On Wed, 2006-01-25 at 11:42 +0100, Andreas Unterkircher wrote: > Hello list, > > I'm using several samba server (mix between v2.2 and v3.0 versions) > within an Active Directory domain. These servers are normal domain > members and winbind is used to lookup the domain users on the linux > machines. > > Sometimes it looks like that some of the servers get kicked out of the > domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages > appear and samba stopps authenticate users against domain. > > The computer account is still present in Active Directory. I've check > if the account has expired but it's expired time is far away > (9223372036854775807, in 2038 ...). The account is neither inactive, > disabled or locked out. > > When I try to rejoin on the existing computer account (smbpasswd -j, > net join) it works on samba side but in the domain controllers event > log I see some of the following errors: > > The session setup from the computer SRV-MFM-30 failed to authenticate. > The name of the account referenced in the security database is > SRV-MFM-30$. The following error occurred: Access is denied. > > I have to remove the computer object and join the domain again. Then > everything works again (for some time). > > This happens with security=domain (rpc) and also with security=ads > (ldap,kdc,...). The timeframe ist mostly 2 or 3 months. > > Anyone has a clue what can cause this or encountered similar problems?
Password expiry is configured from group or domain policy, not a value on the entry. The command 'net ads changetrustpw' should fix it. We should handle this automatically, but don't (please file a bug, if there isn't one already). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
