[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable

Robert M. Martel - CSU r.martel at csuohio.edu
Mon Oct 22 12:51:20 MDT 2012 

Greetings,

More responding to my own thread - but no solution in sight.

Still having the problem with Samba 3.5.18.  New and different error 
message from net ads testjoin:

#webdevel#  net ads testjoin
[2012/10/22 14:23:07.317109,  0] libads/kerberos.c:333(ads_kinit_password)
   kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients 
credentials have been revoked
[2012/10/22 14:23:07.353280,  0] libads/kerberos.c:333(ads_kinit_password)
   kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients 
credentials have been revoked
Join to domain is not valid: Access denied


The Active Directory admins are still saying that they have not changed 
anything on their side.



On 10/22/2012 11:48 AM, Robert M. Martel - CSU wrote:
> Greetings,
>
> something to add.
>
> Had one of the Solaris 9 machines just stop working.  I stopped samba
> and restarted it, found the following in smblog.smbd
>
> [2012/10/22 11:37:00.299787,  0] libads/sasl.c:823(ads_sasl_spnego_bind)
>    kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid
> credentials
>
> I removed the machine from Active Directory and immediately re-added it
> - I did NOT run kinit to get new credentials.  started Samba and the
> machine works fine...for now.
>
>
> On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote:
>> Greetings,
>>
>> I have an elderly installation of Samba 3.5.8 running on 10 Sparc
>> servers (and 3.5.12 on Solaris 9 servers with the same issue)  set up as
>> Active Directory member servers.  Since we've laid-off everyone else
>> around here I have not had the opportunity to update the Samba
>> installation - and have not needed to as it has been very solid.
>>
>> Suddenly last Friday the Samba servers started having authentication
>> problems for the active directory users.  Users were unable to map
>> drives, looking at files on the server I was seeing UID numbers rather
>> that the user's login ID for the files.  Stopping and restarting Samba
>> did not help.
>>
>> I took the machines out of Active Directory, and then re-added them -
>> which they did without a problem.  After restarting Samba all was well,
>> for awhile.
>>
>> This morning some folks that had left themselves looked in over the
>> weekend were okay, but others could not map their drives.  interactive
>> logins for AD users did not work.  I again left and rejoined the AD
>> domain and all was well for a bit, then I had to repeat the cycle.
>>
>> I do not maintain or have access to the Active Directory servers or
>> configuration.  The central IT people claim that they have not made any
>> changes to the AD servers...but they don't always tell me the whole
>> truth.
>>
>> I am building Samba 3.5.18 right now in the hope that it will make a
>> difference.
>>
>> I've never had a problem like this since first "playing" with Samba and
>> Active directory more than 5 years ago - and certainly no issue like
>> this since putting it into production.
>

-- 
***********************************************************************
Robert M. Martel                 I met someone who looks a lot like you
System Administrator             She does the things you do
Levin College of Urban Affairs   But she is an IBM
Cleveland State University                           -Jeff Lynne
(216) 687-2214
r.martel at csuohio.edu
***********************************************************************

More information about the samba mailing list