[Samba] Authenticates on lan but not through VPN

[John Adams]

Hi

We have a samba server which has been working fine for four years, SAMBA is configured as an Active directory domain member (SECURITY=ADS in the conf file), using Kerberos tickets to allow it to authenticate users. 

SAMBA is not however performing in pure native ADS mode as it is using WINBIND TRUSTED DOMAINS ONLY=YES
Local and VPN connected users have worked fine.

About a week ago we added a Windows 2003r2 server as a domain controller this involved upgrading the schema on the w2000 server
to let it work with the 2003 server.

Things seemed to be working Ok until four days later when we restarted the samba server (after making all the servers use the same time server). 

We were getting error rec_free read bad magic messages in /var/log/messages saying the tdb files are corrupt, Though this has now stopped.

It now no longer authenticates users who access the samba server through the VPN, though local users are fine. VPN users are asked to type in a username and password, repeatedly even if they enter the correct ones.

No firewall, samba.conf or VPN settings have been changed.

Any ideas what we can do to allow the external VPN users connect again.

John