[Samba] Problem with windows shares after stopping down one dc
Thorsten Marquardt
Marquardt at koehler-bracht.de
Thu Jan 19 11:13:16 UTC 2023
As I stated in a different thread (problems with sysvol after fsmo
transfer), I have two DC's in serving my domain.
The first (srv-kb-primdc) is a self compiled Samba 4.7.4 on openSUSE
leap 42.3 with Heimdal kerberos. The second one (srv-kb-dc1) is Samba
4.7.11 on Leap 15.0 installed from packages with MIT kerberos.
I transfered the fsmo roles from srv-kb-primdc to srv-kb-dc1 and you
helped me to fix a minor problem with the gpo access from the Group
Policy Management Console.
After some days without monitoring further trouble I stopped samba on
srv-kb-primdc to check my environment. After some houres some of my
colleagues (windows) reported that they were not able to access
shares on other windows pc ( windows 10 and windows 2016 server ). So I
started samba on srv-kb-primdc again but that didn't solve the trouble.
Allthough rebooting or rejoining the PC's didn't help. Finally I
transferred fsmo back to srv-kb-primdc, stopped samba on srv-kb-dc1 an
the problems vanished very soon.
The time I had the trouble I started klist on the PCs having problems
and on PCs working well. I saw that all the problem free PCs reported:
KDC called: srv-kb-primdc.my.local.dom
for all current tickets
whereas the others stated
KDC called: srv-kb-dc1.my.local.dom
for at least one current ticket.
I presume that mixing the tickets from two KDCs was causing the failures
- am I right? Is this the normal behavior what would have been settled
if I had restarted the PCs to obtain new tickets or is this a
consequence of using Heimdal an MIT in the same environment?
Thorsten
More information about the samba
mailing list