Hi, I am having some problems integrating my samba server into the NT domain. Most of the time everything works just fine, but sometimes the NT PDC refuses to authenticate the samba server. I get the following messages in my log: cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challange failed connect_to_domain_password_server: unable to setup the PDC credentials to machine 003_C00001. Error was : NT_STATUS_ACCESS_DENIED. After this, it tries the same with the defined BDC, and fails again. One minute later, it works just fine (when the user maps the drive by hand). The PDC shows the following errors in it's eventlog: Source: NETLOGON Event ID: 5722 Type: Error Description: The session setup from the computer 003_H00001 failed to authenticate. The name of the account referenced in the security database is 003_H00001$. The following error occurred: Access is denied. The messages in the BDC's eventlog is exactly the same. The network is a bit weird (10/100 internal, with loads of clients connected to the network using leased lines, from 64Kbps to 256Kbps), but all WAN connected sites have their own BDC on site. I am using samba 2.0.7 on a Sun E4k with Solaris 2.6. All NT servers are running NT 4.0 with SP4. I've found a couple of references to this problem in the archives already, but they all talk about samba 2.0.6. Any and all help will be appreciated, Bas Vermeulen
Hilbert Mostert
2000-Oct-19 10:09 UTC
NT (sometimes) refusing to authenticate samba server
Hi bas, Did u make an machine account on the samba PDC? ----- Original Message ----- From: "Bas Vermeulen" <B.Vermeulen@wumn.wegener.nl> To: <samba@lists.samba.org> Sent: Thursday, October 19, 2000 11:09 AM Subject: NT (sometimes) refusing to authenticate samba server> Hi, > > I am having some problems integrating my samba server into the NT domain. > Most of the time everything works just fine, but sometimes the NT PDC > refuses to authenticate the samba server. I get the following messages > in my log: > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds: auth2 challange failed > connect_to_domain_password_server: unable to setup the PDC credentials to > machine 003_C00001. Error was : NT_STATUS_ACCESS_DENIED. > > After this, it tries the same with the defined BDC, and fails again. > One minute later, it works just fine (when the user maps the drive byhand).> > The PDC shows the following errors in it's eventlog: > > Source: NETLOGON > Event ID: 5722 > Type: Error > Description: The session setup from the computer 003_H00001 failed to > authenticate. The name of the account referenced in the security database > is 003_H00001$. The following error occurred: Access is denied. > > The messages in the BDC's eventlog is exactly the same. > > The network is a bit weird (10/100 internal, with loads of clientsconnected> to the network using leased lines, from 64Kbps to 256Kbps), but all WAN > connected sites have their own BDC on site. > > I am using samba 2.0.7 on a Sun E4k with Solaris 2.6. All NT servers are > running NT 4.0 with SP4. > > I've found a couple of references to this problem in the archives already, > but they all talk about samba 2.0.6. > > Any and all help will be appreciated, > > Bas Vermeulen > > > >
Hi,> Did u make an machine account on the samba PDC?I made a machine account on the NT PDC. The samba machine is not a PDC, although it is integrated in the NT domain, and uses domain security with a password server. (Sorry if this wasn't clear in my original message). I've got a problem with W95 clients connecting to a share on the samba server, which sometimes fails with the messages in my original mail. I have not (manually) created a machine account for the PDC on the samba box.> > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > > cli_nt_setup_creds: auth2 challange failed > > connect_to_domain_password_server: unable to setup the PDC > credentials to > > machine 003_C00001. Error was : NT_STATUS_ACCESS_DENIED.<snip>> > The PDC shows the following errors in it's eventlog: > > > > Source: NETLOGON > > Event ID: 5722 > > Type: Error > > Description: The session setup from the computer 003_H00001 > failed to > > authenticate. The name of the account referenced in the > security database > > is 003_H00001$. The following error occurred: Access is denied.My smb.conf is as follows; the socket options don't seem to work on solaris (I'll have to change those to some more usefull values) # Samba config file created using SWAT # from 194.26.204.82 (194.26.204.82) # Date: 2000/10/19 12:54:28 # Global parameters [global] workgroup = 003_D00001 netbios name = 003_H00001 server string = Enterprise Productie Samba 2.0.7 interfaces = 194.26.203.0/24 127.0.0.1 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = 003_C00001 003_C00003 debug level = 3 log file = /var/opt/samba/log.%m time server = Yes deadtime = 30 keepalive = 60 lpq cache time = 30 read prediction = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No add user script = /opt/samba/bin/adduser %u wins server = 194.26.203.10 remote announce = 194.26.204.255 comment = Samba ver. %v invalid users = smtp, daemon, sys, bin, adm, noaccess admin users = root preserve case = No short preserve case = No map system = Yes map hidden = Yes level2 oplocks = Yes [enterprise$] comment = Enterprise Productie path = /enterprise writeable = Yes create mask = 0774 directory mask = 0775 inherit permissions = Yes