Samba 4--Somethings decidedly broken
in [Samba]
|
From: Andrew Bartlett on 12 Jun 2010 06:40 On Fri, 2010-06-11 at 15:33 -0700, tms3(a)tms3.com wrote: > Hmmm...not quite sure where to go to fix this up. > > Samba 4 PDC, 1 W2K3R2, 1 W2K8R2 additional DC's. samba.log > perpetually spewing: > > [Fri Jun 11 14:47:42 2010 PDT, 0 > librpc/rpc/dcerpc_util.c:619:dcerpc_pipe_auth_recv()] > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - > NT_STATUS_INVALID_PARAMETER > [Fri Jun 11 14:47:42 2010 PDT, 0 > dsdb/repl/drepl_notify.c:189:dreplsrv_notify_op_callback()] > dreplsrv_notify: Failed to send DsReplicaSync to > 58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for > CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER > [Fri Jun 11 14:47:42 2010 PDT, 0 > librpc/rpc/dcerpc_util.c:619:dcerpc_pipe_auth_recv()] > Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - > NT_STATUS_INVALID_PARAMETER > [Fri Jun 11 14:47:42 2010 PDT, 0 > dsdb/repl/drepl_notify.c:189:dreplsrv_notify_op_callback()] > dreplsrv_notify: Failed to send DsReplicaSync to > af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for > CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER > > As well on the W2K8 > > repadmin /replicate <w2k8> <samba4> > > completes > > repadmin /replicate <samba4> <w2k8> gives > > DsReplicaSync() failed with status 8453 (0x2105): > > Replication access was denied. Perhaps check to see if anything is stopping Kerberos working between these hosts? The auth code for Kerberos will trigger NT_STATUS_INVALID_PARAMETER (yeah, it is probably not the best choice of error code) if Kerberos won't work. Perhaps turn up the debug level and see if there are more clues? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc.
From: tms3 on 12 Jun 2010 09:20 > > SNIP >> >> Hmmm...not quite sure where to go to fix this up. >> >> Samba 4 PDC, 1 W2K3R2, 1 W2K8R2 additional DC's. samba.log >> perpetually spewing: >> >> [Fri Jun 11 14:47:42 2010 PDT, 0 >> librpc/rpc/dcerpc_util.c:619:dcerpc_pipe_auth_recv()] >> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - >> NT_STATUS_INVALID_PARAMETER >> [Fri Jun 11 14:47:42 2010 PDT, 0 SNIP >> >> > Perhaps check to see if anything is stopping Kerberos working between > these hosts? The auth code for Kerberos will trigger > NT_STATUS_INVALID_PARAMETER (yeah, it is probably not the best choice > of > error code) if Kerberos won't work. > > Perhaps turn up the debug level and see if there are more clues? Yeah something odd kerberos wise: Sat Jun 12 06:10:54 2010 PDT, 2 lib/socket/interface.c:96:add_interface()] added interface ip=192.168.64.3 nmask=255.255.255.0 [Sat Jun 12 06:10:54 2010 PDT, 5 auth/gensec/gensec.c:636:gensec_start_mech()] Starting GENSEC mechanism gssapi_krb5 [Sat Jun 12 06:10:54 2010 PDT, 2 auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()] Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED [Sat Jun 12 06:10:54 2010 PDT, 2 auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()] Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED [Sat Jun 12 06:10:54 2010 PDT, 2 auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()] Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED [Sat Jun 12 06:10:54 2010 PDT, 1 auth/credentials/../kerberos/kerberos_util.c:236:kinit_to_ccache()] [Sat Jun 12 06:10:54 2010 PDT, 1 auth/credentials/../kerberos/kerberos_util.c:236:kinit_to_ccache()] kinit for T3$@TMS3.COM failed (Cannot contact any KDC for requested realm: unable to reach any KDC in realm TMS3.COM) [Sat Jun 12 06:10:54 2010 PDT, 1 auth/credentials/credentials_krb5.c:371:cli_credentials_get_client_gss_creds()] Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for requested realm [Sat Jun 12 06:10:54 2010 PDT, 3 auth/gensec/gensec_gssapi.c:378:gensec_gssapi_client_start()] Cannot reach a KDC we require to contact ldap(a)58BFC826-CD9F-445D-B6E5-AB7314BA0671._MSDCS.TMS3.COM Why, dunno. 2 FreeBSD boxes both pulling kerberos from DNS kinit and klist no problem... Looking... > > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Cisco Inc. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] How to use TCP IP print port in samba Next: dns.keytab |