Our company has many linux boxes, joined to our corporate domain controllers. Our users authenticate, via command line or via kdm against the windows domain controller.
A few months ago, we discovered that new linux machines could not join the domain, but existing boxes had no problems. We performed an extensive study of the domain controller configuration as well as the configuration of the linux boxes. The problem seemed to be on one particular lan segment or another, but we could not track down the problem. In our Montreal Office, we had a machine that would join the domain, but would not authenticate users. An identical machine was working perfectly in our Ottawa office, authenticating off of a domain controller that was part of the same domain as the one in Montreal. Cooincidentally, one of our techs in Montreal, complained about a couple of windows XP boxes having some problem with the domain controller. He discovered one of the windows 2003 boxes (not a domain controller) had a time that was over 12 minutes different from the time server. He fixed the faulty time by telling it to get it's time from the corporate time server. Now, two minutes before he made this change, the montreal linux box would not authenticate. Two minutes after he made his change, the linux box started authenticating. We did not know he was going to make the change, and in the intervening time we had made no changes to our domain controllers, nor to the linux box. To confirm the faulty clock on the 2003 box was at fault, we set it's clock back to the wrong time, and our problem with authentication reappeared. We then separated the linux boxes that would not join/authenticate off of our domain controllers, and put them onto a separate lan segment. They could now join the domain and authenticate users from the domain. We are now tracking down any faulty windows boxes on our main lan segment to find what machine(s) are causing the faults. Now to clarify, the machine that has been shown to interfere with the samba machines joining or authenticating had absolutely no direct contact to the linux boxes. It was able to authenticate from the domain controller, but it was never used to connect to or from the linux boxes. The only issue was that it was on the same lan segment as the linux box to play havoc with the ability of samba to talk to the domain controller. This does not seem logical, it does not seem real, but the results have proven themselves to be true. So, I am willing to work with the developers of Samba to track down this bug to discover what the exact problem is. I am willing to even pay an active, samba dev member to work with us on this issue to ensure the problem goes away. I am at a loss as to how to enter this problem into bugzilla as the problem seems to stem from outside machines causing problems on the network and not with the configuration of the domain controller or the samba box. If anyone has any suggestions as to how I can ensure the dev team gets the information they need, please contact me. I am sure I am not the only end user who has been bitten by this sort of strange bug. best regards Dalton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba