[Samba] Samba rejecting Machine account auth requests
Julien Savoie
julien.savoie at usainteanne.ca
Wed Jun 12 21:37:48 MDT 2013
On 21/08/12 11:46 AM, John Drescher wrote:
>> I have a samba domain with over 100 machines in it. For some reason every
>> 30-35
>> days, 2 of the machines fail the trust relationship at login and need to be
>> removed from the domain and rejoined.
>>
>> In the logs I see the following:
>>
>> [2012/08/21 07:55:52.981302, 0]
>> rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
>> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
>> auth request from client RED-TEAM machine account RED-TEAM$
>>
>> I am running samba 3.6.6 on a Centos-5 machine.
>>
>> Does anyone have any suggestions on what could cause this or how to
>> troubleshoot this problem?
>>
> I believe the problem is caused when the machine changes the password
> and no user is logged in at that time. To avoid this issue I have
> disabled the machines from changing their passwords via the registry.
>
I'm also experiencing this issue in production here. It appears to be a
"new" problem and didn't happen with my older version of Samba (3.5.6 on
Debian squeeze)
Jun 13 00:23:49 ldap smbd[5241]: [2013/06/13 00:23:49.807899, 0]
rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
Jun 13 00:23:49 ldap smbd[5241]: _netr_ServerAuthenticate3:
netlogon_creds_server_check failed. Rejecting auth request from client
HFX-B0253 machine account HFX-B0253$
I'm on Debian wheezy running Samba 3.6.6
# pdbedit -u HFX-B0253$ -v
Unix username: hfx-b0253$
NT username: hfx-b0253$
Account desc: Computer
Password last set: Thu, 02 May 2013 18:03:19 ADT
Password can change: Thu, 02 May 2013 18:03:19 ADT
Password must change: never
It's as if machine account password changes stopped functioning.
More information about the samba
mailing list