On Wed, 2013-06-05 at 23:49 -0500, Kristofer Pettijohn
wrote:> I updated all 14 of our Domain Controllers to 4.0.6, and now I am having
random authentication issues.
What version did you upgrade from?
> Our radius server uses ntlm_auth to authenticate users. Every morning
> at 3AM since the update, ntlm_auth fails to authenticate. If I
> restart Samba 4 on the domain controller that the radius server
> connects to, then authentication works again.
>
> In addition, I am running Samba 3.5.10-125.el6 with winbind on all of
> our file servers. Users randomly become unable to authenticate and
> connect to file shares. If I restart Samba 4 on the domain controller
> closest to the file server, they are able to authenticate again.
> Simply restarting winbind doesn't resolve it. I need to restart the
> samba daemons on the domain controller.
>
> What might be causing this?
I would need logs and network traces to investigate this further.
Could it be a kerberos ticket expiring?
Does it still happen if you upgrade a test member server to 3.6 or 4.0
(so we can narrow down the issue)?
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org