On Wed, 2006-01-25 at 11:42 +0100, Andreas Unterkircher wrote:
Hello list,
I'm using several samba server (mix between v2.2 and v3.0 versions)
within an Active Directory domain. These servers are normal domain
members and winbind is used to lookup the domain users on the linux
machines.
Sometimes it looks like that some of the servers get kicked out of the
domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages
appear and samba stopps authenticate users against domain.
The computer account is still present in Active Directory. I've check
if the account has expired but it's expired time is far away
(9223372036854775807, in 2038 ...). The account is neither inactive,
disabled or locked out.
When I try to rejoin on the existing computer account (smbpasswd -j,
net join) it works on samba side but in the domain controllers event
log I see some of the following errors:
The session setup from the computer SRV-MFM-30 failed to authenticate.
The name of the account referenced in the security database is
SRV-MFM-30$. The following error occurred: Access is denied.
I have to remove the computer object and join the domain again. Then
everything works again (for some time).
This happens with security=domain (rpc) and also with security=ads
(ldap,kdc,...). The timeframe ist mostly 2 or 3 months.
Anyone has a clue what can cause this or encountered similar problems?
Password expiry is configured from group or domain policy, not a value
on the entry. The command 'net ads changetrustpw' should fix it.
We should handle this automatically, but don't (please file a bug, if
there isn't one already).
Andrew Bartlett
--
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
