[Samba] problems with windows 2000 terminal server in AD with samba4rc5 (on Ubuntu 12.04.1 64bit) DC
odix
odix at odiisi.net
Wed Nov 21 01:58:24 MST 2012
Dear all,
after upgrading an existing NT4 domain, via "injecting" a samba3 LDAP
BDC to vampire security database, classicupgrade with samba-tool ...
everything seems to work like expecting, except the mentioned windows
2000 terminal server, see excerpt from log.samba file:
...
[2012/11/18 13:09:26, 0] ../source4/smbd/server.c:475(binary_smbd_main)
samba: using 'standard' process model
[2012/11/18 14:56:10, 0]
../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
Failed to modify SPNs on CN=W2000,CN=Computers,DC=xxx,DC=lan: error
in module acl: insufficient access rights (50)
[2012/11/18 14:56:19, 0]
../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2012/11/18 15:04:41, 0]
../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2012/11/18 15:07:05, 0]
../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
Failed to modify SPNs on CN=W2000,CN=Computers,DC=xxx,DC=lan: error
in module acl: Constraint violation (19)
[2012/11/18 15:59:47, 0]
../source4/rpc_server/handles.c:102(dcesrv_handle_fetch)
../source4/rpc_server/handles.c:102: Attempt to use invalid sid
S-1-5-21-123456789-14442762-398547282-1077 - S-1-5-7
[2012/11/18 15:59:47, 0]
../source4/rpc_server/handles.c:102(dcesrv_handle_fetch)
../source4/rpc_server/handles.c:102: Attempt to use invalid sid
S-1-5-21-123456789-14442762-398547282-1077 - S-1-5-7
[2012/11/18 15:59:47, 0]
../source4/rpc_server/handles.c:102(dcesrv_handle_fetch)
...
also failed to update dns entry:
Nov 18 17:52:56 sambadc named[752]: client 192.168.12.34#57038:
request has invalid signature: TSIG 1236950581266-2
(w2000\$\@XXX.LAN): tsig verify failure (BADSIG)
I would suggest that it has something todo with the default setting of
RequireSignOrSeal or RequireStrongKey which defaults to 0 in windows
2000 afaik, but I'm not sure. Any other suggestions ?
thanks
odi
More information about the samba
mailing list