Bug 9014 - Domain join problem (Samba PDC, Samba client)
Summary: Domain join problem (Samba PDC, Samba client)
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.6.6
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2012-06-28 15:33 UTC by Luc Lalonde
Modified: 2012-06-28 22:00 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Luc Lalonde 2012-06-28 15:33:30 UTC
I am unable to upgrade from Samba-3.3.15 to a recent version (Samba-3.6.6) because of this bug (feature?).

Here's what works:

Samba-PDC (version 3.6.5 on Linux CentOS 5.8 X86_64), LDAP backend
Samba-client (version 3.3.15 on Linux CentOS 5.8 X86_64) with 'security=DOMAIN, password server = fooserver, encrypt passwords = yes

Command issued:

[root@foobar]# net rpc join
Enter root's password:
Joined domain FOOBAR

Authentication and access to shares works and everything works great.

Here's where the problem comes:

1) Upgrade client to Samba-3.6.6
2) try do access shares on the client gets the error 'session setup failed: NT_STATUS_LOGON_FAILURE'

On the PDC, I have these errors:

Jun 28 11:10:47 licenses smbd[18499]: [2012/06/28 11:10:47.938942,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) 
Jun 28 11:10:47 licenses smbd[18499]:   _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client FOOBAR machine account FOOBAR$

Is there a new configuration directive that I'm missing?  Or is this a bug?
Comment 1 Luc Lalonde 2012-06-28 15:55:59 UTC
Oops, here's what was missing:

map untrusted to domain = yes

Sorry to disturb this list! Please close this ticket.