Jim,
I recently did the same thing, here is what I found:
First the message "net_auth2: creds_server_check failed" I see this
when a machine changes it's sambaNTPassword, while this appears to be an
error message my machines go ahead and change their password.
Your comment " one person was getting this error and I believe was able
to remove the machine and then rejoin the domain" tells me the new ldap
doesn't have some things that the old ldap has regarding machine accounts.
When I migrated my ldap, some machines couldn't connect even thought
they had an account on the domain. Here are some of the reasons
"sambaPwdLastSet" must have a valid value (ie. 1146061069) I can't
remember but all the date fields ( sambaPwdMustChange,
sambaPwdCanChange) may have to have a valid value
check your old ldap machine entries against the new ldap entries
sambaSID, sambaNTPassword must match, make sure sambaAcctFlags has a [W]
objectClass: sambaSamAccount - I have seen this discussed as something
that has changed you might want to check this
You might remove and re-add a machine then look at it's ldap entry and
compare with another machine account's old ldap entry.
It should work, it most probably an ldap problem.
Mike
Jim Summers wrote:
Hello List,
I am in the final throws of migrating our ldap servers. I have been
running samba as a pdc and using the ldap as the backend for over a
year, and all is well.
I was testing the samba pdc against the new ldap servers and got the
following errors in the log file for the machine attempting to connect:
net_auth2: creds_server_check failed
and the machine (xp) will not successfully connect/bind.
- I am running samba-3.0.22
- I have changed the password stored in the secrets file to match the
new ldap admin DN, but that didn't help.
- All of the ldap entries were simply migrated over from the existing
ldap to the new ldap.
- I can use smbclient and successfully get to a share.
I did see where one person was getting this error and I believe was
able to remove the machine and then rejoin the domain. Which led me
to believe that possibly a SID or some descriptor has changed when I
changed the password in the secrets file for the ldap manager DN.
I also have some standalone machines that simply map a share. Will
those continue to work? My guess was yes since the smbclient is
working and this seems to be machine bind issue.
I only have a small window each day to test and was hoping to be close
to figuring this out before my next attempt.
Any tips / suggestions?
TIA
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
