Hello Rowland Talking to users at that time discovered the following: They remove the machine network cable, put the User and Password them the domain, after the windows open the desktop they connect the network cable back in the machine and get to work. If you do this procedure is giving User and wrong password! On the issue of time the 2 DC's station using ntp. I stopped the samba server squid and the same password problem continues. Regards, Gabriel Franca> Em 13/08/2015, à(s) 09:36, Rowland Penny <rowlandpenny241155 at gmail.com> escreveu: > > On 13/08/15 13:12, Gabriel Franca wrote: >> Good morning Rowland. >> >> Today there are 2 servers with Samba 4.1.19 >> >> 1) Samba 4.1.19 compiled used for the control domain (AD) >> 2) using Samba 4.1.19 Sernet package I used the command "samba-tool domain join" to use the Squid authenticating via NTLM. >> >> Before I was as follows: >> >> 1) Samba 4.0.4 compiled AD >> 2) using Samba 4.1.19 Sernet package I used the command "samba-tool domain join" to use the Squid authenticating via NTLM. >> >> Then updated the Samba 4.0.4 to 4.1.19 AD since had several machines that were not logging into the network after upgrading started having the problems mentioned. >> >> Regards, >> >> Gabriel Franca >> >> >> >>> Em 13/08/2015, à(s) 08:59, Rowland Penny <rowlandpenny241155 at gmail.com> escreveu: >>> >>> On 13/08/15 12:46, Gabriel Franca wrote: >>>> Good morning friends, >>>> >>>> I have the following structure: >>>> >>>> Centos 6.6 >>>> >>>> 1) AD samba using .tgz package >>>> >>>> 2) using the proxy Sernet packages which use command: samba-tool domain join XXX.corp DC -U Administrator --realm = XXX.corp and set the squid via NTLM. >>>> >>>> Issues: >>>> >>>> 1) after the update I get the following messages in / var / log / messages: >>>> >>>> Aug 13 04:08:56 kernel samba: Out of memory: Kill process 8571 (samba) score 631 or child sacrifice >>>> Aug 13 04:08:56 kernel samba: Killed process 8571, UID 0 (samba) full-vm: 5262936kB, anon-rss: 2741036kB, file-rss: 2348kB >>>> Aug 13 04:08:56 samba samba [8575]: [13/08/2015 04: 08: 56.634639, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) >>>> Aug 13 04:08:56 samba samba [8575]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT >>>> Aug 13 04:08:56 samba samba [8575]: [13/08/2015 04: 08: 56.933596, 0] ../source4/dsdb/dns/dns_update.c:323(dnsupdate_spnupdate_done) >>>> Aug 13 04:08:56 samba samba [8575]: ../source4/dsdb/dns/dns_update.c:323: Failed SPN update - NT_STATUS_IO_TIMEOUT >>>> >>>> 2) the stations have the following problems: >>>> >>>> 2.1) many machines when they log say the time is wrong, then you have to restart the windows to get login. >>>> >>>> 2.2) I believe after upgrading samba that is in the proxy lost the connection to the main and because of that there are many times when we changed the password on the AD and the user is unable to login with the new password forcing a shift in the samba that is in Proxy machine. >>>> >>>> I believe that if I remove the samba-BD problems will be solved. >>>> >>>> how can reverse the process? remove sambaBD of my structure. >>>> >>>> Regards, >>>> >>>> Gabriel Franca >>> No, sorry but I don't really understand what you are trying to say. It sounds like you have 2 DCs and one of them is on a squid proxy, if so I don't think this is going to work. I also do not know what a 'sambaBD' or 'samba-BD' is. >>> >>> Can you please be a bit plainer, how many DCs, how are they connected etc. >>> >>> Rowland >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba > > Ah, I think I understand this now, forget squid, it is just something running on one of the DCs. > You updated one of the DCs from 4.0.4 to 4.1.19 and suddenly it all went pear shaped, there must have been a change between the two versions, you could try looking here: > > https://www.samba.org/samba/history/ > > to see if you can spot the change. > > You also mention time problems, do both of your DCs run ntp and are your clients set to use your DCs for time updates? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 13/08/15 13:58, Gabriel Franca wrote:> Hello Rowland > > Talking to users at that time discovered the following: > > They remove the machine network cable, put the User and Password them the domain, after the windows open the desktop they connect the network cable back in the machine and get to work. > > If you do this procedure is giving User and wrong password!I am not surprised, you need to sort this problem, did the domain work before the upgrade ?