[Samba] Samba domain member losing membership
Andrew Galdes
andrew.galdes at agix.com.au
Thu Nov 15 22:19:39 MST 2012
Hello all,
I've recently posted here for help with a Samba domain member system which
seems to lose it's domain membership. I want to discuss it a little more. I
have more information. I'm after comments and suggestions for
troubleshooting. Also, i say "loses membership" but i don't really know if
it has lost it. Just doesn't work anymore until i re-join the Samba system
to the domain.
I have noticed this behaviour with two sites (installations) now. Both are
CentOS systems with Samba versions as follows:
samba-*-3.5.10-125.el6.x86_64
samba-*-3.5.10-115.el6_2.x86_64
I successfully join these systems to Active Directory domains (2008 r2
DC's) using the following command. The system can then do as i need and
"wbinfo" works:
net join -U Administrator%MyPass
After some time the Samba servers will stop functioning as expected and
users will get 'access denied' errors. "wbinfo" stops working.
Some error messages:
LOG FILE: "/var/log/samba/log.wb-MYDOM"
[2012/11/12 13:20:43.338947, 0]
libsmb/cliconnect.c:1052(cli_session_setup_spnego)
Kinit failed: Preauthentication failed
[2012/11/12 13:20:43.459457, 2]
winbindd/winbindd_pam.c:2121(winbindd_dual_pam_auth_crap)
NTLM CRAP authentication for user [MYDOM]\[myuser] returned
NT_STATUS_ACCESS_DENIED (PAM: 4)
Notice Kinit in the above error. I have not configured Kerberos at this
point.
I have not identified consistent time intervals for these 'drop-outs'. I
have not updated (YUM) these systems between the joining and dropping from
the domains.
What might cause this?
--
-Andrew Galdes
Managing Director
RHCSA, LPI, CCENT
AGIX Linux
Ph: 08 7324 4429
Mb: 0422 927 598
Site: http://www.agix.com.au
Twitter: http://twitter.com/agixlinux
LinkedIn: http://au.linkedin.com/in/andrewgaldes
More information about the samba
mailing list