search for: nt_status_no_trust_lsa_secret

...s: Attempting lmhosts lookup for name ef201f76-caaa-40b7-9ff2-41b4790dcf4d._msdcs.my.domain.com<0x20> [2018/01/22 21:15:50.022197,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)   auth_check_password_recv: sam_failtrusts authentication for user [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, authoritative=1 [2018/01/22 21:15:50.026733,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)   Auth: [LDAP,simple bind] user [(null)]\[cn=LDAP,cn=Users,dc=my,dc=domain,dc=com] at [Mon, 22 Jan 2018 21:15:50.026694 CET] with [Plaintext] status [NT_STATUS_NO_TRUST_LSA_SECRET] work...

...RUSTING]\[ABNORMAL$]@[ABNORMAL] auth_check_password_send: user is: [TRUSTING]\[ABNORMAL$]@[ABNORMAL] [2017/12/29 12:02:33.092876, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) auth_check_password_recv: sam_failtrusts authentication for user [TRUSTING\ABNORMAL$] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, authoritative=1 [2017/12/29 12:02:33.093003, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,NTLMSSP] user [TRUSTING]\[ABNORMAL$] at [ven, 29 dic 2017 12:02:33.092978 CET] with [NTLMv2] status [NT_STATUS_NO_TRUST_LSA_SECRET] workstation [ABNORMAL] remote host [ipv...

...> On Mon, 2018-01-22 at 21:30 +0100, Johannes Engel via samba wrote: >> [2018/01/22 21:15:50.022197, 2] >> ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) >> auth_check_password_recv: sam_failtrusts authentication for user >> [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, >> authoritative=1 > Hmm. Are you sure the RODC's join to the domain is all OK? Certainly to me it looks ok: Finding a writeable DC for domain 'my.domain.com' Found DC dc.my.domain.com Password for [MYDOMAIN\Administrator]: workgroup is MYDOMAIN realm is my.domain.com Delete...

Hi Andrew, I am deeply impressed by your speed! :D The RODC is actually Samba 4.7.4, the other DCs are still on 4.6.12. Any suggestion how I can debug this w/o setting everything on level 10? ;) Best regards Johannes Am 22.01.2018 um 20:45 schrieb Andrew Bartlett: > On Mon, 2018-01-22 at 20:36 +0100, Johannes Engel via samba wrote: >> Dear all, >> >> setting up a DMZ

...at 21:30 +0100, Johannes Engel via samba wrote: > > > [2018/01/22 21:15:50.022197, 2] > > > ../source4/auth/ntlm/auth.c:475(auth_check_password_recv) > > > auth_check_password_recv: sam_failtrusts authentication for user > > > [MYDOMAIN\ldap] FAILED with error NT_STATUS_NO_TRUST_LSA_SECRET, > > > authoritative=1 > > > > Hmm. Are you sure the RODC's join to the domain is all OK? > > Certainly to me it looks ok: .. > Any thoughts? > Best regards > Johannes All I can suggest is trying Samba 4.8rc1. The stack involved changed again for 4.8...