[Samba] Centos7 Samba 4.1.12 -> Centos 5.11 Samba 3.5.2 = Rejecting auth request

Holger Hecht hecht at biopsy.uni-jena.de
Fri Apr 24 01:31:37 MDT 2015

Dear Sirs/Madams,

I have the following problem, for which the internet does not have a solution 
I am trying to have a Centos7 server with Samba 4.1.12 authenticate his users 
(security=domain) with a DC samba version 3.5.2 on a Centos5.11 machine (which 
has an LDAP Backend). This works for other servers (OpenSuse 13.2 with samba 
4.1.17) and for a bunch of Windows7 clients. I can join the domain with net 
rpc join, which seems to work on client side but the log of the DC already 
shows the error

  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting 
auth request from client DENG machine account DENG$

I created the machine account on the DC with a LAM web interface.

The connection with the machine worked already before, I do not know what 
happened, maybe an update for samba on the machines lead to this. I did not 
change any configuration files, so the configuration worked already. But after 
the error occured I deleted the machine account and created a new one.

Is there a way to renew the credentials that fail to check? What are the 
credentials anyway? Is there maybe a new encryption taking place which the old 
DC does not know?

I am really stuck.

Thanks in advance,


testparm on the client

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[xxx1]"
Processing section "[xxx2]"
Loaded services file OK.
Press enter to see a dump of your service definitions
        workgroup = Test
        server string = Samba Server Version %v
        interfaces = lo, eth0,
        security = DOMAIN
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        wins server = some IP
        idmap config * : backend = tdb
        hosts allow =, outside IP

More information about the samba mailing list