Robert M. Martel - CSU
2012-Oct-22 15:29 UTC
[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Greetings, I have an elderly installation of Samba 3.5.8 running on 10 Sparc servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as Active Directory member servers. Since we've laid-off everyone else around here I have not had the opportunity to update the Samba installation - and have not needed to as it has been very solid. Suddenly last Friday the Samba servers started having authentication problems for the active directory users. Users were unable to map drives, looking at files on the server I was seeing UID numbers rather that the user's login ID for the files. Stopping and restarting Samba did not help. I took the machines out of Active Directory, and then re-added them - which they did without a problem. After restarting Samba all was well, for awhile. This morning some folks that had left themselves looked in over the weekend were okay, but others could not map their drives. interactive logins for AD users did not work. I again left and rejoined the AD domain and all was well for a bit, then I had to repeat the cycle. I do not maintain or have access to the Active Directory servers or configuration. The central IT people claim that they have not made any changes to the AD servers...but they don't always tell me the whole truth. I am building Samba 3.5.18 right now in the hope that it will make a difference. I've never had a problem like this since first "playing" with Samba and Active directory more than 5 years ago - and certainly no issue like this since putting it into production. -- *********************************************************************** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.martel at csuohio.edu ***********************************************************************
Robert M. Martel - CSU
2012-Oct-22 15:48 UTC
[Samba] Old, reliable samba 3.5 and Active directory suddenly not reliable
Greetings, something to add. Had one of the Solaris 9 machines just stop working. I stopped samba and restarted it, found the following in smblog.smbd [2012/10/22 11:37:00.299787, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials I removed the machine from Active Directory and immediately re-added it - I did NOT run kinit to get new credentials. started Samba and the machine works fine...for now. On 10/22/2012 11:29 AM, Robert M. Martel - CSU wrote:> Greetings, > > I have an elderly installation of Samba 3.5.8 running on 10 Sparc > servers (and 3.5.12 on Solaris 9 servers with the same issue) set up as > Active Directory member servers. Since we've laid-off everyone else > around here I have not had the opportunity to update the Samba > installation - and have not needed to as it has been very solid. > > Suddenly last Friday the Samba servers started having authentication > problems for the active directory users. Users were unable to map > drives, looking at files on the server I was seeing UID numbers rather > that the user's login ID for the files. Stopping and restarting Samba > did not help. > > I took the machines out of Active Directory, and then re-added them - > which they did without a problem. After restarting Samba all was well, > for awhile. > > This morning some folks that had left themselves looked in over the > weekend were okay, but others could not map their drives. interactive > logins for AD users did not work. I again left and rejoined the AD > domain and all was well for a bit, then I had to repeat the cycle. > > I do not maintain or have access to the Active Directory servers or > configuration. The central IT people claim that they have not made any > changes to the AD servers...but they don't always tell me the whole truth. > > I am building Samba 3.5.18 right now in the hope that it will make a > difference. > > I've never had a problem like this since first "playing" with Samba and > Active directory more than 5 years ago - and certainly no issue like > this since putting it into production.-- *********************************************************************** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.martel at csuohio.edu ***********************************************************************