Steve Pinciak
2005-Apr-27 20:43 UTC
[Samba] Unable to get PDC to authenticate id for access
I am in the process of upgrading Samba from version 3.0.1 to 3.0.14a. The AIX team applied maintenance that sent the samba processes into some sort of loop which was impacting the machines. We were able to upgrade one of the unix servers with no issues but I cannot get the other one to work. We have 3 unix machines with samba that are working properly within this domain (the other 2 are still at 3.0.1 and did not have the AIX maintenance applied) but one of them is causing me problems. Here is a small excerpt from the log: [2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED. [2005/04/27 15:27:20, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=GDVP7SSTDC03 [2005/04/27 15:27:20, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.85.96.117 at port 445 [2005/04/27 15:27:20, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2005/04/27 15:27:20, 0] auth/auth_domain.c:connect_to_domain_password_server(118) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine GDVP7SSTDC03. Error was : NT_STATUS_ACCESS_DENIED. [2005/04/27 15:27:20, 0] auth/auth_domain.c:domain_client_validate(170) domain_client_validate: Domain password server not available. [2005/04/27 15:27:20, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [spincia] -> [spincia] FAILED with error NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE It appears to block access to the NT machine to authenticate the ID. I have re-joined the domain multiple times with no luck. It is configured to use security = domain and use NT authentication. We have been successfully using Samba with this config for a few years and this is the first time we are running out of ideas to get around this problem. Any ideas to assist in troubleshooting this issue would be greatly appreciated. Steve Pinciak Ingenix This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.