[Samba] Samba 3.0.3 breaks domain somehow.
Gerald (Jerry) Carter
jerry at samba.org
Fri May 7 23:58:54 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 7 May 2004, Tom Hibbert wrote:
> I have a similar problem, except I get the error NT_STATUS_UNSUCCESSFUL
> checking the trust account password. Again downgrading to 3.0.2a worked
> fine. Looks like bit rot has creeped into the code between .2a and .3.
I'm been able to reproduce Tom Dickson's original report. It turns
out to be a very subtle misconfiguration. Took be a couple of hours
looking at logs and trying things to be able to reproduce it.
The first problem was that the client krb5 setup could not
find a KDC for the realm to which the Samba box was joined.
The second problem was a set-auth-user in the form of REA.LM\user
instead of DOMAIN\user. This broke the new use of schannel connnections
in winbindd (which was introduced to work around a bug in Windows 2003).
You really don't need --set-auth-user beginning with Samba 3.0.3.
So
(a) fix your krb5 setup on the client (if applicable)
(b) remove the --set-auth-user in secrets.tdb
I've verified the various configurations under Samba 3.0.2a, 3.0.3
and the upcoming 3.0.4.
cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQFAnCK+IR7qMdg1EfYRAtxJAKCCfG3rBaXUWYKAHenPSYgszotWQgCgiN6Q
tM2zuyuFVl6GIzAOwe9qOu0=
=ZTDx
-----END PGP SIGNATURE-----
More information about the samba
mailing list