We run a number of RHEL 4.8 and RHEL 5.4 Samba fileservers that are attached to a Windows Server 2003 Active Directory domain. Everything was running fine until a Windows Server 2008 domain controller was added into the domain. As soon as the Server 2008 DC was added, none of our Windows and Mac OS X clients could connect to Samba shares hosted by our RHEL servers. The Samba servers were logging "FAILED with error NT_STATUS_WRONG_PASSWORD" errors. Windows clients experienced "No process is on the other end of the pipe" errors when attempting to connect to Samba servers.
While troubleshooting I ran the following commands and received all the wrong answers: #net ads testjoin Join to domain is not valid: Improperly formed account name #wbinfo -m Could not list trusted domains #wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc0000022) Could not check secret #wbinfo --sequence CAMPUS : DISCONNECTED As soon as the Server 2008 DC was removed from the domain, all the problems went away. The AD forest administrator wants to eventually replace all the Server 2003 DC's with Server 2008 DC's. Is there some way that Server 2008 Active Directory DC's and our Samba servers can be configured to play nice together? We're running the latest Red Hat Samba v 3.0.33-0.18.el4_8.1 and v3.0.33-3.15.el5_4.1 packages. I'd really prefer to stick to the Red Hat rpm's rather than compile from source. Any thoughts or suggestions on this topic would be greatly appreciated. The output of testparm on our Samba servers typically looks like this: workgroup = DOMAIN realm = DOMAIN.FOREST.EXAMPLE.COM server string = SAMBA_SERVER security = ADS password server = * lanman auth = No use kerberos keytab = Yes log level = 5 log file = /var/log/samba/log.smbd max log size = 50 server signing = auto socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No domain master = No dns proxy = No idmap uid = 10000-30000000 idmap gid = 10000-30000000 template shell = /bin/false winbind use default domain = Yes winbind refresh tickets = Yes Andrew Philipoff Infrastructure Coordinator Information Systems Department of Medicine, UCSF
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
