[Samba] Problem with windows shares after stopping down one dc

Thorsten Marquardt Marquardt at koehler-bracht.de
Thu Jan 19 11:13:16 UTC 2023

As I stated in a different thread (problems with sysvol after fsmo 
transfer), I have two DC's in serving my domain.
The first (srv-kb-primdc) is a self compiled Samba 4.7.4 on openSUSE 
leap 42.3 with Heimdal kerberos. The second one (srv-kb-dc1) is Samba 
4.7.11 on Leap 15.0 installed from packages with MIT kerberos.
I transfered the fsmo roles from srv-kb-primdc to srv-kb-dc1 and you 
helped me to fix a minor problem with the gpo access from the Group 
Policy Management Console.
After some days without monitoring further trouble I stopped samba on 
srv-kb-primdc to check my environment. After some houres some of my 
colleagues (windows) reported that they were not able to access
shares on other windows pc ( windows 10 and windows 2016 server ). So I 
started samba on srv-kb-primdc again but that didn't solve the trouble. 
Allthough rebooting  or rejoining the PC's didn't help. Finally I 
transferred fsmo back to srv-kb-primdc, stopped samba on srv-kb-dc1 an 
the problems vanished very soon.

The time I had the trouble I started klist on the PCs having problems 
and on PCs working well. I saw that all the problem free PCs reported:

KDC called: srv-kb-primdc.my.local.dom

for all current tickets

whereas the others stated

KDC called: srv-kb-dc1.my.local.dom

for at least one current ticket.

I presume that mixing the tickets from two KDCs was causing the failures 
-  am I right? Is this the normal behavior what would have been settled 
if I had restarted the PCs to obtain new tickets or is this a 
consequence of using Heimdal an MIT in the same environment?


More information about the samba mailing list