Re: [Samba] Samba rejecting Machine account auth requests
Hey Marc/List, Happy to announce that problem is fixed, it was more of my ignorance of some points, but after some reading and tests I can see this on dig: root@pve1:~# dig @10.10.10.9 example.local ; DiG 9.7.3 @10.10.10.9 example.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 57914 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;example.local.IN A ;; ANSWER SECTION: example.local. 900 IN A 2xx.xxx.xxx.xxx example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 192.168.5.5 ;; AUTHORITY SECTION: example.local. 900 IN NS samba.example.local. ;; ADDITIONAL SECTION: samba.example.local. 900 IN A 10.10.10.5 samba.example.local. 900 IN A 2xx.xxx.xxx.xxx ;; Query time: 1 msec ;; SERVER: 10.10.10.9#53(10.10.10.9) ;; WHEN: Sat Jun 22 19:53:51 2013 ;; MSG SIZE rcvd: 164 root@pve1:~# dig @10.10.10.9 example.local ; DiG 9.7.3 @10.10.10.9 example.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61873 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;example.local.IN A ;; ANSWER SECTION: example.local. 900 IN A 192.168.5.5 example.local. 900 IN A 2xx.xxx.xxx.xxx example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 10.10.10.15 example.local. 900 IN A 10.10.10.20 ;; AUTHORITY SECTION: example.local. 900 IN NS samba.example.local. ;; ADDITIONAL SECTION: samba.example.local. 900 IN A 2xx.xxx.xxx.xxx samba.example.local. 900 IN A 10.10.10.5 ;; Query time: 1 msec ;; SERVER: 10.10.10.9#53(10.10.10.9) ;; WHEN: Sat Jun 22 19:57:02 2013 ;; MSG SIZE rcvd: 164 root@pve1:~# dig @10.10.10.9 example.local ; DiG 9.7.3 @10.10.10.9 example.local ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28667 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;example.local.IN A ;; ANSWER SECTION: example.local. 900 IN A 10.10.10.20 example.local. 900 IN A 192.168.5.5 example.local. 900 IN A 2xx.xxx.xxx.xxx example.local. 900 IN A 10.10.10.5 example.local. 900 IN A 10.10.10.15 ;; AUTHORITY SECTION: example.local. 900 IN NS samba.example.local. ;; ADDITIONAL SECTION: samba.example.local. 900 IN A 10.10.10.5 samba.example.local. 900 IN A 2xx.xxx.xxx.xxx ;; Query time: 0 msec ;; SERVER: 10.10.10.9#53(10.10.10.9) ;; WHEN: Sat Jun 22 19:57:19 2013 ;; MSG SIZE rcvd: 164 My other issue the inability to add/delete records from the example.local zone persists. Thanks I hope this can be fixed in the future. Cheers. On 6/21/2013 9:08 PM, Julien Savoie wrote: On 13/06/13 12:37 AM, Julien Savoie wrote: On 21/08/12 11:46 AM, John Drescher wrote: I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? I believe the problem is caused when the machine changes the password and no user is logged in at that time. To avoid this issue I have disabled the machines from changing their passwords via the registry. I'm also experiencing this issue in production here. It appears to be a new problem and didn't happen with my older version of Samba (3.5.6 on Debian squeeze) Jun 13 00:23:49 ldap smbd[5241]: [2013/06/13 00:23:49.807899, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Jun 13 00:23:49 ldap smbd[5241]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client HFX-B0253 machine account HFX-B0253$ I'm on Debian wheezy running Samba 3.6.6 # pdbedit -u HFX-B0253$ -v Unix username:hfx-b0253$ NT username: hfx-b0253$ Account desc: Computer Password last set:Thu, 02 May 2013 18:03:19 ADT Password can change: Thu, 02
Re: [Samba] Samba rejecting Machine account auth requests
On 13/06/13 12:37 AM, Julien Savoie wrote: On 21/08/12 11:46 AM, John Drescher wrote: I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? I believe the problem is caused when the machine changes the password and no user is logged in at that time. To avoid this issue I have disabled the machines from changing their passwords via the registry. I'm also experiencing this issue in production here. It appears to be a new problem and didn't happen with my older version of Samba (3.5.6 on Debian squeeze) Jun 13 00:23:49 ldap smbd[5241]: [2013/06/13 00:23:49.807899, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Jun 13 00:23:49 ldap smbd[5241]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client HFX-B0253 machine account HFX-B0253$ I'm on Debian wheezy running Samba 3.6.6 # pdbedit -u HFX-B0253$ -v Unix username:hfx-b0253$ NT username: hfx-b0253$ Account desc: Computer Password last set:Thu, 02 May 2013 18:03:19 ADT Password can change: Thu, 02 May 2013 18:03:19 ADT Password must change: never It's as if machine account password changes stopped functioning. Rejoined machines to the domain, 7 days later this is reoccurring. # pdbedit -u acct$ -v Unix username:acct$ NT username: acct$ Password last set:Wed, 12 Jun 2013 22:35:21 ADT Password can change: Wed, 12 Jun 2013 22:35:21 ADT Password must change: never rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client ACCT machine account ACCT$ [2013/06/12 22:35:21.461137, 0] rpc_server/srv_pipe.c:1254(api_pipe_bind_auth3) Anyone have any idea why this might not be working? I haven't changed anything in the configuration files between Samba 3.5.6 and 3.6.6. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba rejecting Machine account auth requests
On 21/08/12 11:46 AM, John Drescher wrote: I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? I believe the problem is caused when the machine changes the password and no user is logged in at that time. To avoid this issue I have disabled the machines from changing their passwords via the registry. I'm also experiencing this issue in production here. It appears to be a new problem and didn't happen with my older version of Samba (3.5.6 on Debian squeeze) Jun 13 00:23:49 ldap smbd[5241]: [2013/06/13 00:23:49.807899, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) Jun 13 00:23:49 ldap smbd[5241]: _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client HFX-B0253 machine account HFX-B0253$ I'm on Debian wheezy running Samba 3.6.6 # pdbedit -u HFX-B0253$ -v Unix username:hfx-b0253$ NT username: hfx-b0253$ Account desc: Computer Password last set:Thu, 02 May 2013 18:03:19 ADT Password can change: Thu, 02 May 2013 18:03:19 ADT Password must change: never It's as if machine account password changes stopped functioning. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba rejecting Machine account auth requests.
Hi, I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? Regards, -- Tom Diehl tdi...@tntechs.com SpamTrap Address mtd...@tntechs.com 215-741-3813 Please note: Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba rejecting Machine account auth requests
i, I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? Regards, -- Tom Diehl tdi...@rogueind.com Spamtrap address mtd...@rogueind.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba rejecting Machine account auth requests
I have a samba domain with over 100 machines in it. For some reason every 30-35 days, 2 of the machines fail the trust relationship at login and need to be removed from the domain and rejoined. In the logs I see the following: [2012/08/21 07:55:52.981302, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client RED-TEAM machine account RED-TEAM$ I am running samba 3.6.6 on a Centos-5 machine. Does anyone have any suggestions on what could cause this or how to troubleshoot this problem? I believe the problem is caused when the machine changes the password and no user is logged in at that time. To avoid this issue I have disabled the machines from changing their passwords via the registry. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba