Rejecting auth request from client COMPUTER machine account COMPUTER$ messages seem to be occurring on my Samba 3.0.21a running as a PDC. These type of messages concern me as they do not occur on Samba 3.0.20b. I had been getting reports of some stations having some weird access problems.
Is this some type of capitalization issue? or non-comparison of the actual machine accounts?
One one machine, I did a quick test and removed myself from the domain and added it back but with the system in CAPS eventhough it is displayed in lower case on the W2K System Properties. This stopped the messages.
In my site it is not feasible to go to 50 or so machines and re-join them to the domain. Clearly some change in 3.0.21a has been made that is causing this problem whereby in 3.0.20b this is NOT a problem at all.
Sorry I cannot provide more information as the system is a production system serving hundreds of users. I do see that others are having the same problem as reported in the Samba mailing list.
Can you get me a debug level 10 log and/or an ethereal trace of this please. It's urgent as I'd like to ensure this is fixed for 3.0.21b.
Would love to if I can isolate this further...remember I talking about a production system and also, it was not all the stations getting the problem just a lot of them. At this time I have to run 3.0.20b. A level 10 waiting for one person to have this is going to create quite a log mess (file use) since we have a few hundred users.
I understand the importance of getting this information and I'll certainly try to see what I can do.
(In reply to comment #2)
> Would love to if I can isolate this further...remember I talking about a
> production system and also, it was not all the stations getting the problem
> just a lot of them. At this time I have to run 3.0.20b. A level 10 waiting
> for one person to have this is going to create quite a log mess (file use)
> since we have a few hundred users.
> I understand the importance of getting this information and I'll certainly try
> to see what I can do.
This bug still exists on samba 3.0.21b. However, I have successfully isolated an instance that I could get a level 10 log. I'll include the thing here once I figure out how to do this. Hopefully, this bug can be fixed as I am still interested in upgrading to something later than 3.0.20b.
Created attachment 1717 [details]
Log containing failure message from a client.
(In reply to comment #4)
> Created an attachment (id=1717) 
> Log containing failure message from a client.
The failure log is contained on the Samba PDC after logging in on a MS Windows machine.
Just an update. You wouldn't *believe* the amount of trouble this one caused :-). I think I understand how to create a fix now, it'll be in 3.0.22 but I'd appreciate it if you could test the code once I've got it in SVN.
has this been fixed in the mean time and can the bug be closed?
(In reply to comment #7)
> has this been fixed in the mean time and can the bug be closed?
I'm running samba 3.2.5 in a Debian Lenny environment and can say that the problem is still there, at least for my BDC machine. The PDC doesn't seem to produce these messages in the volume the BDC does.
Drives me crazy with Windows 7 clients and samba 3.5.5. Authentication on PDC succeed most of the time (but not all), on BDC always fail. No problems with Win XP.
Uploading a loglevel=10 log and a tcpdump capture, hopefully this will solved forever, as I see many people have this problem.
Created attachment 5978 [details]
Samba log for a failed Win7 machine
Created attachment 5979 [details]
tcpdump capture for the same attempt
Created attachment 5980 [details]
tcpdump capture for the same attempt (try2, sorry for the previous)
What is the current status of that issue as this is similar to my filed bug, I am interested to solve that.
May I be of any help to investigate that further?
Created attachment 6009 [details]
Log level 256 samba.log
I created a log level 256 log of a login between windows 7 and a Samba 3.5.5
please have a look at it and enlighten us
well yes, Windows clients occasionally authenticate to servers with their machine account. You need to have a vadlid id mapping for the machine account also. This is not a samba bug.