> > On the issue of time the 2 DC's station using ntp.Yes, but do the windows clients get their time from the DCs ? If the time is out of sync between the clients and the DCs, you can expect all sorts of problems. Rowland> > I stopped the samba server squid and the same password problem continues. > > Regards, > > Gabriel Franca > > >> Em 13/08/2015, à(s) 09:36, Rowland Penny <rowlandpenny241155 at gmail.com> escreveu: >> >> On 13/08/15 13:12, Gabriel Franca wrote: >>> Good morning Rowland. >>> >>> Today there are 2 servers with Samba 4.1.19 >>> >>> 1) Samba 4.1.19 compiled used for the control domain (AD) >>> 2) using Samba 4.1.19 Sernet package I used the command "samba-tool domain join" to use the Squid authenticating via NTLM. >>> >>> Before I was as follows: >>> >>> 1) Samba 4.0.4 compiled AD >>> 2) using Samba 4.1.19 Sernet package I used the command "samba-tool domain join" to use the Squid authenticating via NTLM. >>> >>> Then updated the Samba 4.0.4 to 4.1.19 AD since had several machines that were not logging into the network after upgrading started having the problems mentioned. >>> >>> Regards, >>> >>> Gabriel Franca >>> >>> >>> >>>> Em 13/08/2015, à(s) 08:59, Rowland Penny <rowlandpenny241155 at gmail.com> escreveu: >>>> >>>> On 13/08/15 12:46, Gabriel Franca wrote: >>>>> Good morning friends, >>>>> >>>>> I have the following structure: >>>>> >>>>> Centos 6.6 >>>>> >>>>> 1) AD samba using .tgz package >>>>> >>>>> 2) using the proxy Sernet packages which use command: samba-tool domain join XXX.corp DC -U Administrator --realm = XXX.corp and set the squid via NTLM. >>>>> >>>>> Issues: >>>>> >>>>> 1) after the update I get the following messages in / var / log / messages: >>>>> >>>>> Aug 13 04:08:56 kernel samba: Out of memory: Kill process 8571 (samba) score 631 or child sacrifice >>>>> Aug 13 04:08:56 kernel samba: Killed process 8571, UID 0 (samba) full-vm: 5262936kB, anon-rss: 2741036kB, file-rss: 2348kB >>>>> Aug 13 04:08:56 samba samba [8575]: [13/08/2015 04: 08: 56.634639, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) >>>>> Aug 13 04:08:56 samba samba [8575]: ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT >>>>> Aug 13 04:08:56 samba samba [8575]: [13/08/2015 04: 08: 56.933596, 0] ../source4/dsdb/dns/dns_update.c:323(dnsupdate_spnupdate_done) >>>>> Aug 13 04:08:56 samba samba [8575]: ../source4/dsdb/dns/dns_update.c:323: Failed SPN update - NT_STATUS_IO_TIMEOUT >>>>> >>>>> 2) the stations have the following problems: >>>>> >>>>> 2.1) many machines when they log say the time is wrong, then you have to restart the windows to get login. >>>>> >>>>> 2.2) I believe after upgrading samba that is in the proxy lost the connection to the main and because of that there are many times when we changed the password on the AD and the user is unable to login with the new password forcing a shift in the samba that is in Proxy machine. >>>>> >>>>> I believe that if I remove the samba-BD problems will be solved. >>>>> >>>>> how can reverse the process? remove sambaBD of my structure. >>>>> >>>>> Regards, >>>>> >>>>> Gabriel Franca >>>> No, sorry but I don't really understand what you are trying to say. It sounds like you have 2 DCs and one of them is on a squid proxy, if so I don't think this is going to work. I also do not know what a 'sambaBD' or 'samba-BD' is. >>>> >>>> Can you please be a bit plainer, how many DCs, how are they connected etc. >>>> >>>> Rowland >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >> Ah, I think I understand this now, forget squid, it is just something running on one of the DCs. >> You updated one of the DCs from 4.0.4 to 4.1.19 and suddenly it all went pear shaped, there must have been a change between the two versions, you could try looking here: >> >> https://www.samba.org/samba/history/ >> >> to see if you can spot the change. >> >> You also mention time problems, do both of your DCs run ntp and are your clients set to use your DCs for time updates? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba
Rowland, The domain functioned normally before upgrading. the servers are enabled with NTP and the machines should take their time. What do you think better to do in this situation? again make the entire structure from scratch? or can save the samba structure 4 att, Gabriel Franca> Em 13/08/2015, à(s) 10:20, Rowland Penny <rowlandpenny241155 at gmail.com> escreveu: > > I am not surprised, you need to sort this problem, did the domain work before the upgrade ?