Samba4 beta6. CentOS 6.3.
I have a CentOS client, using sssd, bound to a samba4 domain. The sssd
configuration uses GSSAPI to bind to the directory. In both scenarios
below, kerberos is fine, DNS is fine, I can use ldapsearch and bind to the
directory with GSSAPI just fine, etc.
If I have just one DC, everything works perfectly well for weeks on end.
If I have two or more DC's, everything works fine when the machine is
first bound to the domain. Sssd caches the login info, but eventually this
times out and another call to Samba has to be made to refresh the cache.
The SASL bind to the directory fails with:
(Wed Aug 29 11:40:56 2012) [sssd[be[SAMBA4]]] [sasl_bind_send] (0x0020):
ldap_sasl_bind failed (49)[Invalid credentials]
Some time later, it starts working again, presumably because the first DC
popped up in the name resolution order once again. The client
configuration is unchanged from the first (working) scenario.
As I said, everything works perfectly with one DC, and fails consistently
with two or more. I have verified that the machine's unicodePwd is the
same in each database.
This is a serious showstopper. Any clues?
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
