We had a bit of an oddity this morning when we tried to log on. On our Windows 7 machines, we had a message "the trust between this machine and the domain controller has failed". On the third log in attempt, it suceeded. The Windows XP machines seemed to log on ok with no problem. Below is the log file for my Windows 7 machine (LT1) log on.
We all eventually logged on Ok and all seems well.
I have made no changes to the server at all since it was installed at the beginning of the year.
No extra packages are installed.
Should I be worried about this? Anyone know what it means?
[2010/03/08 09:11:06, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client LT1 machine account LT1$
[2010/03/08 09:11:07, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/08 09:11:41, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/08 09:11:41, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 8479)
[2010/03/08 09:11:42, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 8479)
[2010/03/08 09:11:54, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogon
[2010/03/08 17:07:44, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/03/08 17:07:44, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = No route to host.
[2010/03/08 17:07:44, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service andy.lawton
[2010/03/09 09:11:14, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/09 09:11:14, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 12383)
[2010/03/09 09:11:14, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 12383)
[2010/03/09 09:11:24, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogon
[2010/03/09 14:17:01, 0] smbd/nttrans.c:2119(call_nt_transact_ioctl)
call_nt_transact_ioctl(0x900eb): Currently not implemented.
[2010/03/09 17:19:46, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:19:46, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 17:51:08, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 18:41:07, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 18:41:07, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/03/09 19:19:22, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/03/09 19:19:22, 0] lib/util_sock.c:1491(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = No route to host.
[2010/03/09 19:19:22, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service andy.lawton
[2010/03/10 09:04:53, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client LT1 machine account LT1$
[2010/03/10 09:04:53, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/10 09:05:26, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/10 09:05:26, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 26091)
[2010/03/10 09:05:26, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 26091)
[2010/03/10 09:05:39, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogon
[2010/03/10 13:44:18, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service andy.lawton
[2010/03/10 15:34:12, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/10 15:34:12, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 6427)
[2010/03/10 18:10:33, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service andy.lawton
[2010/03/11 09:14:37, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client LT1 machine account LT1$
[2010/03/11 09:14:37, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/11 09:15:11, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/11 09:15:11, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 474)
[2010/03/11 09:15:12, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 474)
[2010/03/11 09:15:27, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogon
[2010/03/11 17:10:23, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service andy.lawton
[2010/03/12 09:18:28, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client LT1 machine account LT1$
[2010/03/12 09:18:28, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/12 09:19:03, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/12 09:19:03, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 10499)
[2010/03/12 09:19:03, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 10499)
[2010/03/12 09:19:16, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogonWe all eventually logged on Ok and all seems well.
I have made no changes to the server at all since it was installed at the beginning of the year.
No extra packages are installed.
Should I be worried about this? Anyone know what it means?
Share this post:
Responses (13)
-
Accepted Answer
There has been an issue with samba account passwords expiring, which may also be affecting your machine trust accounts - can you check the output of the following
pdbedit -u LT1$ -v | grep -i password
Password last set: Sat, 20 Feb 2010 14:15:17 GMT
Password can change: Sat, 20 Feb 2010 14:15:17 GMT
Password must change: never
Last bad password : 0
Bad password count : 0
Where LT1$ appears to be your machine account name
Do you have all the recent updates applied to ClearOS? there have been some Samba upgrades recently -
Accepted Answer
-
Accepted Answer
The output of pdbedit is:
Password last set: Fri, 05 Mar 2010 09:25:11 GMT
Password can change: Fri, 05 Mar 2010 09:25:11 GMT
Password must change: Wed, 01 Sep 2010 10:25:11 BST
Last bad password : 0
Bad password count : 0
The last updates are from the Software Updates page:
:
samba - Samba SMB client and server 3.4.6-1.1.v5 03/04/10 03/04/10
samba-client - Samba (SMB) client programs. 3.4.6-1.1.v5 03/04/10 03/04/10
samba-common - Files used by both Samba servers and clients. 3.4.6-1.1.v5 03/04/10 03/04/10
samba-schema - Samba LDAP schema 3.4.6-1.1.v5 03/04/10 03/04/10
samba-winbind - Samba winbind 3.4.6-1.1.v5 03/04/10 03/04/10
So it looks like the passwords are set to expire - but not for a while yet. How do I change that? -
Accepted Answer
There is another recent update to 3.4.7-1 which should include the changes. The original bug was submitted on the 2nd Mar so may have just missed the 3.4.6 update... ClearCenter update page doesn't show 3.4.7 yet
http://clearsdn.clearcenter.com/software/browse.php?pid=10510
yum clean all
yum upgrade
From the console should do the trick -
Accepted Answer
-
Accepted Answer
Well it's Monday morning and the same problem seems to still be here. It took me 4 attempts to log in this morning, with the "failed trust" error as before. One of the users had a problem with his XP machine, with the error being along the lines of the machine was not recognised. Trying a few more times allows you to log in.
The log file shows:
[2010/03/15 09:14:52, 0] rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
_netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client LT1 machine account LT1$
[2010/03/15 09:14:53, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/15 09:15:27, 1] smbd/session.c:111(session_claim)
Re-using invalid record
[2010/03/15 09:15:27, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service andy.lawton initially as user andy.lawton (uid=1000, gid=400) (pid 2837)
[2010/03/15 09:15:28, 1] smbd/service.c:1063(make_connection_snum)
lt1 (10.0.0.83) connect to service netlogon initially as user andy.lawton (uid=1000, gid=400) (pid 2837)
[2010/03/15 09:15:38, 1] smbd/service.c:1240(close_cnum)
lt1 (10.0.0.83) closed connection to service netlogon
Any ideas Samba experts? -
Accepted Answer
I think I have a possible solution to this problem - I have logged in and out a few times with no issues, so so far, so good.
There are two ways to make the change to Windows 7:
- Open your security policy manager (start/run secpol.msc)
- Select Local Policies -> Security Options
- Navigate to the policy "Network Security: LAN Manager authentication level" and open it
- Change the default policy to "Send LM & NTLM - use NTLMv2 session security if negotiated"
or change the following registry setting :
(you can put this in a reg file)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
As default, win7 uses NTLMv2. WindowsXP uses LM & NTLM. It's a bit less secure apparently, but I'm not worried about that.
I'll keep an eye on it, but so far so good. -
Accepted Answer
Glad you found the solution! I recall that cropping up elsewhere for Windows 2008... that ought to be added to the Primary Domain Controller how to
I've also amended my Windows7DomainFix.reg to include the above
-
Accepted Answer
Tim Burgess wrote:
Glad you found the solution! I recall that cropping up elsewhere for Windows 2008... that ought to be added to the Primary Domain Controller how to
I've also amended my Windows7DomainFix.reg to include the above
Tim,
Please do NOT include that registry change for Windows 7. The fact that the client can connect (user can login) after many reties means that NTLM2 is NOT the problem, if it was the problem the login would fail every time. This comment is added to avoid spreading folk-lore that is plainly wrong.
Please check the original poster's log fragment - it contains a warning that the transport endpoint was disconnected. This means that Samba tried to respond to the client, but the client dropped the network connection.
The most common causes of the client dropping the connection is a network transport layer problem. Usually this is caused by something as simple as a bad NIC, a bad switch, or (in the case of a Realtek NIC) occassionally use of the incorrect NIC driver. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »