Bug 6135 - windbind dropping off domain every 5 minutes (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
Summary: windbind dropping off domain every 5 minutes (NT_STATUS_NO_TRUST_SAM_ACCOUNT)
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.8
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-23 05:49 UTC by Joseph Spadavecchia
Modified: 2018-12-09 17:26 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Spadavecchia 2009-02-23 05:49:57 UTC 
This problem started after upgrading from samba-3.0.24 to 3.2.1, without any changes our domain controllers.  We tried upgrading to 3.2.8, but the problem is still present.

Winbindd drops off the domain every 5 minutes (or every 45 minutes, depending on the selected domain controller).  The domain controllers are running Windows server 2003 r2.

We get the error message

"Feb 23 09:11:03 wbinfo, fallen off domain. error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b) Could not check secret checking the trust secret via RPC calls failed"

We use an RPC-style join, i.e.,

/usr/bin/net rpc join -S examplea02 -U "user%pass"

The debug info obtained with

smbcontrol winbindd debug 10

indicates that (for some reason) winbind seems to start doing kerberos auth.  We have explicitly set the following in smb.conf to disable kerberos.

client use spnego = no

Please find below the contents of smb.conf and winbind log file.

==== smb.conf ====

[global]

   workgroup = example
   password server = examplea02

   server string = Samba Server

   security = domain

   winbind uid = 10000-20000
   winbind gid = 10000-20000

   log file = /var/log.%m

   max log size = 50

   dns proxy = no

[homes]
   comment = Home Directories
   browseable = no
   writable = yes


==== log.wb-EXAMPLE ====

[2009/02/20 13:56:05,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x38 bind request returned ok.
[2009/02/20 13:56:05,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x402d bind request returned ok.
[2009/02/20 13:56:05,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 13:56:05,  3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362)
  [  907]: list trusted domains
[2009/02/20 13:56:05,  3] winbindd/winbindd_ads.c:sequence_number(1215)
  ads: fetch sequence_number for EXAMPLE
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 13:56:05,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 13:56:05,  3] libads/ldap.c:ads_connect(518)
  Connected to LDAP server example001new.example.com
[2009/02/20 13:56:05,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/02/20 13:56:05,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/02/20 13:56:05,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/02/20 13:56:05,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 13:56:05,  3] libads/sasl.c:ads_sasl_spnego_bind(789)
  ads_sasl_spnego_bind: got server principal name = example001new$@EXAMPLE.COM
[2009/02/20 13:56:05,  3] libsmb/clikrb5.c:ads_krb5_mk_req(671)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/02/20 13:56:05,  0] libads/kerberos.c:ads_kinit_password(356)
  kerberos_kinit_password OLDREPORTING$@EXAMPLE.COM failed: Clients credentials have been revoked
[2009/02/20 13:56:05,  1] winbindd/winbindd_ads.c:ads_cached_connection(127)
  ads_connect for domain EXAMPLE failed: Clients credentials have been revoked
[2009/02/20 13:56:05,  3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(370)
  winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL
[2009/02/20 13:56:16,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=110)
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 13:56:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=example001new$@EXAMPLE.COM
[2009/02/20 13:56:16,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/02/20 13:56:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
[2009/02/20 13:56:16,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/02/20 13:56:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:16,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/02/20 13:56:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:17,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 13:56:17,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine example001new.example.com pipe \NETLOGON fnum 0x4001 bind request returned ok.
[2009/02/20 13:56:17,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(65)
  could not open handle to NETLOGON pipe
[2009/02/20 13:56:17,  2] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(95)
  Checking the trust account password returned NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/02/20 13:56:17,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=107)
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 13:56:17,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=examplea02$@EXAMPLE.COM
[2009/02/20 13:56:17,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/02/20 13:56:17,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
[2009/02/20 13:56:17,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/02/20 13:56:17,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:17,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/02/20 13:56:17,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:17,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x18 bind request returned ok.
