Tris Mabbs
2014-Feb-12 20:07 UTC
[Samba] Another odd problem - missing user and domain - with 4.2.0pre1-GIT-0ce4631 on "Solaris".
Good day all, Another odd little problem; this has persisted through a lot of recent versions, but posting earlier reminded me I need to mention this as well . Built a new version. Cleared out all ".tdb" etc. files beneath "/var/samba/" (which is where "locks", "lock", "log", . all sit on this build). Installed the new version. Deleted the computer object in AD. Used "net ads -U administrator join" to join the domain (succeeded). Used "smbpasswd -W" to set the password used to query LDAP. Started Samba. Access to all the shares works (albeit with the slight "Gotcha!" I mentioned in an earlier e-mail), but the system logs get filled with a load of messages like these: Feb 12 19:44:11 Gateway smbd[24378]: [ID 702911 daemon.error] [2014/02/12 19:44:11.498634, 0] ../source3/auth/auth_domain.c:302(domain_client_validate) Feb 12 19:44:11 Gateway smbd[24378]: [ID 702911 daemon.error] domain_client_validate: unable to validate password for user in domain to Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was NT_STATUS_INVALID_PARAMETER. Feb 12 19:44:12 Gateway smbd[24381]: [ID 702911 daemon.error] [2014/02/12 19:44:12.718457, 0] ../source3/auth/auth_domain.c:302(domain_client_validate) Feb 12 19:44:12 Gateway smbd[24381]: [ID 702911 daemon.error] domain_client_validate: unable to validate password for user in domain to Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was NT_STATUS_NO_SUCH_USER. If you're looking at this in a variable-width font, you won't easily be able to see, but there are 2 spaces between "user" and "in", and between "domain" and "to". I.e., it keeps on trying to validate an empty user name with an empty domain name. Unsurprisingly, this fails . These happen about once per second; less frequently, but still every minute or few, we also get messages such as: Feb 12 19:53:02 Gateway smbd[24947]: [ID 702911 daemon.error] [2014/02/12 19:53:02.885595, 0] ../source3/auth/auth_domain.c:302(domain_client_validate) Feb 12 19:53:02 Gateway smbd[24947]: [ID 702911 daemon.error] domain_client_validate: unable to validate password for user RIPLEY$ in domain FIRSTGRADE to Domain controller GEDIMAN.FIRSTGRADE.CO.UK. Error was NT_STATUS_INVALID_COMPUTER_NAME. "RIPLEY" is the name of one of the Windows workstations we have joined to the local AD domain; it's a perfectly valid name and the workstation (and users using it) have no problems accessing either Samba resources or ones controlled directly by either of our DCs. This may or may not be related to the other problem, but it's coming out of exactly the same code so I'm guessing there may well be a connection . Then, it will all go quiet, and no such messages will be logged for some arbitrarily long time before it all kicks off again. Everything else seems to work normally; "wbinfo -t" claims that the join is OK (as does "net ads testjoin"); "wbinfo -u" lists the domain users and "wbinfo -g" lists the domain groups; etc. etc. etc. etc. However something is obviously going wrong somewhere . It's not causing any particular problems, other than writing a ridiculous amount of irrelevant information into the system logs; however obviously something is going wrong somewhere, so it would be nice to get to the bottom of it so it can be fixed. Cheers folks, Tris.
Reasonably Related Threads
- Odd Samba 4 ("4.2.0pre1-GIT-b505111"; actually only using client) behaviour #1 - "Could not fetch trust account password for domain ...".
- Odd Samba 4 ("4.2.0pre1-GIT-b505111"; actually only using client) behaviour #2 - "accept: Software caused connection abort".
- Odd "force user =" behaviour in 4.2.0pre1-GIT-0ce4631 on "Solaris".
- Possible bug in 2.0.7?
- users cannot change their passwords in domain