Hi! I have samba 3.5.4 on an Ubuntu 8.04 running with windows 7 clients. (ldapsam as background tdb) I do have log entries of some machines in my samba log: /netlogon_creds_server_check failed. Rejecting auth request from client XXXXX machine account XXXXX$/ The user working on the machine does not seem affected in any way by that "problem" but It would be interesting how to solve that (that machines still have that behaviour after unjoin an rejoin the domain - as I thought it would be helpful to set the password again) Can somebody give me a hint please? regards martin
Am 2010-09-10 09:20, schrieb Martin Hochreiter:> Hi! > > I have samba 3.5.4 on an Ubuntu 8.04 running with windows 7 clients. > (ldapsam as background tdb) > > I do have log entries of some machines in my samba log: > > > /netlogon_creds_server_check failed. Rejecting auth request from > client XXXXX machine account XXXXX$/ > > The user working on the machine does not seem affected in any way by > that "problem" but It would be interesting > how to solve that (that machines still have that behaviour after > unjoin an rejoin the domain - as I thought it would > be helpful to set the password again) > > Can somebody give me a hint please? > > regards > martinWhat I forgott - I found that with some googling: HHey guys, the solution for this problem is: In smb.conf add the follow lines: client ntlmv2 auth = yes lanman auth = yes ntlm auth = Yes And restart samba.... I have lanman auth on default "no" - but I support ntlmv2 ... do windows 7 machines still need lanman? regards
> > I wish to strongly advise that you do not do this. You should not > enable lanman auth - it is not required by any client since windows > 2000. It has nothing at all to do with 'netlogon_creds_server_check > failed', I suspect the issue has happened because your Windows 7 > clients have > changed their machine account password, but try and use the new password > 'too soon'. Once the password has replicated back to the local DC, then > everything works - in the meantime, they may try and succeed with their > old password. Andrew BartlettHello Andrew! I am happy that I must not use lanman ... I am afraid that it has nothing to do with the regular machine password change, as I set the Reject Machine Password change on sambas domain ldap entry and additionally I set a registry entry in windows to disable machine account password change. After that - i took the clients out of the domain and rejoined them .... still the same netlogon errors. I have no hint where to troubleshoot - maybe setting windows 7 to ntlmv2 only regards Martin
Andrew, It seems that this problem only occurs if you use samba with an ldap backend ... Is it possible that the password is stored in a wrong encoding by samba on the ldap server? Can I debug that machine logon process somehow more deeply? regards Martin