[2009/02/20 13:56:17,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x8032 bind request returned ok.
[2009/02/20 13:56:17,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 13:56:29,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=107)
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
[2009/02/20 13:56:29,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=examplea02$@EXAMPLE.COM
[2009/02/20 13:56:29,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/02/20 13:56:29,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
[2009/02/20 13:56:29,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/02/20 13:56:29,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:29,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/02/20 13:56:29,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:29,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0xc038 bind request returned ok.
[2009/02/20 13:56:29,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x6 bind request returned ok.
[2009/02/20 13:56:29,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 13:56:41,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=107)
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 13:56:41,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=examplea02$@EXAMPLE.COM
[2009/02/20 13:56:41,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/02/20 13:56:41,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
[2009/02/20 13:56:41,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/02/20 13:56:41,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:41,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/02/20 13:56:41,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 13:56:41,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0xc01c bind request returned ok.
[2009/02/20 13:56:41,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x800b bind request returned ok.
[2009/02/20 13:56:41,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libsmb/namequery.c:resolve_lmhosts(1224)
  resolve_lmhosts: Attempting lmhosts lookup for name example001new.example.com<0x20>
[2009/02/20 14:01:16,  3] libsmb/namequery.c:resolve_wins(1088)
  resolve_wins: Attempting wins lookup for name example001new.example.com<0x20>
[2009/02/20 14:01:16,  3] libsmb/namequery.c:resolve_wins(1092)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2009/02/20 14:01:16,  3] libsmb/namequery.c:resolve_hosts(1306)
  resolve_hosts: Attempting host lookup for name example001new.example.com<0x20>
[2009/02/20 14:01:16,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:01:16,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:01:16,  3] libads/ldap.c:ads_connect(518)
  Connected to LDAP server example001new.example.com
[2009/02/20 14:01:16,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/02/20 14:01:16,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/02/20 14:01:16,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/02/20 14:01:16,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 14:01:16,  3] libads/sasl.c:ads_sasl_spnego_bind(789)
  ads_sasl_spnego_bind: got server principal name = example001new$@EXAMPLE.COM
[2009/02/20 14:01:16,  3] libsmb/clikrb5.c:ads_krb5_mk_req(671)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/02/20 14:01:16,  0] libads/kerberos.c:ads_kinit_password(356)
  kerberos_kinit_password OLDREPORTING$@EXAMPLE.COM failed: Clients credentials have been revoked
[2009/02/20 14:01:16,  1] winbindd/winbindd_ads.c:ads_cached_connection(127)
  ads_connect for domain EXAMPLE failed: Clients credentials have been revoked
[2009/02/20 14:01:16,  3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(370)
  winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL
[2009/02/20 14:01:16,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=110)
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(858)
  got principal=example001new$@EXAMPLE.COM
[2009/02/20 14:01:16,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
  Got challenge flags:
[2009/02/20 14:01:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x62898215
[2009/02/20 14:01:16,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
  NTLMSSP: Set final flags:
[2009/02/20 14:01:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 14:01:16,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
  NTLMSSP Sign/Seal - Initialising with flags:
[2009/02/20 14:01:16,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2009/02/20 14:01:16,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:01:16,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine example001new.example.com pipe \NETLOGON fnum 0xc007 bind request returned ok.
[2009/02/20 14:01:16,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(65)
  could not open handle to NETLOGON pipe
[2009/02/20 14:01:16,  2] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(95)
  Checking the trust account password returned NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/02/20 14:01:16,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [  907]: check machine account
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(823)
