Thorsten Marquardt
2023-Jan-19 11:13 UTC
[Samba] Problem with windows shares after stopping down one dc
As I stated in a different thread (problems with sysvol after fsmo transfer), I have two DC's in serving my domain. The first (srv-kb-primdc) is a self compiled Samba 4.7.4 on openSUSE leap 42.3 with Heimdal kerberos. The second one (srv-kb-dc1) is Samba 4.7.11 on Leap 15.0 installed from packages with MIT kerberos. I transfered the fsmo roles from srv-kb-primdc to srv-kb-dc1 and you helped me to fix a minor problem with the gpo access from the Group Policy Management Console. After some days without monitoring further trouble I stopped samba on srv-kb-primdc to check my environment. After some houres some of my colleagues (windows) reported that they were not able to access shares on other windows pc ( windows 10 and windows 2016 server ). So I started samba on srv-kb-primdc again but that didn't solve the trouble. Allthough rebooting? or rejoining the PC's didn't help. Finally I transferred fsmo back to srv-kb-primdc, stopped samba on srv-kb-dc1 an the problems vanished very soon. The time I had the trouble I started klist on the PCs having problems and on PCs working well. I saw that all the problem free PCs reported: KDC called: srv-kb-primdc.my.local.dom for all current tickets whereas the others stated KDC called: srv-kb-dc1.my.local.dom for at least one current ticket. I presume that mixing the tickets from two KDCs was causing the failures -? am I right? Is this the normal behavior what would have been settled if I had restarted the PCs to obtain new tickets or is this a consequence of using Heimdal an MIT in the same environment? Thorsten