Greg Folkert
2004-Jun-03 16:01 UTC
[Samba] Authentication and Joining failing after a time.
I have a Samba Domain that did migration from: 3.0.0 -> 3.0.2 -> 3.0.2a ->3.0.4 It is a very healthy machine it is running on. A heavily updated RedHat 7.2 machine. I have rebuilt newer source SRPM to update it. Pretty much updated piece meal since forever, and probably is updated e"enough". It is lean, as I do not believe in Garbage installs. But, the point of this is: About a week after installing the 3.0.4-1_rh73, this domain has to be restarted ever ~4-6 hours to fix Authentication issues. When first restarted (not kill -1, but ->stop ->start) I can have my Win9X Clients authenticate just fine. I can also Join and manage things just fine. But after a certain point this Domain will not authenticate my Win9X, or Win2KP or WinXPP. Nor can I do any domain admin. If the machines are already authenticated and not restarted/rebooted or logged out, they do just fine. But, here is the sticking point. Which is why I am baffled. My W2KP and WXPP machine that are not part of the domain (the ones I am trying to join that is) Can map a share from the same server that is the PDC, without error. Can also print just fine using manual mapping (net use etc...), I do not have ADS on site in use, am using WINS for resolution. I have currently back-revvd to 3.0.2a. I have also tried hand configured and compiled versions as well. Including build 977 from SVN. I have resorted to drastic measures, scheduling restarts in cron at slow/break/lunch times. This is an ugly solution. And causes havoc with a file-based DB we are using. This is the first time I have encountered this kind of an issue with Samba that was not (at least I hope) a configuration problem. What do I need to do and provide to get the proper information to anyone on the list so perhaps a resolution can be done? I am unsure of what and how things need to be done to "debug" this. Your help is most greatly appreciated in advance. -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040603/b352cce5/attachment.bin
Greg Folkert
2004-Jun-06 18:55 UTC
Follow-up: [Samba] Authentication and Joining failing after a time.
On Thu, 2004-06-03 at 12:00, Greg Folkert wrote:> I have a Samba Domain that did migration from: > > 3.0.0 -> 3.0.2 -> 3.0.2a ->3.0.4 > > It is a very healthy machine it is running on. A heavily updated RedHat > 7.2 machine. I have rebuilt newer source SRPM to update it. Pretty much > updated piece meal since forever, and probably is updated e"enough". It > is lean, as I do not believe in Garbage installs. > > But, the point of this is: About a week after installing the > 3.0.4-1_rh73, this domain has to be restarted ever ~4-6 hours to fix > Authentication issues. When first restarted (not kill -1, but ->stop > ->start) I can have my Win9X Clients authenticate just fine. I can also > Join and manage things just fine. But after a certain point this Domain > will not authenticate my Win9X, or Win2KP or WinXPP. Nor can I do any > domain admin. If the machines are already authenticated and not > restarted/rebooted or logged out, they do just fine.[...] Well, I removed SAMBA and deleted all the files related to it. Well kept a copy of the conf. Removed all machines accounts from the /etc/passswd. Installed SAMBA 3.0.4-1_rh73.i386.rpm did not start samba, but laid in the conf. Started up swat and went through everything piece by piece, even got the group add and user to group add/rem scripts running proper (sucks when adduser doesn't handle groups at all). Machine add script works, add share works, add printer works. Best of all Machines can join the domain and login proper. All my policies work, and profiles work as well. Every user had to "take ownership" of the profiles area of their own, once they were in with a temp roaming. I forgot to record the domain SID. OOPS. Did all my group mapping exercises... One VERY significant piece of info: The patch to Windows 2K and XP that required 3.0.4 to be released, you cannot rollback the patch. Doesn't work period. As I tried to use v3.0.2a rpm with all the clients rolled back. It could see the Domain, could see the server, but once I tried to login to the SAMBA domain it would just Disappear. Windows would complain that the network is no longer available. No a fresh install of W2K without the Authentication change would work... NO problem.> Your help is most greatly appreciated in advance.Guess, nobody cared to even comment on this one. I'll have to remember that. -- greg@gregfolkert.net REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040606/f04c7cfb/attachment.bin