Hello, I posted my problem of clients loosing their domain membership a couple of days ago. I now could track it down to a problem with machine password changes in the domain. When a client changes its machine account password, it loses domain connection afterwards, i.e. 'net rpc testjoin' gives NT_STATUS_ACCESS_DENIED.
I have attached a winbind log which shows the problem; it first says "Changed password", then immediately afterwards the connection fails. I did a tcpdump which showed pretty much the same; first a successful password change and then a login failure. I have no idea how to debug this further. I can provide the tcpdump capture if neccessary. Clients are using Ubuntu 10.04 with samba 3.4.7 and Linux 2.6.32; Server is Debian 5.0 with samba 3.2.5 and Linux 2.6.26. PDC is configured to use LDAP as passdb backend, this is also the UNIX user db for both server and clients (using libnss-ldap/libpam-ldap). Thank you, Andreas
[2010/07/19 10:47:57, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: ", *" [2010/07/19 10:47:57, 3] libsmb/namequery.c:1225(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name AG<0x1c> [2010/07/19 10:47:57, 3] libsmb/namequery.c:1089(resolve_wins) resolve_wins: Attempting wins lookup for name AG<0x1c> [2010/07/19 10:47:57, 3] libsmb/namequery.c:1147(resolve_wins) resolve_wins: using WINS server 172.16.9.3 and tag '*' [2010/07/19 10:47:57, 2] libsmb/namequery.c:779(name_query) Got a positive name query response from 172.16.9.3 ( 172.16.9.3 ) [2010/07/19 10:47:57, 3] ../lib/util/util.c:254(fcntl_lock) fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) [2010/07/19 10:47:57, 3] ../lib/util/util.c:273(fcntl_lock) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2010/07/19 10:47:57, 3] libsmb/cliconnect.c:940(cli_session_setup_spnego) Doing spnego session setup (blob length=58) [2010/07/19 10:47:57, 3] libsmb/cliconnect.c:967(cli_session_setup_spnego) got OID=1.3.6.1.4.1.311.2.2.10 [2010/07/19 10:47:57, 3] libsmb/cliconnect.c:975(cli_session_setup_spnego) got principal=NONE [2010/07/19 10:47:57, 3] libsmb/ntlmssp.c:1023(ntlmssp_client_challenge) Got challenge flags: [2010/07/19 10:47:57, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60898215 [2010/07/19 10:47:57, 3] libsmb/ntlmssp.c:1045(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2010/07/19 10:47:57, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2010/07/19 10:47:57, 3] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/07/19 10:47:57, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2010/07/19 10:47:57, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host MAIL! [2010/07/19 10:47:57, 3] libsmb/trusts_util.c:56(trust_pw_change_and_store_it) 2010/07/19 10:47:57 : trust_pw_change_and_store_it: Changed password. [2010/07/19 10:47:58, 3] rpc_client/cli_netlogon.c:573(rpccli_netlogon_set_trust_password) rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2010/07/19 10:47:58, 3] winbindd/winbindd_misc.c:359(winbindd_dual_list_trusted_domains) [ 1461]: list trusted domains [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:1023(ntlmssp_client_challenge) Got challenge flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60898235 [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:1045(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2010/07/19 10:47:58, 3] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2010/07/19 10:47:58, 1] rpc_client/cli_pipe.c:927(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: Bind NACK received from host MAIL! [2010/07/19 10:47:58, 0] rpc_client/cli_pipe.c:3734(cli_rpc_pipe_open_ntlmssp_internal) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED [2010/07/19 10:47:58, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host MAIL! [2010/07/19 10:47:58, 3] winbindd/winbindd_rpc.c:1047(trusted_domains) rpc: trusted_domains [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:1023(ntlmssp_client_challenge) Got challenge flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60898235 [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:1045(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2010/07/19 10:47:58, 3] libsmb/ntlmssp_sign.c:342(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/07/19 10:47:58, 3] libsmb/ntlmssp.c:62(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088235 [2010/07/19 10:47:58, 1] rpc_client/cli_pipe.c:927(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: Bind NACK received from host MAIL! [2010/07/19 10:47:58, 0] rpc_client/cli_pipe.c:3734(cli_rpc_pipe_open_ntlmssp_internal) cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED [2010/07/19 10:47:58, 1] rpc_client/cli_pipe.c:949(cli_pipe_validate_current_pdu) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host MAIL!
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