  Doing spnego session setup (blob length=107)
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 48018 1 2 2
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2
[2009/02/20 14:01:16,  3] libsmb/cliconnect.c:cli_session_setup_spnego(850)
  got OID=1 2 840 113554 1 2 2 3
[2009/02/20 14:12:03,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [20100]: check machine account
[2009/02/20 14:12:03,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:12:03,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0xc00a bind request returned ok.
[2009/02/20 14:12:03,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0xf bind request returned ok.
[2009/02/20 14:12:03,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 14:12:15,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [20100]: check machine account
[2009/02/20 14:12:15,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:12:15,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x24 bind request returned ok.
[2009/02/20 14:12:15,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x13 bind request returned ok.
[2009/02/20 14:12:15,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(362)
  [20100]: list trusted domains
[2009/02/20 14:12:27,  3] winbindd/winbindd_ads.c:sequence_number(1215)
  ads: fetch sequence_number for EXAMPLE
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libsmb/namequery.c:resolve_lmhosts(1224)
  resolve_lmhosts: Attempting lmhosts lookup for name example001new.example.com<0x20>
[2009/02/20 14:12:27,  3] libsmb/namequery.c:resolve_wins(1088)
  resolve_wins: Attempting wins lookup for name example001new.example.com<0x20>
[2009/02/20 14:12:27,  3] libsmb/namequery.c:resolve_wins(1092)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2009/02/20 14:12:27,  3] libsmb/namequery.c:resolve_hosts(1306)
  resolve_hosts: Attempting host lookup for name example001new.example.com<0x20>
[2009/02/20 14:12:27,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libsmb/namequery.c:get_dc_list(1971)
  get_dc_list: preferred server list: "example001new.example.com, *"
[2009/02/20 14:12:27,  3] libads/ldap.c:ads_connect(468)
  Successfully contacted LDAP server 10.20.17.101
[2009/02/20 14:12:27,  3] libads/ldap.c:ads_connect(518)
  Connected to LDAP server example001new.example.com
[2009/02/20 14:12:27,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2009/02/20 14:12:27,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2009/02/20 14:12:27,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2009/02/20 14:12:27,  3] libads/sasl.c:ads_sasl_spnego_bind(780)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2009/02/20 14:12:27,  3] libads/sasl.c:ads_sasl_spnego_bind(789)
  ads_sasl_spnego_bind: got server principal name = example001new$@EXAMPLE.COM
[2009/02/20 14:12:27,  3] libsmb/clikrb5.c:ads_krb5_mk_req(671)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2009/02/20 14:12:27,  0] libads/kerberos.c:ads_kinit_password(356)
  kerberos_kinit_password OLDREPORTING$@EXAMPLE.COM failed: Clients credentials have been revoked
[2009/02/20 14:12:27,  1] winbindd/winbindd_ads.c:ads_cached_connection(127)
  ads_connect for domain EXAMPLE failed: Clients credentials have been revoked
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_list_trusted_domains(370)
  winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [20100]: check machine account
[2009/02/20 14:12:27,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:12:27,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine example001new.example.com pipe \NETLOGON fnum 0x19 bind request returned ok.
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(65)
  could not open handle to NETLOGON pipe
[2009/02/20 14:12:27,  2] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(95)
  Checking the trust account password returned NT_STATUS_NO_TRUST_SAM_ACCOUNT
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [20100]: check machine account
[2009/02/20 14:12:27,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:12:27,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x400e bind request returned ok.
[2009/02/20 14:12:27,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x4019 bind request returned ok.
[2009/02/20 14:12:27,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
[2009/02/20 14:12:39,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(46)
  [20100]: check machine account
[2009/02/20 14:12:39,  3] winbindd/winbindd_cm.c:cm_get_ipc_userpass(556)
  cm_get_ipc_userpass: No auth-user defined
[2009/02/20 14:12:39,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0xc038 bind request returned ok.
[2009/02/20 14:12:39,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
  rpc_pipe_bind: Remote machine examplea02 pipe \NETLOGON fnum 0x402f bind request returned ok.
[2009/02/20 14:12:39,  3] winbindd/winbindd_misc.c:winbindd_dual_check_machine_acct(86)
  secret is good
Comment 1 Guenther Deschner 2009-08-06 18:55:30 UTC 
What is the reason to set "client use spnego = no" ?
Comment 2 Stefan Metzmacher 2011-07-30 09:31:18 UTC 
Does this still happen with 3.5.10?
Comment 3 Björn Jacke 2018-12-09 17:26:53 UTC 
ne feedbacknand i'm sure this is not a generic issue these days.