Hi! As the help of the samba mailing list does not lead to anything, and everything I tried to troubleshoot was not sucessfully - I do file a bug here: I am using Ubuntu 8.04.4 with samba 3.5.4 and ldap as backend. If a windows 7 machine (with the registry entries according the samba - windows 7 wiki) joins the domain, the domain controller refuses the machine account every logon of a domain user: netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client XXX machine account XXX$ The machine accounts are visible on the linux host (getent passwd) and as add machine scripts I am using the smbldap-tools. Windows XP does not show that behaviour. Maybe I can find some more help here. regards Martin
Probably 3447 and this are the same
(In reply to comment #1) > Probably 3447 and this are the same > Sounds quit similar, I monitor both further, but I am missing kind of reaction from the developers here regards
Created attachment 6008 [details] Log level 256 samba.log I did a log level 256 - login with samba 3.5.5 and windows 7 Please find the log attached and have a look at it
Created attachment 6243 [details] Log 10 level when joining to domain Log level 10 for adding Windows 7 to domain
I have the same problem when joining to domain with Win 7. Windows 2000 and XP join OK. The attachment added above.
Very likely this is a dup of bug 7743. Can you try the patch in there? https://bugzilla.samba.org/attachment.cgi?id=6027&action=view 3.5.7 with this patch will be released very soon, you might consider waiting. Volker
I'll wait for 3.5.7.
I tested 3.5.8 today and I still see the reject errors. I tried to manually drop a machine out of the domain and join the domain again ... still the same "reject messages" regards Martin
Wait, are you seeing the failure just in the logs (which is normal, as win7 asks for AES keys in the first place, we deny, client retries with different flags) OR is there a real failure in win7 domain membership ?
(In reply to comment #9) > Wait, are you seeing the failure just in the logs (which is normal, as win7 > asks for AES keys in the first place, we deny, client retries with different > flags) OR is there a real failure in win7 domain membership ? In my case, I think it is the former. I was not testing it much. Anyway, I think I'll have to move to samba 4 :) Regards, Olaf
(In reply to comment #9) > Wait, are you seeing the failure just in the logs (which is normal, as win7 > asks for AES keys in the first place, we deny, client retries with different > flags) OR is there a real failure in win7 domain membership ? Hi Günther! As I said in my first description only windows 7 machines are affected. It makes no troubles except that win7 machines are not able to change their machine password with samba 3.5.xx regards
Hi, it´s an old bug but i thought it might help others to say that in my case there was a corrupted tdb in /var/cache/samba. we had a server crash so i guess one of them got corrupted. i moved: login_cache.tdb, netsamlogon_cache.tdb and winbindd_cache.tdb restarted samba and winbind and was able to login with my win7 x64 latest patches as of feb. 07 2012. i did not invesigate further, but the first file that was created upon login was login_cache.tdb so maybe it´s sufficient to delete or move only this one. but the logs say "netlogon_creds_server_check failed. Rejecting auth request from client xxx machine account xxx$" so netsamlogon_cache.tdb could be the problem as well. cheers, sascha ps: specs: ubuntu 10.4 with 3.4.7~dfsg-1ubuntu3.8 and ldap backend. windows 7 x64 was able to join domain but not to login with any domain-account.
no such problem known these days with recent samba versions, closing.