Bug 5629 - Updating trust accounts reports error, yet succeeds.
Summary: Updating trust accounts reports error, yet succeeds.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.2.0
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-23 11:26 UTC by John H Terpstra (mail address dead(
Modified: 2009-01-21 09:35 UTC (History)
1 user (show)

See Also:


Attachments
Log from PDC (721.71 KB, text/plain)
2008-07-29 14:31 UTC, John H Terpstra (mail address dead(
no flags Details
Log from BDC (721.68 KB, text/plain)
2008-07-29 14:31 UTC, John H Terpstra (mail address dead(
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra (mail address dead( 2008-07-23 11:26:33 UTC
1) Executing "net rpc join" reports the following error.  The join does is OK.  LDAP logs show that the trust account has been updated. Here is the log message:

[2008/07/23 11:20:21,  0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client MERLIN machine account MERLIN$
[2008/07/23 11:20:21,  0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(520)
  _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client MERLIN machine account MERLIN$


Note: The LDAP update record for this transaction (from replog) is as follows:

time: 1216830023
dn: uid=merlin$,ou=Computers,ou=Users,dc=terpstra-world,dc=org
changetype: modify
delete: sambaNTPassword
sambaNTPassword: BE896A235BDAF69CCEA11817B8FA6E21
-
add: sambaNTPassword
sambaNTPassword: A47F2DC59F56F61DC96CFEE9E72E7233
-
replace: entryCSN
entryCSN: 20080723162023Z#000000#00#000000
-
replace: modifiersName
modifiersName: cn=Manager,dc=terpstra-world,dc=org
-
replace: modifyTimestamp
modifyTimestamp: 20080723162023Z
-

Please let me know if you need a log level 10 log of this.
Comment 1 Michael Adam 2008-07-29 14:21:23 UTC
Hi John,

Yes, I think a higher level log of the server would help here.
And could you provide the output of the net rpc join command,
preferably the plain output and a level 10 output.

(I guess the small log excerpt must be from the dc's log.smbd.)

Cheers - Michael
Comment 2 John H Terpstra (mail address dead( 2008-07-29 14:31:08 UTC
Created attachment 3442 [details]
Log from PDC
Comment 3 John H Terpstra (mail address dead( 2008-07-29 14:31:33 UTC
Created attachment 3443 [details]
Log from BDC
Comment 4 John H Terpstra (mail address dead( 2008-07-29 14:32:39 UTC
(In reply to comment #2)
> Created an attachment (id=3442) [edit]
> Log from PDC
> 

(In reply to comment #1)
> Hi John,
> 
> Yes, I think a higher level log of the server would help here.
> And could you provide the output of the net rpc join command,
> preferably the plain output and a level 10 output.
> 
> (I guess the small log excerpt must be from the dc's log.smbd.)
> 
> Cheers - Michael
> 

I have uploaded them.  Karolin has bene looking at these logs also.  Please discuss with her.

cheers,
John T.
Comment 5 Michael Adam 2008-07-29 14:46:03 UTC
Hmm, these are the server logs - thanks.
And what does "net rpc join" say? (plain and lvl 10?)

Cheers - Michael
Comment 6 John H Terpstra (mail address dead( 2009-01-21 09:35:36 UTC
No longer an issue in current code.