[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

Rick Hollinbeck rickh-samba at westernwares.com
Thu Feb 13 01:37:15 UTC 2020 

I'm still digging for the solution to this problem...

The error seems to be triggered by some failure with talking to the NBTNS service (lmhosts) 
on the windows machine. (Port 137)

Here is the section of the winbindd log where it fails to fetch the machine account:
...
[2020/02/13 01:18:42.759943,  3] 
../../source3/winbindd/winbindd_util.c:297(add_trusted_domain)
  add_trusted_domain: Added domain [OFFICE] [office.example.com] 
[S-1-5-21-3876585788-2465688680-3807591480]
[2020/02/13 01:18:42.759997,  5] ../../source3/passdb/passdb.c:2396(get_trust_pw_clear2)
  get_trust_pw_clear2: could not fetch clear text trust account password for domain OFFICE
[2020/02/13 01:18:42.760013,  5] 
../../source3/passdb/machine_account_secrets.c:343(secrets_fetch_trust_account_password
_legacy)
  secrets_fetch failed!
[2020/02/13 01:18:42.760024,  5] ../../source3/passdb/passdb.c:2475(get_trust_pw_hash2)
  get_trust_pw_hash: could not fetch trust account password for domain OFFICE
[2020/02/13 01:18:42.760896,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2020/02/13 01:18:42.760970,  1] 
../../auth/credentials/credentials_secrets.c:426(cli_credentials_set_machine_account_db_ctx)
  Could not find machine account in secrets database: Failed to fetch machine account 
password for OFFICE from both secrets.ldb (Could not find entry to match filter: '(&(f$
[2020/02/13 01:18:42.761022,  0] 
../../source3/winbindd/winbindd_util.c:878(migrate_secrets_tdb_to_ldb)
  Failed to fetch our own, local AD domain join password for winbindd's internal use, both 
from secrets.tdb and secrets.ldb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
[2020/02/13 01:18:42.763761,  0] ../../source3/winbindd/winbindd_util.c:1217(init_domain_list)
  Failed to migrate our own, local AD domain join password for winbindd's internal use into 
secrets.tdb
[2020/02/13 01:18:42.764028,  0] 
../../source3/winbindd/winbindd.c:1462(winbindd_register_handlers)
  unable to initialize domain list

-----

A windows server network trace shows several NbtNs "Registration Request"s around the 
time of this failure. (which curiously are not answered on the port 137 by the W8K server - 
this seems suspicious.)

But the lmhosts service is running on W8K and nbtstatus looks ok.
Also, the Windows firewall allows traffic on port 137 in both directions, so I can't explain this.

Very frustrating!

More information about the samba mailing list