[Samba] unknown authentification failure - Samba 4.0.1 pdc

Rowland Penny rowlandpenny at googlemail.com
Mon Oct 28 10:08:35 MDT 2013 

On 28/10/13 15:36, bugblatterbeast wrote:
> I've just found something in a logfile named "log.%m" (usually the 
> name of the machine is filled in):
>
> [2013/10/28 14:46:19,  0] 
> ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
>   NTLMSSP NTLM2 packet check failed due to invalid signature!
> [2013/10/28 14:47:38,  0] 
> ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
>   NTLMSSP NTLM2 packet check failed due to invalid signature!
> [2013/10/28 14:47:48,  0] 
> ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
>   Failed to modify SPNs on 
> CN=COMPUTERNAME,CN=Computers,DC=DOMAINNAME,DC=local: error in module 
> acl: Constraint violation (19)
>
> This seems to be important... but I still don't understand what it 
> means and how I can fix it.
>
>
>
> Am 28.10.2013 15:26, schrieb bugblatterbeast:
>> Hi,
>>
>>
>>     one of our clients can't connect to the pdc anymore. All attempts 
>> lead to an error-message about the wrong username or password. We've 
>> tried several user-accounts and it's always the same...
>>
>> any username like "domainname\domainuser" with password always fails 
>> without delay. Either when trying to log on to the workstation, or 
>> when connecting to a samba share on the domain-controller (like 
>> "\\domaincontroller\share").
>>
>> Now, when we log in as a local user and try to connect to a samba 
>> share on the domain-controller using the WRONG username 
>> "computername\domainuser" with the NOT MATCHING password of the 
>> domainuser it works!!!!! We can not only connect to a samba share but 
>> also join or leave the domain. However it's still impossible to logon 
>> to the workstation that way...
>>
>> We've also changed the ip-address and the netbios-name of the 
>> computer and deleted the computer's domain-account... several times 
>> without any success.
>>
>> The most disappointing thing is, that I can't find any log-entries on 
>> the domain controller. I've already activated machine-logs, but 
>> there's nothing helpful to be found in /var/log/samba.
>>
>>
>> Thanks in advance, bbb
>
Hi, it might help if you opened another post rather than jumping into 
the middle of a discussion, also a lot more info is going to be needed. 
i.e. what version(s) of samba are you running, what OS's are you using, 
smb.conf etc.

Rowland

More information about the samba mailing list