[Samba] Samba 3.0.6 Problems w/AD and Kerberos
tomryan at camlaw.rutgers.edu
Fri Sep 10 20:09:49 GMT 2004
another reason I think this is also kerberos related is that I am also
having problems with ssh on my (admittedly) odd round robin dns setup..
I used to be able to ssh to the common hostname and get access to either
box, now I get an unknown kerberos error and have to login to either host
couple that with my samba issues and how it works with FQDN, and I was
inclined to think it was kerberos..
but hey.. I admit it.. you guys know better than I do :)
On Tue, 7 Sep 2004, Christian Merrill wrote:
> Tom Ryan wrote:
> >I submitted a ticket (bugzilla) to redhat on this..
> >with the 3.0.6 update from them, coupled with their recent kerberos
> >updates, it fails unless you use the FQDN..
> >its completely reproducable (at least on my end). I moved to security =
> >domain and have it at least "working" again..
> >On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote:
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>Christian Merrill wrote:
> >>| Well from my end (Redhat) the behavior is indicative of
> >>| a known issue with the MIT kerberos 1.2.x packages
> >>| that we currently support and Win2k3 DC's...however Win2k
> >>| DC's have been operating fine as far as I know. What I
> >>| am seeing are customers who were previously running
> >>| upgrade to the 3.0.6 samba package and then start to
> >>| encounter these errors. If they downgrade the samba
> >>| package the problem goes away. I've also noticed a few
> >>| other posts from users on other distros such as
> >>| Debian encountering very similar behavior.
> >>| On the surface it really looks like a kerberos problem,
> >>| but people are reporting that it seems to be directly
> >>| linked to the samba package. My current test environment
> >>| is on 2k3 so I'm still in the process of setting up a
> >>| 2k AD environment to do testing on...at this point just
> >>| relaying feedback that I am getting from others.
> >>I spent some time on this today without any luck
> >>reproducing the problem. My test server was SuSE 9.1 pro
> >>however with heimdal 0.6.1rc3.
> >>I've updated the comments in
> >> https://bugzilla.samba.org/show_bug.cgi?id=1717
> >>And I checked the ticket cache produced by
> >>smbclient //server/share -k from 3.0.5 and 3.0.6. Same
> >>host principal is used (server$@REALM).
> >>So far, I've not learned of any common thread from the people
> >>who posted on this. I'm open to suggestions. (off to
> >>review abartlet's mail to samba-technical about this).
> >>cheers, jerry
> >>- ---------------------------------------------------------------------
> >>Alleviating the pain of Windows(tm) ------- http://www.samba.org
> >>GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
> >>"If we're adding to the noise, turn off this song"--Switchfoot (2003)
> >>-----BEGIN PGP SIGNATURE-----
> >>Version: GnuPG v1.2.4 (GNU/Linux)
> >>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >>-----END PGP SIGNATURE-----
> >>To unsubscribe from this list go to the following URL and read the
> >>instructions: http://lists.samba.org/mailman/listinfo/samba
> >Tom Ryan Voice: 856-225-6361
> >Consulting System Administrator Fax: 856-969-7900
> >Rutgers School of Law - Camden IT Help Desk: 856-225-2343
> Tom we have had multiple reports of this and I imagine your ticket is
> probably one of many in my queue right now. We are working on it
> internally as well but so far have not made any real progress narrowing
> down the problem. It *appears* that this is actually unrelated to our
> kerberos update. As I mentioned previously this looks like the problems
> we have been seeing in win2k3 environments -- almost as if something
> helped spread this issue to win2k as well.
Tom Ryan Voice: 856-225-6361
Consulting System Administrator Fax: 856-969-7900
Rutgers School of Law - Camden IT Help Desk: 856-225-2343
More information about the samba