I updated my samba PDC from 3.0.33 to 3.3.3 and now a lot of other tools fail.
A second server (still samba 3.0.33) on which winbind is running, not cannot connect anymore:
message on second server:
"Apr 10 01:49:27 backup winbindd: [2009/04/10 01:49:27, 0] nsswitch/winbindd_cache.c:initialize_winbindd_cache(2229)
Apr 10 01:49:27 backup winbindd: initialize_winbindd_cache: clearing cache and re-creating with version number 1
Apr 10 01:49:27 backup winbindd: [2009/04/10 01:49:27, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2363)
Apr 10 01:49:27 backup winbindd: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_INVALID_PARAMETER"
"Apr 10 01:49:26 fileserver smbd: [2009/04/10 01:49:26, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546)
Apr 10 01:49:26 fileserver smbd: _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client BACKUPSERVER machine account BACKUPSERVER$"
If it is a broken login the message should say this (but don't suppose that this is the reason) - I remember a quite similar problem with mod_smb_auth for apache when compiled with samba 3.0.0 - then there is no authentication possibl anymore against samba > 3.2
updating the second server to samba 3.3.3 solved the problem w/o rejoining the domain. - so it seems that there is something broken
Reproduced the spnego reply parse failure in 3-0-test winbindd while talking also to a 3.2.11 PDC.
Parts of the issues described here will be fixed with bug #6099.
Patches for bug #6099 will be included in 3.2.12 and 3.3.5.
Ok, that one is strange. Seems like winbind is not reseting the credential chain after having received NT_STATUS_INVALID_PARAMETER from the SamLogon call (due to broken credential chain).
Once I restart winbind, it usually works again.
Closing as fixed then.