[Samba] PDC: realm changed: authentication aborted
Sebastian Neustein
sebastian.neustein at arc-aachen.de
Thu Oct 11 07:00:42 MDT 2012
Hi list,
We have a network with some XP and some Windows 7 computer, we use samba 3.6.6
on debian 6.0.6 from debian-backports. It's a pdc with passdb backend = ldapsam.
In our logs there are lots of:
ARCServer slapd[1263]: SASL [conn=46778] Failure: realm changed: authentication
aborted
I found out that at that time this emerges the tcpdump says:
12:59:54.656399 IP client.49551 > 192.168.43.202.ldap: Flags [S], seq
3802010171, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
12:59:54.656444 IP 192.168.43.202.ldap > client.49551: Flags [S.], seq
3999710145, ack 3802010172, win 5840, options [mss
1460,nop,nop,sackOK,nop,wscale 6], length 0
12:59:54.656831 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 1, win
256, length 0
12:59:54.665734 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 1:351,
ack 1, win 256, length 350
12:59:54.665756 IP 192.168.43.202.ldap > client.49551: Flags [.], ack 351, win
108, length 0
12:59:54.677914 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 1:377,
ack 351, win 108, length 376
12:59:54.678040 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 377:391,
ack 351, win 108, length 14
12:59:54.678316 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 391, win
255, length 0
12:59:54.678707 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 351:391,
ack 391, win 255, length 40
12:59:54.679001 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 391:672,
ack 391, win 108, length 281
12:59:54.679619 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 391:678,
ack 672, win 254, length 287
12:59:54.679858 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 672:758,
ack 678, win 125, length 86
12:59:54.680464 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 678:689,
ack 758, win 253, length 11
12:59:54.680480 IP client.49551 > 192.168.43.202.ldap: Flags [F.], seq 689, ack
758, win 253, length 0
12:59:54.680710 IP 192.168.43.202.ldap > client.49551: Flags [F.], seq 758, ack
690, win 125, length 0
12:59:54.680987 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 759, win
253, length 0
This happens every 15 minutes per Win7 machine
on the client wireshark says:
//client->server
0„ X c„ O
x ‡ objectclass0„ + subschemaSubentry
dsServiceName namingContexts defaultNamingContext schemaNamingContext
configurationNamingContext rootDomainNamingContext supportedControl
supportedLDAPVersion supportedLDAPPolicies supportedSASLMechanisms
dnsHostName ldapServiceName
serverName supportedCapabilities
//server ->client
0‚ t d‚ m 0‚ g0' namingContexts1 dc=arc-aachen,dc=de0À
supportedControl1« 2.16.840.1.113730.3.4.18 2.16.840.1.113730.3.4.2
1.3.6.1.4.1.4203.1.10.1 1.2.840.113556.1.4.319 1.2.826.0.1.3344810.2.3
1.3.6.1.1.13.2 1.3.6.1.1.13.1 1.3.6.1.1.120 supportedLDAPVersion1 307
supportedSASLMechanisms1 CRAM-MD5
DIGEST-MD5 NTLM0# subschemaSubentry1 cn=Subschema0 e
//client->server
0„ " `„ £„
DIGEST-MD5
//server->client
0‚ a‚
@SASL(0): successful result: security flags do not match
required‡Änonce="cryptic1",realm="ARCServer.arc-aachen.de",qop="auth,auth-int,
auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,
algorithm=md5-sess
//client->server
0„ `„ £„
DIGEST-MD5 ‚
õusername="client$",realm="arcd",nonce="cryptic1",digest-uri="ldap/ARCSERVER",
cnonce="cryptic2",nc=00000001,response=cryptic3,qop=auth-conf,cipher=3des,
charset=utf-8
//server->client
0T aO
1 HSASL(-13): authentication failure: realm changed: authentication aborted
//client->server
0„ B
I understand that the win7 machine tries to ask the server something concernig
the network, but the problem is, that the server expects a reply from
client.arc-aachen.de but gets a reply from client.arcd. But why?
extracts from smb.conf:
[global]
workgroup = ARCD
netbios name = ARCServer
# domain settings
domain master = yes
domain logons = yes
os level = 100
preferred master = yes
wins support = no
passdb backend = ldapsam
ldap suffix = dc=arc-aachen,dc=de
ldap admin dn = cn=samba,dc=arc-aachen,dc=de
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=idmaps
[...]
I know this is a slapd problem if this server wouldn't be our samba file server
this problem would not emerge.
Does anybody know what to do?
Thanks for your help
Sebastian
More information about the samba
mailing list