The Samba-Bugzilla – Bug 4126
Rejecting auth request from client
Last modified: 2006-09-26 07:34:22 UTC
Samba started rejecting some (like 25 out of 150) machines like a few days ago,
In the log.smbd I get some messages like these.
[2006/09/25 13:04:33, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(478)
_net_auth2: creds_server_check failed. Rejecting auth request from client L265PC01 machine account L265PC01$
Now I started investigating the problem and I found some values got changed without any reason.
I'm using the mysql PDB but I don't think the problem lies within this package.
The values that are getting changed are the ones in the nt_pw field in the mysql user table.
I compared the values with the ones from a backup 2 weeks ago.
As soon as these values changed logons from that computers where impossible.
When I manually edit the mysql field and put it back to the value I had in a backup everything works again.
Is there anyone who found the same problem like me or anyone who knows a solution?
I'm Using a AMD athlon 64 4400+
2GB DDR memory
debian (latest stable)
samba and mysql-pdb are own compiled.
In addition to my post:
From the moment a user logs in onto one of these machines the nt_pw values changes back to something else and again logons from that point are rejected.
Found the cause of the problem,
Our computers are using a security utility called "Skanix Illusion"
It restores stuff like the registry when the computer gets rebooted.
Domain computers often change some kind of ID that is stored into the nt_pw field.
I just had to set the account option [X]