[Samba] Error using password cached on a samba4 RODC

Michael Brown michael at netdirect.ca
Wed Nov 20 16:15:26 MST 2013


OK! I'm getting farther and farther! :)

I've managed to preload user and computer passwords onto a samba RODC:

*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 
'win7-shire$' --server main.adlab.netdirect.ca**
*Replicating DN 
CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=WIN7-SHIRE,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca] 
objects[1] linked_values[2]
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 
'win7-shire-2$' --server main.adlab.netdirect.ca**
*Replicating DN 
CN=WIN7-SHIRE-2,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop 
on[CN=WIN7-SHIRE-2,CN=Computers,DC=main,DC=adlab,DC=netdirect,DC=ca] 
objects[1] linked_values[1]
*sles-shire:/var/lib/samba/sysvol # samba-tool rodc preload 'bilbo' 
--server main.adlab.netdirect.ca**
*Replicating DN CN=Bilbo 
Baggins,OU=Shire,OU=Offices,DC=main,DC=adlab,DC=netdirect,DC=ca
Exop on[CN=Bilbo 
Baggins,OU=Shire,OU=Offices,DC=main,DC=adlab,DC=netdirect,DC=ca] 
objects[1] linked_values[2]

But when I try to log onto the domain from a client on that network, I 
get an error "An internal error has occurred". Note that if I type an 
*incorrect* password for the user, I get "The user name or password is 
incorrect." I suspect the corresponding error in the Windows event log 
is related to:

The Security System detected an authentication error for the server 
cifs/sles-shire.main.adlab.netdirect.ca. The failure code from 
authentication protocol Kerberos was "An internal error occurred. 
(0xc00000e5)".

Note that this happens for users with credentials preloaded to the RODC 
*even if the site link is up*.

Any idea what's going wrong?

M.

-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
?: +1 519 883 1172 x5106    | termination of their C programs.' - Firth



More information about the samba mailing list