[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable

Robert M. Martel - CSU r.martel at csuohio.edu
Mon Oct 22 09:48:31 MDT 2012 

Greetings,

something to add.

Had one of the Solaris 9 machines just stop working.  I stopped samba 
and restarted it, found the following in smblog.smbd

[2012/10/22 11:37:00.299787,  0] libads/sasl.c:823(ads_sasl_spnego_bind)
   kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials

I removed the machine from Active Directory and immediately re-added it 
- I did NOT run kinit to get new credentials.  started Samba and the 
machine works fine...for now.


On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote:
> Greetings,
>
> I have an elderly installation of Samba 3.5.8 running on 10 Sparc
> servers (and 3.5.12 on Solaris 9 servers with the same issue)  set up as
> Active Directory member servers.  Since we've laid-off everyone else
> around here I have not had the opportunity to update the Samba
> installation - and have not needed to as it has been very solid.
>
> Suddenly last Friday the Samba servers started having authentication
> problems for the active directory users.  Users were unable to map
> drives, looking at files on the server I was seeing UID numbers rather
> that the user's login ID for the files.  Stopping and restarting Samba
> did not help.
>
> I took the machines out of Active Directory, and then re-added them -
> which they did without a problem.  After restarting Samba all was well,
> for awhile.
>
> This morning some folks that had left themselves looked in over the
> weekend were okay, but others could not map their drives.  interactive
> logins for AD users did not work.  I again left and rejoined the AD
> domain and all was well for a bit, then I had to repeat the cycle.
>
> I do not maintain or have access to the Active Directory servers or
> configuration.  The central IT people claim that they have not made any
> changes to the AD servers...but they don't always tell me the whole truth.
>
> I am building Samba 3.5.18 right now in the hope that it will make a
> difference.
>
> I've never had a problem like this since first "playing" with Samba and
> Active directory more than 5 years ago - and certainly no issue like
> this since putting it into production.

-- 
***********************************************************************
Robert M. Martel                 I met someone who looks a lot like you
System Administrator             She does the things you do
Levin College of Urban Affairs   But she is an IBM
Cleveland State University                           -Jeff Lynne
(216) 687-2214
r.martel at csuohio.edu
***********************************************************************

More information about the samba mailing list