Problem: Users Can Not Logon to Samba Services (and errors in replication)

samba
ldap
samba-replication
problem

#1

Problem: Users can not logon to Samba services

Windows user can not connect to any share.

Environment

log.samba

log.samba shows entries like this:

[2018/11/21 09:03:02.466278,  1, pid=4015] ../source4/auth/gensec/gensec_gssapi.c:622(gensec_gssapi_update)
  GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see text): Decrypt integrity check failed
[2018/11/21 09:03:02.466357,  1, pid=4015] ../auth/gensec/spnego.c:545(gensec_spnego_parse_negTokenInit)
  SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE

univention-s4search

Executing univention-s4search fails, too:

Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, 
comment: AcceptSecurityContext error, data 52e, v1db1> <> Failed to connect to 'ldaps://ucs.multi.ucs' with backend 'ldaps': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, **data 52e** , v1db1> <> Failed to connect to ldaps://ucs.multi.ucs - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>

Solution

Reset the machine account password as documented in this article.


#2