Problems with Exchange schema extensions

Matthieu Patou mat at matws.net
Fri Feb 15 02:10:17 MST 2013


On 02/06/2013 08:56 AM, Samuel Cabrero Alamán wrote:
> Hello,
>
> as part of an R&D project we have been trying to deploy samba4 in a
> relatively complex AD domain with trust relationships and Exchange
> schema extensions.
>
> Samba joins without problems to the domain, and as expected trust
> relationships were not working. The users from the external domain could
> not be authenticated. As a workaround, we tried to remove from DNS the
> kerberos SRV records and after that all users from trusted domain could
> login.
>
> The problem is that after some time, samba goes to 100% CPU and some RPC
> related errors began to appear while adding groups to a user account saying:
>
> * The RPC server is unavailable.
>     Facility: Win32
>     ID no: c000706ba
>     Microsoft Active Directory - Exchange Extension
>
> * The program cannot open the required dialog box because it cannot
> determine whether the computer named "vm-dc-4.<domain>" is joined to domain.
>
> I have attached a level 10 log. Any clues where the problem could be?
Samba is not yet ready to be used an exchange server it seems that there 
is a couple of ldap controls / construction that are required by 
exchange that we don't support and cause exchange to kind of DDOS the DC 
....
You'll get a better view by doing tcpdump capture and exporting the 
domain keytab to be able to decrypt the capture.

Don't hesitate to report on the bugzilla things that are not working and 
if possible please share your capture and encryption key if data are not 
sensitive.

Matthieu.


More information about the samba-technical mailing list