From: Preller, Markus on
Hi Richard,

sounds familiar to me - we had the same trouble when changing our AD backend
from w2k3 to w2k8R2 servers.

I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2..4.21
completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1..6.3
has some issues with upper/lowercase SPNs so I used 1.7.1.

Which platform do you have ?

best regards
Markus

-----Ursprüngliche Nachricht-----
Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] Im Auftrag von Richard Smits
Gesendet: Donnerstag, 1. April 2010 15:25
An: samba(a)lists.samba.org
Betreff: [Samba] Windows 2008 pdc troubles

We are in the process of upgading our windows 2003 pdc's to windows
2008Rr2. No problem there, but our samba/winbind clients are beginning
to show some strange behaviour.

In the beginning we saw a lot of messages appear in the logfiles.

Example :
--------------
pr 1 14:07:36 srvxxx winbindd[5148]: rpc_api_pipe: Remote machine
pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error
was NT_STATUS_PIPE_DISCONNECTED
--------------

The clients who were connected to our 2003 pdc did not have this problem.
Now we are getting reports that some mounts are failing, and joining a
machine to the domain is also failing with a kerberos error. (ticket not
valid ?)

Some more messages :

----
winbindd.log :
[2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
Could not receive trustdoms
----

[2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to
machine pdc.company.net. Error was SUCCESS - 0

We are using samba version samba-3.0.28-1.el5_2.1 on rhel5.

What can we do to troubleshoot or solve this problem ?

Greetings ... Richard
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Richard Smits on
He Markus,

We have this problem on multiple environments.

One of my servers is a Redhat v5 , samba version samba-3.0.28-1.el5_2.1.

But our clients are openSuSe 10.3 and SuSE Enterprise Desktop 11.

Their samba versions are :

Version 3.0.26a-3.7-1787-SUSE-SL10.3

Version 3.2.7-11.9.1-2306-SUSE-CODE11

The 11 clients are also having some issues, but works better then 10.3.

We are hoping a Microsoft patch wil solve some stuff next week that
enables DES encryption.

See : http://support.microsoft.com/?kbid=978055

But i was hoping also for another way to solve this if the hotfix
doesn't work correctly.

Greetings .. Richard

Preller, Markus wrote:
> Hi Richard,
>
> sounds familiar to me - we had the same trouble when changing our AD backend
> from w2k3 to w2k8R2 servers.
>
> I fixed the whole thing by using Samba 3.4.7, Kerberos 1.7.1 and OpenLDAP 2.4.21
> completely build from the scratch on Solaris 10 (Sparc and x64). Kerberos 1.6.3
> has some issues with upper/lowercase SPNs so I used 1.7.1.
>
> Which platform do you have ?
>
> best regards
> Markus
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] Im Auftrag von Richard Smits
> Gesendet: Donnerstag, 1. April 2010 15:25
> An: samba(a)lists.samba.org
> Betreff: [Samba] Windows 2008 pdc troubles
>
> We are in the process of upgading our windows 2003 pdc's to windows
> 2008Rr2. No problem there, but our samba/winbind clients are beginning
> to show some strange behaviour.
>
> In the beginning we saw a lot of messages appear in the logfiles.
>
> Example :
> --------------
> pr 1 14:07:36 srvxxx winbindd[5148]: rpc_api_pipe: Remote machine
> pdc.company.net pipe \NETLOGON fnum 0x4003returned critical error. Error
> was NT_STATUS_PIPE_DISCONNECTED
> --------------
>
> The clients who were connected to our 2003 pdc did not have this problem.
> Now we are getting reports that some mounts are failing, and joining a
> machine to the domain is also failing with a kerberos error. (ticket not
> valid ?)
>
> Some more messages :
>
> ----
> winbindd.log :
> [2010/04/01 14:54:10, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
> Could not receive trustdoms
> ----
>
> [2010/03/31 10:02:25, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
> cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x4007 to
> machine pdc.company.net. Error was SUCCESS - 0
>
> We are using samba version samba-3.0.28-1.el5_2.1 on rhel5.
>
> What can we do to troubleshoot or solve this problem ?
>
> Greetings ... Richard
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba