Bug 3366 - Lots of rejecting auth request messages
Summary: Lots of rejecting auth request messages
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.21a
Hardware: x86 Windows 2000
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-01-01 09:27 UTC by Daniel Beschorner (dead mail address)
Modified: 2007-03-05 10:25 UTC (History)
3 users (show)

See Also:

Level 10 log (26.79 KB, text/plain)
2006-01-01 13:17 UTC, Daniel Beschorner (dead mail address)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Beschorner (dead mail address) 2006-01-01 09:27:18 UTC
[2006/01/01 17:12:40, 0] libsmb/credentials.c:creds_server_check(159)
  creds_server_check: credentials check failed.
[2006/01/01 17:12:40, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
  _net_sam_logon: creds_server_step failed. Rejecting auth request from client WORKSTATION machine account WORKSTATION$
Comment 1 Jeremy Allison 2006-01-01 09:32:00 UTC
More details please. How is this reproduced, under what circumstances, which clients, how often - intermittent or constant. This is a very abbreviated bug report. Can't do much with this without a lot more data.

Comment 2 Daniel Beschorner (dead mail address) 2006-01-01 09:48:04 UTC
The bug report is this short because of the generality of the messages.
Produced obviously by every client type (W2K, XP, W2003) on every auth process.
F.e. the Exchange server gives this 2 lines in the logs for every Outlook client connecting to.
Nothing to find in the client events. At the moment I can see no lack of functionality.
If a level 10 log is useful, I can generate it.
Comment 3 Jeremy Allison 2006-01-01 09:58:26 UTC
Yes, a level 10 debug log from an smbd serving a single client would be very useful, thanks.

Comment 4 Daniel Beschorner (dead mail address) 2006-01-01 10:16:14 UTC
Ok, I've sent it to you per mail.
Comment 5 Jeremy Allison 2006-01-01 10:19:48 UTC
Please attach it to the bug report instead of sending it to me as mail, I'll just clog my in-box and really needs to be associated with the bug if anyone else needs to analyse it anyway.
Comment 6 Daniel Beschorner (dead mail address) 2006-01-01 10:43:48 UTC
I'm always a little bit afraid of revealing the level 10 logs of our company's network including passwords to whole world.
But the attachments seem to have no privileges, f.e. developers only.
To provide it fast I intentionally sent it per mail, I can add a somehow obfuscated part of the log later.
Comment 7 Jeremy Allison 2006-01-01 10:55:54 UTC
Ok, checked out your log file - we're successfully storing the netauth2 credentials but only restoring them in the schannel case it looks like. Can you try adding "server schannel = true" to the global section of your smb.conf and see if it fixes it.
Comment 8 Jeremy Allison 2006-01-01 10:58:14 UTC
The other thing to note is that this is an informational message, the client seems to re-authenticate using the NETAUTH2 call and continue successfully, without a problem that I can see.
Comment 9 Daniel Beschorner (dead mail address) 2006-01-01 12:21:16 UTC
I've tried server schannel = true, it doesn't fix it.

Comment 10 Daniel Beschorner (dead mail address) 2006-01-01 13:17:49 UTC
Created attachment 1640 [details]
Level 10 log
Comment 11 Jörn Nettingsmeier 2006-01-03 05:22:28 UTC
i'm seeing this also. clients are w2k and xp, server is samba-3.0.21a (SuSE packages by lmuelle). no apparent loss of functionality, but still disquieting.
the following messages occur whenever a user logs on or unlocks a machine:

Jan  3 13:00:29 pol-serv1 smbd[31586]: [2006/01/03 13:00:29, 0] libsmb/credentials.c:creds_server_check(159)
Jan  3 13:00:29 pol-serv1 smbd[31586]:   creds_server_check: credentials check failed.
Jan  3 13:00:29 pol-serv1 smbd[31586]: [2006/01/03 13:00:29, 0] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
Jan  3 13:00:29 pol-serv1 smbd[31586]:   _net_sam_logon: creds_server_step failed. Rejecting auth request from client POL-24 machine account POL-24$

i also tried server schannel = yes as requested by jeremy, but it does not help.
Comment 12 Jeremy Allison 2006-01-04 16:23:02 UTC
I think it's pretty harmless - I'll ensure this message debug level is raised for 3.0.22. I still need to do more investigation but it's not a funtionality problem for clients.
Comment 13 Daniel Beschorner (dead mail address) 2006-01-31 10:38:59 UTC
Messages disappeared in 3.0.21b and debug level 1.

Comment 14 Gerald Able 2007-03-05 10:25:12 UTC
happens on one of our systems aswell (samba-3.0.23c, Windows XP Pro SP2):

[2007/03/02 07:56:08, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
  _net_auth2: creds_server_check failed. Rejecting auth request from client ACER-E1345 machine account ACER-E1345$
[2007/03/02 12:58:12, 0] smbd/service.c:set_current_service(150)
  chdir (/data/Admin) failed