Dmitry Sukhodoev
2003-Apr-13 11:36 UTC
[Samba] users cannot change their passwords in domain
hello, samba. i have running samba 2.2.8a from the ports on the system: FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT 2003 root@bingo.ru:/usr/obj/usr/src/sys/bingo i386 with config: === cut ==[global] workgroup = bingo netbios name = emily server string = bingo samba daemon hosts allow = 192.168.2. 127. hosts deny = 192.168.1. interfaces = xl2 bind interfaces only = yes map archive = no inherit permissions = yes logon drive = z: domain logons = yes domain admin group = raven vova root toor logon path = \\%L\profiles\%U guest account = guest map to guest = bad user security = domain log file = /var/log/samba/%m.log max log size = 512 pid directory = /var/run lock directory = /var/lock encrypt passwords = yes socket options = TCP_NODELAY local master = yes os level = 64 domain master = yes preferred master = yes client code page = 866 character set = KOI8-R syslog = 0 hide local users = yes include = /usr/local/etc/samba/office_%U.conf [profiles] path = /usr/local/samba/profiles browseable = no writeable = yes guest ok = no create mode = 600 directory mode = 700 map archive = yes inherit permissions = no [homes] comment = home directories browsable = no guest ok = no read only = no create mode = 644 root preexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I open root postexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I close === cut == my samba is primary domain controller for my microsoft network with windowzes. all was well, but from some time my users cannot change their passwords in domain. windows reports about domain is not available and the smbd writes to log: === cut ==[2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO === cut == what happen? where is solution? please help - i don't want use native windoze domain controlle, cause windows servers sucks. -- Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315
Dmitry Sukhodoev
2003-Apr-14 09:45 UTC
[Samba] users cannot change their passwords in domain
hello, richard. you wrote 14 ?????? 2003 ?., 13:24:57: r> you cannot use "security=domain" and "domain master=yes" now i setup "security=user" and "domain master=yes", but password changing from windows 2k/xp on the my samba PDC still not works. errors the same: windows says "domain is not available" and samba writes those lines in log... what i must change more? r> On Sun, 2003-04-13 at 21:36, Dmitry Sukhodoev wrote:>> hello, samba. >> >> i have running samba 2.2.8a from the ports on the system: >> FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT >> 2003 root@bingo.ru:/usr/obj/usr/src/sys/bingo i386 >> >> with config: >> === cut ==>> [global] >> workgroup = bingo >> netbios name = emily >> server string = bingo samba daemon >> hosts allow = 192.168.2. 127. >> hosts deny = 192.168.1. >> interfaces = xl2 >> bind interfaces only = yes >> map archive = no >> inherit permissions = yes >> logon drive = z: >> >> domain logons = yes >> domain admin group = raven vova root toor >> >> logon path = \\%L\profiles\%U >> >> guest account = guest >> map to guest = bad user >> security = domain >> >> log file = /var/log/samba/%m.log >> max log size = 512 >> pid directory = /var/run >> lock directory = /var/lock >> >> encrypt passwords = yes >> socket options = TCP_NODELAY >> >> local master = yes >> os level = 64 >> domain master = yes >> preferred master = yes >> >> client code page = 866 >> character set = KOI8-R >> syslog = 0 >> hide local users = yes >> >> include = /usr/local/etc/samba/office_%U.conf >> >> [profiles] >> path = /usr/local/samba/profiles >> browseable = no >> writeable = yes >> guest ok = no >> create mode = 600 >> directory mode = 700 >> map archive = yes >> inherit permissions = no >> >> [homes] >> comment = home directories >> browsable = no >> guest ok = no >> read only = no >> create mode = 644 >> root preexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I open >> root postexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I close >> === cut ==>> >> my samba is primary domain controller for my microsoft network with windowzes. >> all was well, but from some time my users cannot change their passwords in >> domain. windows reports about domain is not available and the smbd writes to >> log: >> >> === cut ==>> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) >> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) >> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) >> PANIC: failed to set gid >> >> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) >> domain_client_validate: could not fetch trust account password for domain BINGO >> === cut ==>> >> what happen? where is solution? please help - i don't want use native windoze >> domain controlle, cause windows servers sucks. >> >> -- >> Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315-- Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315