[Samba] Moving PDC from Fedora to RHEL5 - _net_auth2: creds_server_check failed. Rejecting auth request from client

Paul Furness p.furness at uk.merce.mee.com
Mon Feb 15 03:20:01 MST 2010

Hi, Stan,

You make a fair point, the versions of stuff are all older. I never said 
I was *upgrading* (although I did mention that I often have this kind of 
issue if I upgrade the PDC - perhaps I should have said "every time I 
*change* the PDC") and I know darn well that moving from newer to older 
versions may prove difficult. However, I did also say that I've 
encountered almost exactly the same set of probelms every time I try to 
migrate Samba to a new server, and this is still the case for *any* new 
server, whatever version I'm going from / to.  (for instance, I tried 
moving it to an F12 build last month, before I tried RHEL, and it was 
even more difficult to get it to work - which is why I gave up and 
figured I should take a look at a commercial version).

I guess that what I'm really hoping for is that someone on this list can 
clarify for me whether or not the LDAP holds all the samba account 
information and passwords or not, with the notable exception of the LDAP 
manager password which, as far as I can work out, is stored in 
"secrets.tdb"). If that is the case, then I could really use some 
suggestions as to why Samba might read the LDAP fine, but refuse trust 
accounts permission.

Like I said, maybe I have missed something fundamental in my 
understanding of what Samba does / how it works. But I have been running 
my PDC using Samba for about 7 years now, so I guess I've at least got 
some of the basics. :)

It's also become clear to me over the last day or so that, whatever else 
I do, I'm going to need to upgrade to a very recent version of Samba 
because I also have to support Windows 7, so I'll do this. But I still 
don't know why it doesn't work with old versions of windows (XP) which 
have been working fine with Samba for a whole lot of versions.



Stan Hoeppner wrote:
> Paul Furness put forth on 2/12/2010 12:34 PM:
>> It *may* be possible to re-join the domain with the workstation, but I'm
>> fed up with doing that every time I upgrade...
> Hi Paul.  Not trying to be a jerk or anything, but you didn't *upgrade* in this
> scenario.  You *downgraded* in a big way.  Look at the revs on everything below.
>  Every single one dropped far back in the time machine by moving to RHEL.  Any
> distro with "Enterprise" or "Stable" in the name is bound to be quite a bit
> behind the bleeding edge.  The free community distro versions are where the edge
> development occurs.  You were running such an edgy distro and then went
> "Enterprise".  That is never a good idea, and you are learning why in this case.
>  You need to upgrade these packages back up to their previous revs, if you can.
>  If not, put the identical Fedora setup on the new machine.
>> Version info:
>> Working PDC:
>> Fedora 10, kernel 2.6.27
>> Samba 3.2.15, smbldap-tools 0.9.5
>> openldap 2.4.12
>> New PDC (not working):
>> RHEL 5.4, kernel 2.6.18
>> Samba 3.0.33, smbldap-tools 0.9.4
>> openldap 2.3.43

*Paul Furness BEng(Hons) MBCS*
/Systems Manager/

20, Frederick Sanger Road
The Surrey Research Park
Guildford, Surrey GU2 7YD
/UK Registered Branch BR 003158/
*DDI Telephone: +44 1483 885826*
Tel: +44 1483 885800   Fax: +44 1483 579107

More information about the samba mailing list