[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Robert M. Martel - CSU
r.martel at csuohio.edu
Mon Oct 22 12:51:20 MDT 2012
Greetings,
More responding to my own thread - but no solution in sight.
Still having the problem with Samba 3.5.18. New and different error
message from net ads testjoin:
#webdevel# net ads testjoin
[2012/10/22 14:23:07.317109, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients
credentials have been revoked
[2012/10/22 14:23:07.353280, 0] libads/kerberos.c:333(ads_kinit_password)
kerberos_kinit_password WEBDEVEL$@CSUNET.CSUOHIO.EDU failed: Clients
credentials have been revoked
Join to domain is not valid: Access denied
The Active Directory admins are still saying that they have not changed
anything on their side.
On 10/22/2012 11:48 AM, Robert M. Martel - CSU wrote:
> Greetings,
>
> something to add.
>
> Had one of the Solaris 9 machines just stop working. I stopped samba
> and restarted it, found the following in smblog.smbd
>
> [2012/10/22 11:37:00.299787, 0] libads/sasl.c:823(ads_sasl_spnego_bind)
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid
> credentials
>
> I removed the machine from Active Directory and immediately re-added it
> - I did NOT run kinit to get new credentials. started Samba and the
> machine works fine...for now.
>
>
> On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote:
>> Greetings,
>>
>> I have an elderly installation of Samba 3.5.8 running on 10 Sparc
>> servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as
>> Active Directory member servers. Since we've laid-off everyone else
>> around here I have not had the opportunity to update the Samba
>> installation - and have not needed to as it has been very solid.
>>
>> Suddenly last Friday the Samba servers started having authentication
>> problems for the active directory users. Users were unable to map
>> drives, looking at files on the server I was seeing UID numbers rather
>> that the user's login ID for the files. Stopping and restarting Samba
>> did not help.
>>
>> I took the machines out of Active Directory, and then re-added them -
>> which they did without a problem. After restarting Samba all was well,
>> for awhile.
>>
>> This morning some folks that had left themselves looked in over the
>> weekend were okay, but others could not map their drives. interactive
>> logins for AD users did not work. I again left and rejoined the AD
>> domain and all was well for a bit, then I had to repeat the cycle.
>>
>> I do not maintain or have access to the Active Directory servers or
>> configuration. The central IT people claim that they have not made any
>> changes to the AD servers...but they don't always tell me the whole
>> truth.
>>
>> I am building Samba 3.5.18 right now in the hope that it will make a
>> difference.
>>
>> I've never had a problem like this since first "playing" with Samba and
>> Active directory more than 5 years ago - and certainly no issue like
>> this since putting it into production.
>
--
***********************************************************************
Robert M. Martel I met someone who looks a lot like you
System Administrator She does the things you do
Levin College of Urban Affairs But she is an IBM
Cleveland State University -Jeff Lynne
(216) 687-2214
r.martel at csuohio.edu
***********************************************************************
More information about the samba
mailing list