[Samba] winbind issue with Windows 2008 R2 - domain trusts

[Robert Freeman-Day]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/01/2011 04:24 PM, Terry wrote:
> On Wed, Jun 1, 2011 at 3:21 PM, Terry <td3201 at gmail.com> wrote:
>> Hello,
>>
>> I have a problem that just propped up after our windows admin did some
>> work. �He introduced some new domain controllers and upgraded the
>> domain to 2008 R2. �The primary domain that our linux boxes are in
>> seems to work, it's trusted domains. �Here's an example domain:
>>
>> FOO.BAR.LOCAL
>>
>> The boxes are in the FOO domain and I can getent passwd and see
>> accounts in there fine. �I used to be able see accounts in BAR as well
>> but now can't.
>>
>> I am using samba-3.0.33-3.29.el5_5.1 on RHEL5.2.
>>
>> Here's an error I see in the logs. �Not sure
>>
>> Jun �1 15:16:01 omadvdss01a winbindd[10772]: [2011/06/01 15:16:01, 0]
>> rpc_client/cli_pipe.c:rpc_api_pipe(790)
>> Jun �1 15:16:01 omadvdss01a winbindd[10772]: � rpc_api_pipe: Remote
>> machine foodc03.foo.bar.local pipe \NETLOGON fnum 0x3returned critical
>> error. Error was NT_STATUS_PIPE_DISCONNECTED
>>
>> That domain controller referenced in the logs is a new DC he added.
>> All windows operations appear to be normal.
>>
>> Thoughts?
>> Thanks!
>>
> 
> Sorry for replying to my own post so early here.  I removed that
> domain controller from my smb.conf and that appears to have fixed
> things.  Anyone have an idea on what the issue could be?
Terry,

The version of samba is quite old and unsupported upstream by the samba
team.  There were many issues with that version and 2008 AD controllers.

RHEL 5.5 on up uses a more up to date version of samba and you can
migrate to that.  Red Hat's release notes detail it a bit more.

There still may be ntlmv2 issues, but as long as there is kerberos
access, things should be okay.
- -- 
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3nk9IACgkQup357T5MfTawZwCfedWvHYQC1SPwqHmw8QPB9n+h
a6oAoLnslQNyG24ipnFxfoiefI+g2gX+
=1au8
-----END PGP SIGNATURE-----