9014 – Domain join problem (Samba PDC, Samba client)

Bug 9014 - Domain join problem (Samba PDC, Samba client)

Summary: Domain join problem (Samba PDC, Samba client)

Status:	RESOLVED INVALID

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	Client Tools (show other bugs)
Version:	3.6.6
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-06-28 15:33 UTC by Luc Lalonde
Modified:	2012-06-28 22:00 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Luc Lalonde 2012-06-28 15:33:30 UTC

I am unable to upgrade from Samba-3.3.15 to a recent version (Samba-3.6.6) because of this bug (feature?).

Here's what works:

Samba-PDC (version 3.6.5 on Linux CentOS 5.8 X86_64), LDAP backend
Samba-client (version 3.3.15 on Linux CentOS 5.8 X86_64) with 'security=DOMAIN, password server = fooserver, encrypt passwords = yes

Command issued:

[root@foobar]# net rpc join
Enter root's password:
Joined domain FOOBAR

Authentication and access to shares works and everything works great.

Here's where the problem comes:

1) Upgrade client to Samba-3.6.6
2) try do access shares on the client gets the error 'session setup failed: NT_STATUS_LOGON_FAILURE'

On the PDC, I have these errors:

Jun 28 11:10:47 licenses smbd[18499]: [2012/06/28 11:10:47.938942,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) 
Jun 28 11:10:47 licenses smbd[18499]:   _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client FOOBAR machine account FOOBAR$

Is there a new configuration directive that I'm missing?  Or is this a bug?

Comment 1 Luc Lalonde 2012-06-28 15:55:59 UTC

Oops, here's what was missing:

map untrusted to domain = yes

Sorry to disturb this list! Please close this ticket.