I updated my samba PDC from 3.0.33 to 3.3.3 and now a lot of other tools fail. A second server (still samba 3.0.33) on which winbind is running, not cannot connect anymore: message on second server: "Apr 10 01:49:27 backup winbindd[1481]: [2009/04/10 01:49:27, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2229) Apr 10 01:49:27 backup winbindd[1481]: initialize_winbindd_cache: clearing cache and re-creating with version number 1 Apr 10 01:49:27 backup winbindd[1482]: [2009/04/10 01:49:27, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363) Apr 10 01:49:27 backup winbindd[1482]: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER" PDC outputs: "Apr 10 01:49:26 fileserver smbd[30777]: [2009/04/10 01:49:26, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) Apr 10 01:49:26 fileserver smbd[30777]: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client BACKUPSERVER machine account BACKUPSERVER$" If it is a broken login the message should say this (but don't suppose that this is the reason) - I remember a quite similar problem with mod_smb_auth for apache when compiled with samba 3.0.0 - then there is no authentication possibl anymore against samba > 3.2
updating the second server to samba 3.3.3 solved the problem w/o rejoining the domain. - so it seems that there is something broken
Reproduced the spnego reply parse failure in 3-0-test winbindd while talking also to a 3.2.11 PDC.
Parts of the issues described here will be fixed with bug #6099.
Patches for bug #6099 will be included in 3.2.12 and 3.3.5.
Ok, that one is strange. Seems like winbind is not reseting the credential chain after having received NT_STATUS_INVALID_PARAMETER from the SamLogon call (due to broken credential chain). Once I restart winbind, it usually works again.
Closing as fixed then.