[Samba] KRB KDC problem

Trimble, Ronald D Ronald.Trimble at unisys.com
Wed Feb 6 15:55:53 GMT 2008 

Can someone help me figure out what is going on here?  For quite some time now, our implementation of Samba has been humming along without problems.  Now all of a sudden I am unable to get valid sequence numbers for one of our domains.  Here are the details...

>From /var/log/samba/log.wb-EU

[2008/02/06 10:41:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for usea-eudc2$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested realm)
[2008/02/06 10:41:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(602)
  ads_krb5_mk_req: krb5_get_credentials failed for usea-eudc2$@EU.UIS.UNISYS.COM (Cannot contact any KDC for requested realm)
[2008/02/06 10:41:41, 1] nsswitch/winbindd_ads.c:ads_cached_connection(128)
  ads_connect for domain EU failed: Cannot contact any KDC for requested realm
[2008/02/06 10:41:41, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(494)
  refresh_sequence_number: failed with NT_STATUS_UNSUCCESSFUL
[2008/02/06 10:41:41, 10] nsswitch/winbindd_cache.c:store_cache_seqnum(438)
  store_cache_seqnum: success [EU][4294967295 @ 1202312501]
[2008/02/06 10:41:41, 10] nsswitch/winbindd_cache.c:refresh_sequence_number(506)
  refresh_sequence_number: EU seq number is now -1
[2008/02/06 10:41:41, 10] nsswitch/winbindd_cache.c:cache_store_response(2268)
  Storing response for pid 29455, len 3240


>From /etc/hosts

192.61.58.35    USEA-EUDC2      USEA-EUDC2.eu.uis.unisys.com


>From /etc/krb5.conf

[libdefaults]
        default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
        default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
        preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
        default_realm = NA.UIS.UNISYS.COM
        dns_lookup_kdc = true

[realms]
        NA.UIS.UNISYS.COM = {
        kdc = 192.63.225.68:88
        admin_server = 192.63.225.68:749
        }

        EU.UIS.UNISYS.COM = {
        kdc = 192.61.58.35:88
        admin_server =192.61.58.35:749
        }

        AP.UIS.UNISYS.COM = {
        kdc = 192.61.58.61:88
        admin_server = 192.61.58.61:749
        }

        LAC.UIS.UNISYS.COM = {
        kdc = 192.61.146.131:88
        admin_server = 192.61.146.131:749
        }

[domain_realm]
        .na.uis.unisys.com = NA.UIS.UNISYS.COM
        na.uis.unisys.com = NA.UIS.UNISYS.COM
        .eu.uis.unisys.com = EU.UIS.UNISYS.COM
        eu.uis.unisys.com = EU.UIS.UNISYS.COM
        .ap.uis.unisys.com = AP.UIS.UNISYS.COM
        ap.uis.unisys.com = AP.UIS.UNISYS.COM
        .lac.uis.unisys.com = LAC.UIS.UNISYS.COM
        lac.uis.unisys.com = LAC.UIS.UNISYS.COM


Here is a sample of running the sequence wbinfo command...

LINUX-1:/etc/samba # wbinfo --sequence
LAC : 2115985
EU : DISCONNECTED
AP : DISCONNECTED
UIS : 74810628
BUILTIN : 1202313222
USTR-LINUX-1 : 1202313222
NA : 271239463


Any help would be much appreciated.  Thanks!

More information about the samba mailing list