samba - Apr 2005 - Samba, ADS and "Failed to verify incoming ticket!"

Hello

I have Samba that joined Windows 2003 based ADS. At least "net ads
testjoin" and "net rpc testjoin" gives that "Join is
OK". Alas clients
can't connect to Samba server. In a log I see following messages :

[2005/04/08 14:51:41, 0] tdb/tdbutil.c:(725)
  tdb(/web/opt/etc/smbprivate//secrets.tdb): tdb_lock failed on list 2
ltype=2 (Resource temporarily unavailable)
[2005/04/08 14:51:41, 1] libads/kerberos_verify.c:(312)
  ads_verify_ticket: unable to protect replay cache with mutex.
[2005/04/08 14:51:41, 1] smbd/sesssetup.c:(173)
  Failed to verify incoming ticket!
[2005/04/08 14:51:41, 3] smbd/error.c:(105)
  error string = Resource temporarily unavailable
[2005/04/08 14:51:41, 3] smbd/error.c:(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2005/04/08 14:51:41, 3] smbd/process.c:(1334)
  timeout_processing: End of file from client (client has disconnected).

Other "net ads" based commands are working fine. I can get "ads
status"
displayed without any suspicious entries, I can get users/groups lists.
But client (that is member of same domain) connections always end with
above shown entries in log file.

Any ideas what can be wrong ?

With best regards
Martynas

Hello

I think I found problem. When I put secrets.tdb and lock directory NOT
on NFS share it worked ! Isn't possible to put all SAMBA running files
on NFS share ? Any comments ? 


With best regards
Martynas 
 
-----Original Message-----
From: samba-bounces+martynas=ti.com@lists.samba.org
[mailto:samba-bounces+martynas=ti.com@lists.samba.org] On Behalf Of
Buozis, Martynas
Sent: Friday, April 08, 2005 3:06 PM
To: samba@lists.samba.org
Subject: [Samba] Samba, ADS and "Failed to verify incoming ticket!"

Hello

I have Samba that joined Windows 2003 based ADS. At least "net ads
testjoin" and "net rpc testjoin" gives that "Join is
OK". Alas clients
can't connect to Samba server. In a log I see following messages :

[2005/04/08 14:51:41, 0] tdb/tdbutil.c:(725)
  tdb(/web/opt/etc/smbprivate//secrets.tdb): tdb_lock failed on list 2
ltype=2 (Resource temporarily unavailable)
[2005/04/08 14:51:41, 1] libads/kerberos_verify.c:(312)
  ads_verify_ticket: unable to protect replay cache with mutex.
[2005/04/08 14:51:41, 1] smbd/sesssetup.c:(173)
  Failed to verify incoming ticket!
[2005/04/08 14:51:41, 3] smbd/error.c:(105)
  error string = Resource temporarily unavailable
[2005/04/08 14:51:41, 3] smbd/error.c:(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2005/04/08 14:51:41, 3] smbd/process.c:(1334)
  timeout_processing: End of file from client (client has disconnected).

Other "net ads" based commands are working fine. I can get "ads
status"
displayed without any suspicious entries, I can get users/groups lists.
But client (that is member of same domain) connections always end with
above shown entries in log file.

Any ideas what can be wrong ?

With best regards
Martynas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

For ability to failover from one machine to another in case of hardware
failures I put whole SAMBA installation on highly available NAS. Isn't
that possible ? I am not trying to run several servers, just have all
files on NAS to have ability actually run on any machine in cluster.

Martynas 
 
-----Original Message-----
From: Paul Gienger [mailto:pgienger@ae-solutions.com] 
Sent: Friday, April 08, 2005 4:19 PM
To: Buozis, Martynas
Subject: Re: [Samba] Samba, ADS and "Failed to verify incoming
ticket!"

>I think I found problem. When I put secrets.tdb and lock directory NOT 
>on NFS share it worked ! Isn't possible to put all SAMBA running files 
>on NFS share ? Any comments ?
>  
>
What would you hope to gain by doing this?  Please say you aren't trying
to run several servers with the same backend data files...

Tony

I clearly understand what is SAN and what is NAS. I have both here from
EMC. And  our NAS based on Cellera never had NFS outages because of
hardware failures. Also I use two Cisco switches with dual paths on SUN
box (using IP Multipathing) to protect against network failures. So
believe me - NAS in some cases is highly available storage. And, openly,
I see no difference from HA point of view  between NAS and SAN - it only
depends what you use and how you design infrastructure. 

But sorry - this is not advertisement. I simply would like to have
ability and run Samba from NFS, but it looks like this is not option and
at least something should be stored on local disks. Well, I think I can
live with this.


With best regards
Martynas 

 
-----Original Message-----
From: samba-bounces+martynas=ti.com@lists.samba.org
[mailto:samba-bounces+martynas=ti.com@lists.samba.org] On Behalf Of Tony
Earnshaw
Sent: Friday, April 08, 2005 5:52 PM
To: samba@lists.samba.org
Subject: RE: [Samba] Samba, ADS and "Failed to verify incoming
ticket!"

fre, 08.04.2005 kl. 16.23 skrev Buozis, Martynas:
> For ability to failover from one machine to another in case of 
> hardware failures I put whole SAMBA installation on highly available 
> NAS. Isn't that possible ? I am not trying to run several servers, 
> just have all files on NAS to have ability actually run on any machine
in cluster.

NAS is not SAN. NAS is *not*,necessarily, permanently available. SAN is.

If you want your files to be permanently available, whether through an
Act of God,  or whatever, you might consider SAN with accompanying
backup routines, collocations, etc. I hope that your pocket book is
suitably fat. Because this is going to *squeez* it.

--Tonni

--
Nothing sucksseeds like a pigeon without a beak ...

mail: tonye@billy.demon.nl
http://www.billy.demon.nl
 
They love us, don't they, They feed us, won't they ...