Prev: [Samba] Windows 2008 pdc troubles
Next: [Samba] Passthrough Authentication, DC Authentication and Signing
From: Preller, Markus on 1 Apr 2010 10:30 Hi Richard, sounds familiar to me - we had the same trouble when changing our AD backend from w2k3 to w2k8R2 servers. I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2..4.21 completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1..6.3 has some issues with upper/lowercase SPNs so I used 1.7.1. Which platform do you have ? best regards Markus -----Ursprüngliche Nachricht----- Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] Im Auftrag von Richard Smits Gesendet: Donnerstag, 1. April 2010 15:25 An: samba(a)lists.samba.org Betreff: [Samba] Windows 2008 pdc troubles We are in the process of upgading our windows 2003 pdc's to windows 2008Rr2. No problem there, but our samba/winbind clients are beginning to show some strange behaviour. In the beginning we saw a lot of messages appear in the logfiles. Example : -------------- pr 1 14:07:36 srvxxx winbindd[5148]: rpc_api_pipe: Remote machine pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED -------------- The clients who were connected to our 2003 pdc did not have this problem. Now we are getting reports that some mounts are failing, and joining a machine to the domain is also failing with a kerberos error. (ticket not valid ?) Some more messages : ---- winbindd.log : [2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229) Could not receive trustdoms ---- [2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to machine pdc.company.net. Error was SUCCESS - 0 We are using samba version samba-3.0.28-1.el5_2.1 on rhel5. What can we do to troubleshoot or solve this problem ? Greetings ... Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Richard Smits on 1 Apr 2010 11:00
He Markus, We have this problem on multiple environments. One of my servers is a Redhat v5 , samba version samba-3.0.28-1.el5_2.1. But our clients are openSuSe 10.3 and SuSE Enterprise Desktop 11. Their samba versions are : Version 3.0.26a-3.7-1787-SUSE-SL10.3 Version 3.2.7-11.9.1-2306-SUSE-CODE11 The 11 clients are also having some issues, but works better then 10.3. We are hoping a Microsoft patch wil solve some stuff next week that enables DES encryption. See : http://support.microsoft.com/?kbid=978055 But i was hoping also for another way to solve this if the hotfix doesn't work correctly. Greetings .. Richard Preller, Markus wrote: > Hi Richard, > > sounds familiar to me - we had the same trouble when changing our AD backend > from w2k3 to w2k8R2 servers. > > I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2.4.21 > completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1.6.3 > has some issues with upper/lowercase SPNs so I used 1.7.1. > > Which platform do you have ? > > best regards > Markus > > -----Ursprüngliche Nachricht----- > Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] Im Auftrag von Richard Smits > Gesendet: Donnerstag, 1. April 2010 15:25 > An: samba(a)lists.samba.org > Betreff: [Samba] Windows 2008 pdc troubles > > We are in the process of upgading our windows 2003 pdc's to windows > 2008Rr2. No problem there, but our samba/winbind clients are beginning > to show some strange behaviour. > > In the beginning we saw a lot of messages appear in the logfiles. > > Example : > -------------- > pr 1 14:07:36 srvxxx winbindd[5148]: rpc_api_pipe: Remote machine > pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error > was NT_STATUS_PIPE_DISCONNECTED > -------------- > > The clients who were connected to our 2003 pdc did not have this problem. > Now we are getting reports that some mounts are failing, and joining a > machine to the domain is also failing with a kerberos error. (ticket not > valid ?) > > Some more messages : > > ---- > winbindd.log : > [2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229) > Could not receive trustdoms > ---- > > [2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386) > cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to > machine pdc.company.net. Error was SUCCESS - 0 > > We are using samba version samba-3.0.28-1.el5_2.1 on rhel5. > > What can we do to troubleshoot or solve this problem ? > > Greetings ... Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |