Problems with Exchange schema extensions
mat at matws.net
Fri Feb 15 02:10:17 MST 2013
On 02/06/2013 08:56 AM, Samuel Cabrero Alamán wrote:
> as part of an R&D project we have been trying to deploy samba4 in a
> relatively complex AD domain with trust relationships and Exchange
> schema extensions.
> Samba joins without problems to the domain, and as expected trust
> relationships were not working. The users from the external domain could
> not be authenticated. As a workaround, we tried to remove from DNS the
> kerberos SRV records and after that all users from trusted domain could
> The problem is that after some time, samba goes to 100% CPU and some RPC
> related errors began to appear while adding groups to a user account saying:
> * The RPC server is unavailable.
> Facility: Win32
> ID no: c000706ba
> Microsoft Active Directory - Exchange Extension
> * The program cannot open the required dialog box because it cannot
> determine whether the computer named "vm-dc-4.<domain>" is joined to domain.
> I have attached a level 10 log. Any clues where the problem could be?
Samba is not yet ready to be used an exchange server it seems that there
is a couple of ldap controls / construction that are required by
exchange that we don't support and cause exchange to kind of DDOS the DC
You'll get a better view by doing tcpdump capture and exporting the
domain keytab to be able to decrypt the capture.
Don't hesitate to report on the bugzilla things that are not working and
if possible please share your capture and encryption key if data are not
More information about the samba-technical