[Samba] Samba 4--Somethings decidedly broken

tms3 at tms3.com tms3 at tms3.com
Sat Jun 12 07:16:22 MDT 2010 




>
> SNIP
>>
>> Hmmm...not quite sure where to go to fix this up.
>>
>> Samba 4 PDC, 1 W2K3R2, 1 W2K8R2 additional DC's.  samba.log
>> perpetually spewing:
>>
>> [Fri Jun 11 14:47:42 2010 PDT, 0
>> librpc/rpc/dcerpc_util.c:619:dcerpc_pipe_auth_recv()]
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
>> NT_STATUS_INVALID_PARAMETER
>> [Fri Jun 11 14:47:42 2010 PDT, 0
SNIP
>>
>>
> Perhaps check to see if anything is stopping Kerberos working between
> these hosts?  The auth code for Kerberos will trigger
> NT_STATUS_INVALID_PARAMETER (yeah, it is probably not the best choice 
> of
> error code) if Kerberos won't work.
>
> Perhaps turn up the debug level and see if there are more clues?

Yeah something odd kerberos wise:

Sat Jun 12 06:10:54 2010 PDT, 2 
lib/socket/interface.c:96:add_interface()]
added interface ip=192.168.64.3 nmask=255.255.255.0
[Sat Jun 12 06:10:54 2010 PDT, 5 
auth/gensec/gensec.c:636:gensec_start_mech()]
Starting GENSEC mechanism gssapi_krb5
[Sat Jun 12 06:10:54 2010 PDT, 2 
auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()]
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED
[Sat Jun 12 06:10:54 2010 PDT, 2 
auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()]
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED
[Sat Jun 12 06:10:54 2010 PDT, 2 
auth/kerberos/krb5_init_context.c:343:smb_krb5_send_and_recv_func()]
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED
[Sat Jun 12 06:10:54 2010 PDT, 1 
auth/credentials/../kerberos/kerberos_util.c:236:kinit_to_ccache()]
[Sat Jun 12 06:10:54 2010 PDT, 1 
auth/credentials/../kerberos/kerberos_util.c:236:kinit_to_ccache()]
kinit for T3$@TMS3.COM failed (Cannot contact any KDC for requested 
realm: unable to reach any KDC in realm TMS3.COM)
[Sat Jun 12 06:10:54 2010 PDT, 1 
auth/credentials/credentials_krb5.c:371:cli_credentials_get_client_gss_creds()]
Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for 
requested realm
[Sat Jun 12 06:10:54 2010 PDT, 3 
auth/gensec/gensec_gssapi.c:378:gensec_gssapi_client_start()]
Cannot reach a KDC we require to contact 
ldap at 58BFC826-CD9F-445D-B6E5-AB7314BA0671._MSDCS.TMS3.COM

Why, dunno.  2 FreeBSD boxes both pulling kerberos from DNS kinit and 
klist no problem...

Looking...
>
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Cisco Inc.
>
>

More information about the samba mailing list