[Samba] Samba 3.0.6 Problems w/AD and Kerberos

Tom Ryan tomryan at camlaw.rutgers.edu
Fri Sep 10 20:09:49 GMT 2004


Christian,

another reason I think this is also kerberos related is that I am also
having problems with ssh on my (admittedly) odd round robin dns setup..

I used to be able to ssh to the common hostname and get access to either
box, now I get an unknown kerberos error and have to login to either host
by name.

couple that with my samba issues and how it works with FQDN, and I was
inclined to think it was kerberos..

but hey.. I admit it.. you guys know better than I do :)

Tom

On Tue, 7 Sep 2004, Christian Merrill wrote:

> Tom Ryan wrote:
>
> >I submitted a ticket (bugzilla) to redhat on this..
> >
> >with the 3.0.6 update from them, coupled with their recent kerberos
> >updates, it fails unless you use the FQDN..
> >
> >its completely reproducable (at least on my end). I moved to security =
> >domain and have it at least "working" again..
> >
> >Tom
> >
> >On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote:
> >
> >
> >
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>
> >>Christian Merrill wrote:
> >>
> >>| Well from my end (Redhat) the behavior is indicative of
> >>| a known issue with the MIT kerberos 1.2.x packages
> >>| that we currently support and Win2k3 DC's...however Win2k
> >>| DC's have been operating fine as far as I know.  What I
> >>| am seeing are customers who were previously running
> >>| upgrade to the 3.0.6 samba package and then start to
> >>| encounter these errors.  If they downgrade the samba
> >>| package the problem goes away.   I've also noticed a few
> >>| other posts from users on other distros such as
> >>| Debian encountering very similar behavior.
> >>
> >>| On the surface it really looks like a kerberos problem,
> >>| but people are reporting that it seems to be directly
> >>| linked to the samba package.  My current test environment
> >>| is on 2k3 so I'm still in the process of setting up a
> >>| 2k AD environment to do testing on...at this point just
> >>| relaying feedback that I am getting from others.
> >>
> >>I spent some time on this today without any luck
> >>reproducing the problem.  My test server was SuSE 9.1 pro
> >>however with heimdal 0.6.1rc3.
> >>
> >>I've updated the comments in
> >>
> >>	https://bugzilla.samba.org/show_bug.cgi?id=1717
> >>
> >>And I checked the ticket cache produced by
> >>smbclient //server/share -k from 3.0.5 and 3.0.6.  Same
> >>host principal is used (server$@REALM).
> >>
> >>So far, I've not learned of any common thread from the people
> >>who posted on this.  I'm open to suggestions.  (off to
> >>review abartlet's mail to samba-technical about this).
> >>
> >>
> >>cheers, jerry
> >>- ---------------------------------------------------------------------
> >>Alleviating the pain of Windows(tm)      ------- http://www.samba.org
> >>GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
> >>"If we're adding to the noise, turn off this song"--Switchfoot (2003)
> >>-----BEGIN PGP SIGNATURE-----
> >>Version: GnuPG v1.2.4 (GNU/Linux)
> >>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >>
> >>iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi
> >>atDsjikhg3nr7PyaWuVXaLY=
> >>=odE/
> >>-----END PGP SIGNATURE-----
> >>--
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions:  http://lists.samba.org/mailman/listinfo/samba
> >>
> >>
> >>
> >
> >_______________________________________________________________________
> >Tom Ryan                                            Voice: 856-225-6361
> >Consulting System Administrator                       Fax: 856-969-7900
> >Rutgers School of Law - Camden               IT Help Desk: 856-225-2343
> >
> >
> Tom we have had multiple reports of this and I imagine your ticket is
> probably one of many in my queue right now.  We are working on it
> internally as well but so far have not made any real progress narrowing
> down the problem.  It *appears* that this is actually unrelated to our
> kerberos update.  As I mentioned previously this looks like the problems
> we have been seeing in win2k3 environments -- almost as if something
> helped spread this issue to win2k as well.
>
> Christian
>

_______________________________________________________________________
Tom Ryan                                            Voice: 856-225-6361
Consulting System Administrator                       Fax: 856-969-7900
Rutgers School of Law - Camden               IT Help Desk: 856-225-2343


More information about the samba mailing list