[Samba] Samba 3.5.9 with Windows 2008 R2

Le, Anh anh.le at cognex.com
Thu Jul 14 10:32:27 MDT 2011 

Hi All,

I'm trying to re-configure my samba from beginning again as this doc https://wiki.samba.org/index.php/Samba_%26_Active_Directory . I hope I  can resolve the intermittence problem that I'm having as the below message. But could not find the winbind library libnss_winbind.so in source3 so that I can copy it to /lib as the above doc recommend. I did enable winbind when I configure the source code with option "--with-winbind". I do see winbindd file was installed into my samba/sbin. The compiling and installation processes went fine without any error.

Any idea where I can find it? I really appreciate it.

Thanks a lot,

Anh.

From: Le, Anh
Sent: Wednesday, July 13, 2011 3:20 PM
To: 'samba at lists.samba.org'
Subject: Samba 3.5.9 with Windows 2008 R2

Hi All,

We're going to upgrade our DCs to Windows 2008 R2 native mode soon, so we're facing with the challenge that how to get our samba servers (Solaris 8 & Solaris 10) work with Windows 2008 R2 native mode. I've compiled Samba 3.5.9 with AD support. Then I installed and configured the binaries on my 3 test machines (one Solaris 8 and two Solaris 10). The strange problem is one of my test machines (Solaris 10) working perfectly, no problem at all, but the other two machines, one Solaris 8 and another Solaris 10, are having the intermittence problem, sometime I'm able to connect to the share directories from windows machines, and sometime I have " The trust relationship between this workstation and the primary domain failed" error and the errors in the samba log as below

"[2011/07/13 14:40:20.560609,  0] auth/auth_domain.c:188(connect_to_domain_password_server)
  connect_to_domain_password_server: unable to open the domain client session to machine SCAR.PC.COG
NEX.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2011/07/13 14:40:20.564083,  0] rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel)
  cli_rpc_pipe_open_schannel: failed to get schannel session key from server SCAR.PC.COGNEX.COM for
domain NATICK-NT.
[2011/07/13 14:40:20.564230,  0] auth/auth_domain.c:188(connect_to_domain_password_server)
  connect_to_domain_password_server: unable to open the domain client session to machine SCAR.PC.COG
NEX.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2011/07/13 14:40:20.564726,  0] auth/auth_domain.c:289(domain_client_validate)
  domain_client_validate: Domain password server not available.
[2011/07/13 14:40:31.544390,  0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/07/13 14:40:31.544582,  0] lib/util_sock.c:1441(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer."

I could not figure out why it causes the intermittence problem on my two test machines. They are very much configured the same. I've also spent days on Google but still have not find any good solution.

Any idea what can cause the problem?

Thanks a lot,

Anh

By the way, here are my smb.conf and krb5.conf

# Global parameters
[global]
        workgroup = NATICK-NT
        realm = PC.COGNEX.COM
        preferred master = no
        netbios name = TALON
        server string = Samba %v - %h
        security = ADS
        encrypt passwords = yes
        password server = scar
        domain master = No
        local master = No
        domain logons = No
        inherit acls = Yes
        debug level = 0
        log file = /var/log/smb.log
        idmap uid = 9000-20000
        idmap gid = 600-1000
        deadtime = 15
        load printers = No
        disable spoolss = Yes
        printcap name = /dev/null

And

#
[libdefaults]
        default_realm = PC.COGNEX.COM
        clockskew = 300

[realms]
        PC.COGNEX.COM = {
                kdc = scar.pc.cognex.com
                kdc = sherekhan.pc.cognex.com
                admin_server = scar.pc.cognex.com
                default_domain = pc.cognex.com
        }

[domain_realm]
       .kerberos.server = PC.COGNEX.COM
       pc.cognex.com = PC.COGNEX.COM
       .pc.cognex.com = PC.COGNEX.COM


[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/log/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }
        gkadmin = {
                help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageVi
ew/1195
        }

More information about the samba mailing list