Gaffey, Mike
2003-Jan-27 20:24 UTC
[Samba] Win2k DC no longer authenticates for Samba shares
I have a win2k domain ... 2 of the client machines are Red Hat (7.3 and 8.0). I set everything up to use the DC to authenticate ID/PW. Everything worked perfectly until a week or so ago ... Samba would automatically create a home folder and the whole nine yards. Now I can see the shares on the Samba machines, but I can't access them ... just prompts for the ID/PW over and over. I can mount windows shares from the Linux boxes with no problems. I get "access denied" in the DC event logs when I try to access the Samba shares. If I run "wbinfo" on the linux boxes, it shows me the domain users. The only thing I can remember doing to the windows machines is running windowsupdate and applying all the "critical" patches ... same thing w/ the linux boxes ... just the auto updates from Red Hat. Any ideas?
Gaffey, Mike
2003-Jan-28 17:57 UTC
[Samba] Win2k DC no longer authenticates for Samba shares
-----Original Message----- From: Kyle Loree [mailto:kyle@caisnet.com] Sent: Monday, January 27, 2003 2:24 PM To: MGaffey@fastekintl.com Subject: Re: [Samba] Win2k DC no longer authenticates for Samba shares MGaffey@fastekintl.com writes:>I have a win2k domain ... 2 of the client machines are Red Hat (7.3 and >8.0). I set everything up to use the DC to authenticate ID/PW. >Everything >worked perfectly until a week or so ago ... Samba would automatically >create >a home folder and the whole nine yards. Now I can see the shares on the >Samba machines, but I can't access them ... just prompts for the ID/PW >over >and over. I can mount windows shares from the Linux boxes with no >problems. >I get "access denied" in the DC event logs when I try to access the Samba >shares. If I run "wbinfo" on the linux boxes, it shows me the domain >users. >The only thing I can remember doing to the windows machines is running >windowsupdate and applying all the "critical" patches ... same thing w/ >the >linux boxes ... just the auto updates from Red Hat. > >Any ideas?do you have log files? Kyle Loree Rendek Communications Kyle@caisnet.com ******** Log file info ... Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) Jan 27 19:24:48 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge failed Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] smbd/password.c:connect_to_domain_password_server(1366) Jan 27 19:24:48 mark smbd[13448]: connect_to_domain_password_server: unable to setup the PDC credentials to machine PDCNAME. Error was : NT_STATUS_OK. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] smbd/password.c:domain_client_validate(1599) Jan 27 19:24:48 mark smbd[13448]: domain_client_validate: Domain password server not available. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157) Jan 27 19:25:51 mark smbd[13448]: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_login.c:cli_nt_setup_creds(72) Jan 27 19:25:51 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge failed Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_trust.c:modify_trust_password(141) Jan 27 19:25:51 mark smbd[13448]: modify_trust_password: unable to setup the PDC credentials to machine PDCNAME. Error was : NT_STATUS_ACCESS_DENIED. Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] rpc_client/cli_trust.c:change_trust_account_password(247) Jan 27 19:25:51 mark smbd[13448]: 2003/01/27 19:25:51 : change_trust_account_password: Failed to change password for domain DOMAINNAME. ******** Any ideas?
Michael Bartosh
2003-Jan-28 18:25 UTC
[Samba] Win2k DC no longer authenticates for Samba shares
Just curious- are you experiencing netlogin errors on the DC as well? I posted something a couple of weeks ago- my logfiles looked a lot like yours. No one had an answer at that point. On Tuesday, January 28, 2003, at 09:57AM, Gaffey, Mike <MGaffey@fastekintl.com> wrote:> > >-----Original Message----- >From: Kyle Loree [mailto:kyle@caisnet.com] >Sent: Monday, January 27, 2003 2:24 PM >To: MGaffey@fastekintl.com >Subject: Re: [Samba] Win2k DC no longer authenticates for Samba shares > > >MGaffey@fastekintl.com writes: >>I have a win2k domain ... 2 of the client machines are Red Hat (7.3 and >>8.0). I set everything up to use the DC to authenticate ID/PW. >>Everything >>worked perfectly until a week or so ago ... Samba would automatically >>create >>a home folder and the whole nine yards. Now I can see the shares on the >>Samba machines, but I can't access them ... just prompts for the ID/PW >>over >>and over. I can mount windows shares from the Linux boxes with no >>problems. >>I get "access denied" in the DC event logs when I try to access the Samba >>shares. If I run "wbinfo" on the linux boxes, it shows me the domain >>users. >>The only thing I can remember doing to the windows machines is running >>windowsupdate and applying all the "critical" patches ... same thing w/ >>the >>linux boxes ... just the auto updates from Red Hat. >> >>Any ideas? > >do you have log files? > >Kyle Loree >Rendek Communications >Kyle@caisnet.com > >******** > >Log file info ... > >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >rpc_client/cli_login.c:cli_nt_setup_creds(72) >Jan 27 19:24:48 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge >failed >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >smbd/password.c:connect_to_domain_password_server(1366) >Jan 27 19:24:48 mark smbd[13448]: connect_to_domain_password_server: >unable to setup the PDC credentials to machine PDCNAME. Error was : >NT_STATUS_OK. >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >smbd/password.c:domain_client_validate(1599) >Jan 27 19:24:48 mark smbd[13448]: domain_client_validate: Domain password >server not available. >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) >Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) >Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. >Jan 27 19:24:48 mark smbd[13448]: [2003/01/27 19:24:48, 0] >passdb/pdb_smbpasswd.c:pdb_getsampwnam(1369) >Jan 27 19:24:48 mark smbd[13448]: unable to open passdb database. >Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] >rpc_client/cli_netlogon.c:cli_net_auth2(157) >Jan 27 19:25:51 mark smbd[13448]: cli_net_auth2: Error >NT_STATUS_ACCESS_DENIED >Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] >rpc_client/cli_login.c:cli_nt_setup_creds(72) >Jan 27 19:25:51 mark smbd[13448]: cli_nt_setup_creds: auth2 challenge >failed >Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] >rpc_client/cli_trust.c:modify_trust_password(141) >Jan 27 19:25:51 mark smbd[13448]: modify_trust_password: unable to setup >the PDC credentials to machine PDCNAME. Error was : NT_STATUS_ACCESS_DENIED. > >Jan 27 19:25:51 mark smbd[13448]: [2003/01/27 19:25:51, 0] >rpc_client/cli_trust.c:change_trust_account_password(247) >Jan 27 19:25:51 mark smbd[13448]: 2003/01/27 19:25:51 : >change_trust_account_password: Failed to change password for domain >DOMAINNAME. > >******** > >Any ideas? > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > >