[Samba] Samba 3.0.3 breaks domain somehow.

Gerald (Jerry) Carter jerry at samba.org
Fri May 7 23:58:54 GMT 2004

Hash: SHA1

On Fri, 7 May 2004, Tom Hibbert wrote:

> I have a similar problem, except I get the error NT_STATUS_UNSUCCESSFUL
> checking the trust account password. Again downgrading to 3.0.2a worked
> fine. Looks like bit rot has creeped into the code between .2a and .3.

I'm been able to reproduce Tom Dickson's original report.  It turns
out to be a very subtle misconfiguration.  Took be a couple of hours 
looking at logs and trying things to be able to reproduce it.

The first problem was that the client krb5 setup could not
find a KDC for the realm to which the Samba box was joined.

The second problem was a set-auth-user in the form of REA.LM\user
instead of DOMAIN\user.  This broke the new use of schannel connnections
in winbindd (which was introduced to work around a bug in Windows 2003).
You really don't need --set-auth-user beginning with Samba 3.0.3.


(a) fix your krb5 setup on the client (if applicable)
(b) remove the --set-auth-user in secrets.tdb

I've verified the various configurations under Samba 3.0.2a, 3.0.3
and the upcoming 3.0.4.

cheers, jerry
- ----------------------------------------------------------------------
Hewlett-Packard            ------------------------- http://www.hp.com
SAMBA Team                 ---------------------- http://www.samba.org
GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." ----------- Sting 

Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/


More information about the samba mailing list