[Samba] Error with winbind following Windows updates
Hi. We've just installed Windows updates on our Windows 2003 Domain Controllers, and have the following issues on our storage server, which is running Debian stable 2:3.5.6~dfsg-3squeeze5 Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286853, 0] lib/util_sock.c:680(write_data) Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286915, 0] lib/util_sock.c:1441(get_peer_addr_internal) Jan 17 10:27:51 xxx smbd[2426]: getpeername failed. Error was Transport endpoint is not connected Jan 17 10:27:51 xxx smbd[2426]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer We consequently cannot authenticate from the Domain Controllers. We have the following settings in the header of our smb file: security = ads workgroup = XXXredactedXXX realm = XXXredactedXXX.LOCAL password server = XXX-dc1.haluk.local, XXX-dc2.haluk.local encrypt passwords = yes update encrypted = yes server string = XXXstorage netbios name = XXXstorage idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind offline logon = yes enhanced browsing = no template shell = /bin/false veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/, /*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/, /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/ delete veto files = yes create mask = 0775 directory mask = 2775 invalid users = root panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m socket options = TCP_NODELAY printing = cups inherit acls = yes inherit permissions = yes map acl inherit = yes nt acl support = yes ea support = yes smb ports = 139 445 Assistance gratefully received. -- Rory Campbell-Lange r...@campbell-lange.net Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with winbind following Windows updates
The issue appears to be in relation to Windows security update MS11-095 http://support.microsoft.com/kb/2621146 which has affected Active Directory. More information about the update is available here: http://www.microsoft.com/download/en/details.aspx?displaylang=enid=28500 On 17/01/12, Rory Campbell-Lange (r...@campbell-lange.net) wrote: Hi. We've just installed Windows updates on our Windows 2003 Domain Controllers, and have the following issues on our storage server, which is running Debian stable 2:3.5.6~dfsg-3squeeze5 Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286853, 0] lib/util_sock.c:680(write_data) Jan 17 10:27:51 xxx smbd[2426]: [2012/01/17 10:27:51.286915, 0] lib/util_sock.c:1441(get_peer_addr_internal) Jan 17 10:27:51 xxx smbd[2426]: getpeername failed. Error was Transport endpoint is not connected Jan 17 10:27:51 xxx smbd[2426]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer We consequently cannot authenticate from the Domain Controllers. We have the following settings in the header of our smb file: security = ads workgroup = XXXredactedXXX realm = XXXredactedXXX.LOCAL password server = XXX-dc1.haluk.local, XXX-dc2.haluk.local encrypt passwords = yes update encrypted = yes server string = XXXstorage netbios name = XXXstorage idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind offline logon = yes enhanced browsing = no template shell = /bin/false veto files = /TheVolumeSettingsFolder/, /Temporary Items/, /*DS_Store*/, /*AppleDB/, /*AppleDesktop/, /*AppleDouble/, /Network Trash Folder/, /*Trashes/, /*TemporaryItems/, /*FBCLockFolder/, /*FBCIndex/ delete veto files = yes create mask = 0775 directory mask = 2775 invalid users = root panic action = /usr/share/samba/panic-action %d log file = /var/log/samba/log.%m socket options = TCP_NODELAY printing = cups inherit acls = yes inherit permissions = yes map acl inherit = yes nt acl support = yes ea support = yes smb ports = 139 445 Assistance gratefully received. -- Rory Campbell-Lange r...@campbell-lange.net Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Rory Campbell-Lange r...@campbell-lange.net Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rejecting auth request from client xxx machine account, win7,
I wonder if this is following Windows Active Directory update KB2621146. See http://support.microsoft.com/kb/2621146 and http://technet.microsoft.com/en-us/security/Bulletin/MS11-095 On 17/01/12, ESGLinux (esggru...@gmail.com) wrote: Hi All, I have a strange problem with my SAMBA server as PDC. I have some win7 machines joined to my domain but when I try to access some folders on the server I get messages like these: Authentication for user [machine$] - [machine$] FAILED with error NT_STATUS_WRONG_PASSWORD [2012/01/17 11:34:52, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(555) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client machine machine account machine$ I have added the machine to the LDAP, I have only the problem with the win7 machines. I think the problem has begun some days ago. Before It works fine (win7 update perhaps?) I have checked this url: http://wiki.samba.org/index.php/Windows7 But it does not solve the problem. I have samba-3.3.7-1 installed. I have not idea which can be the problem, any help from there? Thanks in advance ESG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Rory Campbell-Lange r...@campbell-lange.net Campbell-Lange Workshop www.campbell-lange.net 0207 6311 555 3 Tottenham Street London W1T 2AF Registered in England No. 04551928 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba