[Samba] named pipe, dcom and samba4
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Thu May 2 07:15:20 MDT 2013
Hi again,
> after a classicupgrade from a samba3 domain to a samba4, I have a weird
> issue related to DCOM and named pipes.
>
> The switch to samba4 went fine and everything works perfectly except one
> old software that uses Windows named pipes and DCOM for client-server
> communication.
>
> When trying to access the DCOM server the software fails. The failure
> can be easily reproduced with a simple vbscript call.
>
> dim vl
> set vl = CreateObject("ManagerMax.clsmanager","magnus")
>
> this call gives me the following windows error code : 80070721
>
> There is a blog post
> (http://blogs.msdn.com/b/distributedservices/archive/2009/07/20/activation-of-a-com-component-fails-on-windows-server-2008-with-the-error-80070721.aspx)
> suggesting to create SPN for the DCOM services.
For those who might be interested, I added the SPN using the following
command line for all the username that had to access the DCOM service
(the DCOM service is launch on the server with the identity of the user
on the client machine), and then everything went back to normal :
setspn.exe -A Interface_Max.Cls_Interface/Magnus.mydomain.local
MYDOMAIN\myusername
However I am wondering why the authentication to the DCOM server on a
win2k3 AD appears to fall back to NTLM while the GSSAPI negociation
though a samba4 server goes the kerberos way by default...
Hope this post will help another poor adminsys that will face the same
DCOM horror story.
And by the way, samba4 really rocks! :-)
Cheers,
Denis
>
> However the software maker helpdesk tells me that they have never heard
> of service principals and says it should work out of the box.
>
> I asked them to provide me with a setspn -l listing of the principal of
> a working configuration, and indeed there is no SPN associated with the
> DCOM objects.
>
> So I guess the authentication probably goes through NTMLv2 in a MSAD
> environement but seems to require kerberos auth in a Samba4 setup.
>
> Is anyone gone through this kind of issue yet?
>
> Thanks,
>
> Denis
>
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list