samba - Feb 2014 - Another odd problem - missing user and domain - with 4.2.0pre1-GIT-0ce4631 on "Solaris".

Good day all,

 

                Another odd little problem; this has persisted through a lot
of recent versions, but posting earlier reminded me I need to mention this
as well .

 

                Built a new version.

                Cleared out all ".tdb" etc. files beneath
"/var/samba/"
(which is where "locks", "lock", "log", . all sit
on this build).

                Installed the new version.

                Deleted the computer object in AD.

                Used "net ads -U administrator join" to join the
domain
(succeeded).

                Used "smbpasswd -W" to set the password used to query
LDAP.

                Started Samba.

 

                Access to all the shares works (albeit with the slight
"Gotcha!" I mentioned in an earlier e-mail), but the system logs get
filled
with a load of messages like these:

 

Feb 12 19:44:11 Gateway smbd[24378]: [ID 702911 daemon.error] [2014/02/12
19:44:11.498634,  0]
../source3/auth/auth_domain.c:302(domain_client_validate)

Feb 12 19:44:11 Gateway smbd[24378]: [ID 702911 daemon.error]
domain_client_validate: unable to validate password for user  in domain  to
Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was
NT_STATUS_INVALID_PARAMETER.

Feb 12 19:44:12 Gateway smbd[24381]: [ID 702911 daemon.error] [2014/02/12
19:44:12.718457,  0]
../source3/auth/auth_domain.c:302(domain_client_validate)

Feb 12 19:44:12 Gateway smbd[24381]: [ID 702911 daemon.error]
domain_client_validate: unable to validate password for user  in domain  to
Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was
NT_STATUS_NO_SUCH_USER.

 

                If you're looking at this in a variable-width font, you
won't easily be able to see, but there are 2 spaces between "user"
and "in",
and between "domain" and "to".

                I.e., it keeps on trying to validate an empty user name with
an empty domain name.  Unsurprisingly, this fails .

 

                These happen about once per second; less frequently, but
still every minute or few, we also get messages such as:

 

Feb 12 19:53:02 Gateway smbd[24947]: [ID 702911 daemon.error] [2014/02/12
19:53:02.885595,  0]
../source3/auth/auth_domain.c:302(domain_client_validate)

Feb 12 19:53:02 Gateway smbd[24947]: [ID 702911 daemon.error]
domain_client_validate: unable to validate password for user RIPLEY$ in
domain FIRSTGRADE to Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was
NT_STATUS_INVALID_COMPUTER_NAME.

 

                "RIPLEY" is the name of one of the Windows
workstations we
have joined to the local AD domain; it's a perfectly valid name and the
workstation (and users using it) have no problems accessing either Samba
resources or ones controlled directly by either of our DCs.

                This may or may not be related to the other problem, but
it's coming out of exactly the same code so I'm guessing there may well
be a
connection .

 

                Then, it will all go quiet, and no such messages will be
logged for some arbitrarily long time before it all kicks off again.

 

                Everything else seems to work normally; "wbinfo -t"
claims
that the join is OK (as does "net ads testjoin"); "wbinfo
-u" lists the
domain users and "wbinfo -g" lists the domain groups; etc. etc. etc.
etc.

                However something is obviously going wrong somewhere .

 

                It's not causing any particular problems, other than writing
a ridiculous amount of irrelevant information into the system logs; however
obviously something is going wrong somewhere, so it would be nice to get to
the bottom of it so it can be fixed.

 

                Cheers folks,

 

                Tris.