[Samba] BDC Rejecting auth request from client + Windows 7

David Noriega tsk133 at my.utsa.edu
Fri Feb 8 11:56:08 MST 2013 

Just some background: In our environment, we are running both a PDC and
BDC. The local network setup has static ips on a different subnet from dhcp
ips, thus the PDC has a static ip and the BDC has a dynamic one so the
Windows machines are able to see the domain without hardcoding in the ip of
the PDC as a wins on each machine. This has worked fine for Windows XP. We
are also using ldap as the backend.

Now we have a Windows 7 box and I have followed various instructions and
modified entries within the registry as everyone else has specified. While
I can join the domain, after reboot I get the trust relationship failed
error(or on a rare occasion it will say no logon servers available).
Checking the logs I have mapped out the following:

1. Win7 client asks to join the domain
2. PDC responds and adds machine to ldap
3. Win7 accepts and tests machine account
4. BDC rejects auth request
5. Win7 logs this, but still shows successful join message and reboots
6. Win7 then refused to login on the domain. I can type in gibberish and
still get the trust relationship failed message.

Here is the following from the BDC:

[2013/02/08 13:11:05.458750,  2] lib/smbldap.c:950(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2013/02/08 13:11:05.504483,  2]
../libcli/auth/credentials.c:307(netlogon_creds
_server_check_internal)
  credentials check failed
[2013/02/08 13:11:05.504529,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuth
enticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth
request from client CLASSROOM machine account CLASSROOM$
[2013/02/08 13:11:05.524195,  2]
../libcli/auth/credentials.c:307(netlogon_creds
_server_check_internal)
  credentials check failed
[2013/02/08 13:11:05.524235,  0]
rpc_server/srv_netlog_nt.c:714(_netr_ServerAuth
enticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
auth
request from client CLASSROOM machine account CLASSROOM$
[2013/02/08 13:11:15.914207,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2013/02/08 13:11:15.914316,  0]
lib/util_sock.c:1441(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by
peer.

More information about the samba mailing list