Thanks Ben - A VOB server is an IBM Clearcase Versioned Object Base. The samba config is set to "server" and the password server is the local DC. This has been working for the past 4 years or so (and is unlikely to change either)
Approx the same time when this issue occurred we had a DC fail in another site - The dc was physically removed and I ran the metadata cleanup and promoted a new DC in that site. I can't see any AD problems in either site and may not be related. I'm having problems actually finding the source of this issue? Is this actually a DC issue or a samba issue? As our UNIX guys have passed this over to me to investigate as they believe this is a Windows\AD problem. >From an AD or DC point of view how can investigate this further? One of the main issues here is actually replicating the issue which seems impossible. As I've setup a port mirror and wire sharked the port and unable to get any useful information as I was unable to replicate the problem :( as the issue is very sporadic. Any thoughts? -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: 03 June 2010 17:01 To: NT System Admin Issues Subject: Re: DC authentication issue with Samba On Thu, Jun 3, 2010 at 9:16 AM, Fergal O'Connell <[email protected]> wrote: > Basically, automated builders connect to the samba share (on a VOB server) ... What's a "VOB server"? > the samba share connects to the AD password server to authenticate. How is authentication configured on the Samba box? That is, what is the "security" parameter set to in smb.conf? "server" (SMB peer-to-peer), "domain" (NT v4 domain), or "ads" (Active Directory domain)? If you've got an AD domain (and you do), "ads" is prolly the best option, as it makes the Samba box a "real" domain member. Authentication will be both more efficient and more secure. > cli_session_setup: NT1 session setup failed: NT_STATUS_REQUEST_NOT_ACCEPTED The NT_STATUS_REQUEST_NOT_ACCEPTED part is key. That's the error status that Windows is giving back to the Samba box. A Google for it (without even "Samba") seems to suggest it's a common problem. I'd start there. http://www.google.com/search?q=NT_STATUS_REQUEST_NOT_ACCEPTED -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
