[Samba] Samba 3.0.6 Problems w/AD and Kerberos

Christian Merrill cmerrill at redhat.com
Fri Sep 10 20:02:16 GMT 2004 

Tom Ryan wrote:

>I submitted a ticket (bugzilla) to redhat on this..
>
>with the 3.0.6 update from them, coupled with their recent kerberos
>updates, it fails unless you use the FQDN..
>
>its completely reproducable (at least on my end). I moved to security =
>domain and have it at least "working" again..
>
>Tom
>
>On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote:
>
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Christian Merrill wrote:
>>
>>| Well from my end (Redhat) the behavior is indicative of
>>| a known issue with the MIT kerberos 1.2.x packages
>>| that we currently support and Win2k3 DC's...however Win2k
>>| DC's have been operating fine as far as I know.  What I
>>| am seeing are customers who were previously running
>>| upgrade to the 3.0.6 samba package and then start to
>>| encounter these errors.  If they downgrade the samba
>>| package the problem goes away.   I've also noticed a few
>>| other posts from users on other distros such as
>>| Debian encountering very similar behavior.
>>
>>| On the surface it really looks like a kerberos problem,
>>| but people are reporting that it seems to be directly
>>| linked to the samba package.  My current test environment
>>| is on 2k3 so I'm still in the process of setting up a
>>| 2k AD environment to do testing on...at this point just
>>| relaying feedback that I am getting from others.
>>
>>I spent some time on this today without any luck
>>reproducing the problem.  My test server was SuSE 9.1 pro
>>however with heimdal 0.6.1rc3.
>>
>>I've updated the comments in
>>
>>	https://bugzilla.samba.org/show_bug.cgi?id=1717
>>
>>And I checked the ticket cache produced by
>>smbclient //server/share -k from 3.0.5 and 3.0.6.  Same
>>host principal is used (server$@REALM).
>>
>>So far, I've not learned of any common thread from the people
>>who posted on this.  I'm open to suggestions.  (off to
>>review abartlet's mail to samba-technical about this).
>>
>>
>>cheers, jerry
>>- ---------------------------------------------------------------------
>>Alleviating the pain of Windows(tm)      ------- http://www.samba.org
>>GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
>>"If we're adding to the noise, turn off this song"--Switchfoot (2003)
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.2.4 (GNU/Linux)
>>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>>iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi
>>atDsjikhg3nr7PyaWuVXaLY=
>>=odE/
>>-----END PGP SIGNATURE-----
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>>    
>>
>
>_______________________________________________________________________
>Tom Ryan                                            Voice: 856-225-6361
>Consulting System Administrator                       Fax: 856-969-7900
>Rutgers School of Law - Camden               IT Help Desk: 856-225-2343
>  
>
Tom we have had multiple reports of this and I imagine your ticket is 
probably one of many in my queue right now.  We are working on it 
internally as well but so far have not made any real progress narrowing 
down the problem.  It *appears* that this is actually unrelated to our 
kerberos update.  As I mentioned previously this looks like the problems 
we have been seeing in win2k3 environments -- almost as if something 
helped spread this issue to win2k as well.

Christian

More information about the samba mailing list