[Samba] Moving PDC from Fedora to RHEL5 - _net_auth2: creds_server_check failed. Rejecting auth request from client
Paul Furness
p.furness at uk.merce.mee.com
Mon Feb 15 03:20:01 MST 2010
Hi, Stan,
You make a fair point, the versions of stuff are all older. I never said
I was *upgrading* (although I did mention that I often have this kind of
issue if I upgrade the PDC - perhaps I should have said "every time I
*change* the PDC") and I know darn well that moving from newer to older
versions may prove difficult. However, I did also say that I've
encountered almost exactly the same set of probelms every time I try to
migrate Samba to a new server, and this is still the case for *any* new
server, whatever version I'm going from / to. (for instance, I tried
moving it to an F12 build last month, before I tried RHEL, and it was
even more difficult to get it to work - which is why I gave up and
figured I should take a look at a commercial version).
I guess that what I'm really hoping for is that someone on this list can
clarify for me whether or not the LDAP holds all the samba account
information and passwords or not, with the notable exception of the LDAP
manager password which, as far as I can work out, is stored in
"secrets.tdb"). If that is the case, then I could really use some
suggestions as to why Samba might read the LDAP fine, but refuse trust
accounts permission.
Like I said, maybe I have missed something fundamental in my
understanding of what Samba does / how it works. But I have been running
my PDC using Samba for about 7 years now, so I guess I've at least got
some of the basics. :)
It's also become clear to me over the last day or so that, whatever else
I do, I'm going to need to upgrade to a very recent version of Samba
because I also have to support Windows 7, so I'll do this. But I still
don't know why it doesn't work with old versions of windows (XP) which
have been working fine with Samba for a whole lot of versions.
Thanks,
Paul.
Stan Hoeppner wrote:
> Paul Furness put forth on 2/12/2010 12:34 PM:
>
>
>> It *may* be possible to re-join the domain with the workstation, but I'm
>> fed up with doing that every time I upgrade...
>>
>
> Hi Paul. Not trying to be a jerk or anything, but you didn't *upgrade* in this
> scenario. You *downgraded* in a big way. Look at the revs on everything below.
> Every single one dropped far back in the time machine by moving to RHEL. Any
> distro with "Enterprise" or "Stable" in the name is bound to be quite a bit
> behind the bleeding edge. The free community distro versions are where the edge
> development occurs. You were running such an edgy distro and then went
> "Enterprise". That is never a good idea, and you are learning why in this case.
> You need to upgrade these packages back up to their previous revs, if you can.
> If not, put the identical Fedora setup on the new machine.
>
>
>> Version info:
>>
>> Working PDC:
>> Fedora 10, kernel 2.6.27
>> Samba 3.2.15, smbldap-tools 0.9.5
>> openldap 2.4.12
>>
>> New PDC (not working):
>> RHEL 5.4, kernel 2.6.18
>> Samba 3.0.33, smbldap-tools 0.9.4
>> openldap 2.3.43
>>
>
>
--
*Paul Furness BEng(Hons) MBCS*
/Systems Manager/
*MERCE UK*
20, Frederick Sanger Road
The Surrey Research Park
Guildford, Surrey GU2 7YD
/UK Registered Branch BR 003158/
*DDI Telephone: +44 1483 885826*
Tel: +44 1483 885800 Fax: +44 1483 579107
More information about the samba
mailing list