samba4 kerberos process suddenly dies

Andreas Oster aoster at novanetwork.de
Fri Dec 16 04:47:12 MST 2011


 

Hello Andrew, 

I have started with an old Windows 2000 Server
(novaw2k04). I've downloaded
the evaluation copy of Win2008R2 from MS,
did a forest and domain prep and 
added a new 2008R2 DC (novaw2k05).
After that I did a dcpromo on the old 2000 
server and demoted it.
After
this I have raised the domain/forest level to 2008R2. Next I 
have
configured a new samba4 server (novadc01), changed my bind9 setup 
a
little and joined the new server as an additional DC to the existing
2008R2
domain. I've copied all sysvol stuff to the samba4 dc and after
setting the file/folder
rights demoted the windows 2008R2 server
(novaw2k05). This did not work like
expected and I had to remove it
manualy (do not remember what I did exactly,
but I think I used ADSIedit
to do it). After that I tested the new samba4 DC.
Everything seemd to
work, so I decided to add another samba4 DC (novadc02).

I do not use
kerberos stuff with bind9. I have changed nsupdate in smb.conf. 

kind
regards 

Andreas

Am 16.12.2011 12:31, schrieb Andrew Bartlett: 

> On
Fri, 2011-12-16 at 09:50 +1100, Andrew Bartlett wrote:
> 
>> On Thu,
2011-12-08 at 10:55 +0100, Andreas Oster wrote: 
>> 
>>> Hello Andrew,
did you get a response from the Heimdal team regarding our issue with
the Kerberos process suddenly failing ? Do you need any additional debug
logs ? Is there anybody out there with the same issue ?
>> What I really
need, from you or anyone else seeing the same issue is a network trace
at the time of the crash and a copy of the exported keytab for the
domain. That way, I can try and understand why we get down this
particular path. If this is a testing or non-production network (the
keytab goes to the heart of your network's security), it would be great
to have these. To provide me with the keytab, run 'samba-tool domain
exportkeytab'. For the network trace, see
https://wiki.samba.org/index.php/Capture_Packets [1]
> 
> One more
question: Do you have any non-Samba DCs in the domain. You
> mentioned
you migrated from Win2000 - how did you do that (it cannot
> have been
directly, as bugs currently prevent that). If you had a
> Windows 2008
DC in the domain it might explain a little of how we got
> here...
> 
>
Andrew Bartlett

 

Links:
------
[1]
https://wiki.samba.org/index.php/Capture_Packets


More information about the samba-technical mailing list