Kerberos: Principal may not act as server ERROR

Aggarwal, Ajay Ajay.Aggarwal at stratus.com
Mon Aug 2 08:29:13 MDT 2010 

Sorry if it's a duplicate. I posted this on the "samba" general mailing
list but got no response. So I thought let me try here in this forum.

 

We are running samba4 (alpha12) on a centos 5.4  machine and are
experimenting with Hyper-V 2008 R2 Failover Clustering, which requires
Active Directory. We are trying to see if samba-4 will work as the AD
server. We  are building a 2 node failover cluster. Both nodes seem to
have joined the domain successfully (with samba-4 as the DC). But
subsequent steps of creating the "Failover Cluster" are failing and we
see following errors in samba log. 

 

Do these error logs indicate a mis-configuration on our part or
interoperability issues of samba-4 with Hyper-V 2008 R2 and failover
clustering? Any help will be much appreciated. 

 

------- Errors at the time we try to create 1008 R2 failover clusrter
------

Kerberos: TGS-REQ administrator at SAMBALIME.STRATUS.COM from
ipv4:10.90.0.87:49614 for Administrator at SAMBALIME.STRATUS.COM
[canonicalize, renewable, forwardable]

Kerberos: Principal may not act as server --
Administrator at SAMBALIME.STRATUS.COM

Kerberos: Failed building TGS-REP to ipv4:10.90.0.87:49614

Terminating connection - 'kdc_tcp_call_loop:tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'

single_terminate: reason[kdc_tcp_call_loop:
tstream_read_pdu_blob_recv()- NT_STATUS_CONNECTION_DISCONNECTED]

 

 

 

------ Other significant errors that we see periodically ----- 

Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)

added interface ip=10.90.0.71 nmask=255.255.255.0 

ldb_wrap open of sam.ldb 

Failed to modify SPNs on
CN=NODE1-LIME,CN=Computers,DC=sambalime,DC=stratus,DC=com: error in
module acl: insufficient access rights (50)

ipv4:10.90.0.88:49232 closed connection to service IPC$

 

 

Kerberos: AS-REQ
host/node0-lime.sambalime.stratus.com at SAMBALIME.STRATUS.COM from
ipv4:10.90.0.87:50798 for
krbtgt/SAMBALIME.STRATUS.COM at SAMBALIME.STRATUS.COM

Kerberos: UNKNOWN --
host/node0-lime.sambalime.stratus.com at SAMBALIME.STRATUS.COM: no such
entry found in hdb

Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'

single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]

Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'

single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'

single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]

 

 

Thanks,

 

-Ajay

More information about the samba-technical mailing list