>
Can winbindd change the machine account password?  This isn't being done 
by us manually.

> Looking into this some more these links suggest a server-side error:
> http://www.tek-tips.com/viewthread.cfm?qid=1487092
> http://support.microsoft.com/kb/306091/en-us
>
Looking at these links, are you suggesting that the DC database is being 
locked at this point in time, so when an auth request is being made, it 
fails?

> Is there anything in the server event log to match this error?
>
I'm trying to get access to the DC event logs to look into this.

Thanks.

	-John

-- 
John Center
Villanova University


More information about the samba mailing list