Hi all. Im having a bit of a problem. I have about 20 Samba servers all over the country on 256/512 WAN links. We just upgraded our primary NT4 domain to mixed-mode Active Directory on Windows 2003. In addition to that we have a native-mode Active Directory domain on Windows 2003. We were planning on merging a couple of NT4 domains into 1 native mode Active Directory domain, but plans have changed, and we just went with the upgrade. When I try to join the Samba servers to the new upgraded AD mixed mode domain (net ads join -U Administrator), machines on the WAN fail with the error: ads_connect: ASN.1 encoding ended unexpectedly One machine failed with the error: Broken pipe. I've only tested 3 machines so far, but I'm convinced it will happen everywhere, they are identical boxes, imaged with mkcdrec. The thing is that these machines still join the old native-mode Active Directory no problem. The other thing is that in the datacenter, all is well, and I can join the new mixed-mode domain. I'm running Redhat 9, kernel 2.4.25 with the ext3 acl patch Samba 3.0.14 compiled from source --with-ads --with-acl-support --with-smbmount --with-smbclient Here are the kerberos rpm's installed, we use yum and the fedora-legacy project for updates. krb5-workstation-1.2.7-38.3.legacy krb5-libs-1.2.7-38.3.legacy pam_krb5-1.60-1 krb5-devel-1.2.7-38.3.legacy The new mixed-mode domain was an NT4 box upgraded to Windows 2003, but the Domain has since been migrated to a virgin Windows 2003 server with SP1. The old native mode domain was Windows 2003 SP1 from the get go. I have not been able to find anyone having this problem in this lists archvies or googling it, so I thought I would post to this list. I have a workaround, just join the machines to the old native-mode domain, but that is going to go away soon, hopefully. Any ideas? Charlie
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cron, Charles wrote:> When I try to join the Samba servers to the new upgraded AD mixed mode > domain (net ads join -U Administrator), > machines on the WAN fail with the error: > > ads_connect: ASN.1 encoding ended unexpectedlyThat error message looks to be from the krb5 libs and not internal to Samba.> I'm running Redhat 9, kernel 2.4.25 with the ext3 acl patch > Samba 3.0.14 compiled from source --with-ads --with-acl-support > --with-smbmount --with-smbclient > > Here are the kerberos rpm's installed, we use yum and the fedora-legacy > project for updates. > > krb5-workstation-1.2.7-38.3.legacy > krb5-libs-1.2.7-38.3.legacy > pam_krb5-1.60-1 > krb5-devel-1.2.7-38.3.legacyI'd get newer krb5 libs to begin with. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org Centeris ----------- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDzmOOIR7qMdg1EfYRAgVXAJ9ltZTCI0cpATqPMJTvpCgZ6lHVkwCgp7Yg iY3by30W/XW97usgMZjnEB4=/rCr -----END PGP SIGNATURE-----
I realize that, its just that all is ok in the datacenter, all is ok with the old domain, and so many other packages depend on the installed version of krb5, dont know how I would manage the upgrade without replacing all the servers in the field. Thanks though! Charlie -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Wednesday, January 18, 2006 10:50 AM To: Cron, Charles Cc: 'samba@lists.samba.org' Subject: Re: [Samba] ASN.1 encoding ended? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cron, Charles wrote:> When I try to join the Samba servers to the new upgraded AD mixed mode > domain (net ads join -U Administrator), > machines on the WAN fail with the error: > > ads_connect: ASN.1 encoding ended unexpectedlyThat error message looks to be from the krb5 libs and not internal to Samba.> I'm running Redhat 9, kernel 2.4.25 with the ext3 acl patch > Samba 3.0.14 compiled from source --with-ads --with-acl-support > --with-smbmount --with-smbclient > > Here are the kerberos rpm's installed, we use yum and the fedora-legacy > project for updates. > > krb5-workstation-1.2.7-38.3.legacy > krb5-libs-1.2.7-38.3.legacy > pam_krb5-1.60-1 > krb5-devel-1.2.7-38.3.legacyI'd get newer krb5 libs to begin with. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org Centeris ----------- http://www.centeris.com "There's an anonymous coward in all of us." --anonymous -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDzmOOIR7qMdg1EfYRAgVXAJ9ltZTCI0cpATqPMJTvpCgZ6lHVkwCgp7Yg iY3by30W/XW97usgMZjnEB4=/rCr -----END PGP SIGNATURE-----
The difference is the working machines are in the datacenter, the non-working machines are on 256k or 512k fractional T1's at remote sites. Other than that, the machines are identical. I'll give the Fedora SRPM a go. Charles Cron -----Original Message----- From: Gerald (Jerry) Carter [mailto:jerry@samba.org] Sent: Wednesday, January 18, 2006 11:35 AM To: Cron, Charles Cc: 'samba@lists.samba.org' Subject: Re: [Samba] ASN.1 encoding ended? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cron, Charles wrote:> I realize that, its just that all is ok in the datacenter, > all is ok with the old domain, and so many other packages > depend on the installed version of krb5, dont know how I would > manage the upgrade without replacing all the servers in > the field.You can rebuild a newer krb5 rpm for RedHat 9. Grab the Fedora SRPM and rebuild. I've done this before. But back to the original issue, what is the difference between the datacenter machines that work and those ones that fail? DNS domain perhaps? Sorry, I don't remember all the details from the original post. cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDzm5BIR7qMdg1EfYRAtMfAJ47aNKVuOU1SR2N1p3TX9ZlMkXd3ACgrkKP xT0K0iCaENcWzQiT845rZDc=UArD -----END PGP SIGNATURE-----