[Samba] a word of warning

[lists]

Hi,

I'd like to report something here, so it will not happen to others.

We moved all disabled users in our samba AD to a dedicated folder in
ADUC, which we called 'disabled'.

A little while after we did that, our network started 'falling apart'.
Some things still worked, others did not. I could for example no longer
start ADUC, some users could not logon or map drives, etc, etc.

>From samba's point of view everything was still running, replication was
happening, etc, etc. No idea where to start looking.

Until my colleage told me about this moving of disabled  accounts from
CN=Users into OU=disabled.

Turned out he had also moved the disabled account "krbtgt", and this had
caused our network to fall apart. Luckily his ADUC window was still open
and functional, so we could move this account back into CN=Users, and
everything started working again.

So, our advise: don't move that account! :-)