[Samba] problem with domain and samba3x

Dale Schroeder dale at BriannasSaladDressing.com
Mon Jun 20 18:53:29 UTC 2016


On 06/17/2016 4:31 PM, peter lawrie wrote:
> Hi all
> About 18 months ago I connected 14 new Windows 7 PCs to a Centos5.1 server
> with samba3x as domain members.  There are no other servers on site.
> Today, I had to visit to connect up a PC in a new location. As I would
> normally do I checked for Centos updates and found 35 outstanding including
> samba3x 3.6.23-12.el5_11 and samba3x-client, samba3x-common, samba3x-doc,
> samba3x-domainjoin-gui, samba3x-swat, samba3x-winbind, samba3x-winbind-devel
>
> Having completed the cabling I tried to log the PC in but received 'trust
> relationship between this workstation and primary domain failed'. Several
> times I removed it from the domain and added it back again - this made no
> difference. I noted the time on the PC was 7 minutes out from the server,
> so corrected that, removed from the domain, added it in again but had the
> same message.
> Thinking it was just related to this PC, I left it configured as a
> workgroup member, created a new local user to match the domain username it
> had been using and connected it to the server shares.
>
> Then I went to another PC which had an unrelated issue which needed
> attention but when I tried to logon to the domain received the same domain
> trust failure message.
> Only then did I suspect that the samba3x update may have been the cause so
> I removed it installed 3x 3.6.23-9 - now when I tried to login I get "there
> are no login servers available to service the login request"
>
> As other users were complaining about losing access to the server shares, I
> then had to visit every PC, remove each of them from the domain into a
> workgroup, create a local user on each to match the samba username and copy
> the profile. Needless to say, a job which should have taken 1 to 2 hours
> took 7.
>
> I still have no idea why the problem occurred, is there an issue with the
> latest samba update. All I could find online was that the update related to
> a fix for badlock vulnerability.
> Peter Lawrie
Peter,

The badlock patches have been a big problem for Samba classic domains.  
Many have posted asking for help, but I have seen no solution presented 
on this list; i.e. the silence is deafening.  It may be that NT4 classic 
domains will not work going forward.

For example, refer to the post by Peter Tuharsky: 
http://www.spinics.net/lists/samba/msg134710.html

In all actuality, Samba 4.3.x pre-badlock had already broken classic 
ldap domains.

So, if anyone has a working Samba/openldap NT4 classic domain 
post-badlock patches, would you please share your config to help these 
people?

And, if you have a working 4.3 or 4.4 classic domain config, please help 
me out.

Thanks,
Dale





More information about the samba mailing list