Anyone???
On 05/02/2011 04:54 PM, Taylor, Jonn wrote: > I also found this in the logs on both servers. > > [2011/05/02 16:52:01.425379, 0] > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module ldap already registered! > [2011/05/02 16:52:01.496966, 0] > winbindd/idmap.c:201(smb_register_idmap_alloc) > idmap_alloc module tdb already registered! > [2011/05/02 16:52:01.569375, 0] winbindd/idmap.c:149(smb_register_idmap) > Idmap module passdb already registered! > [2011/05/02 16:52:01.641802, 0] winbindd/idmap.c:149(smb_register_idmap) > Idmap module nss already registered! > [2011/05/02 16:52:01.708285, 0] winbindd/idmap.c:149(smb_register_idmap) > Idmap module rid already registered! > [2011/05/02 16:52:01.774795, 0] lib/module.c:69(do_smb_load_module) > Module '/usr/lib64/samba/idmap/rid.so' initialization failed: > NT_STATUS_OBJECT_NAME_COLLISION > [2011/05/02 16:52:01.836023, 1] winbindd/idmap.c:580(idmap_alloc_init) > could not find idmap alloc module rid:TAYLORTELEPHONE=500-4000000 > > Jonn > > On 05/02/2011 12:14 PM, Taylor, Jonn wrote: >> I have 2 CentOS 5.6 x86_64 servers configured with with samba 3.5.4, >> CTDB, GFS and DRDB in an avtive,active cluster. After some time winbind >> looses the ticket. After this I have to do a net ads join on the server >> to get things going. The main DC is a windows 2003 server with SP2. I do >> have 2 more samba 4 DC's that I use for backup authentication only that >> run on debian 6 that are a VM. Not sure if they could be causing a >> problem or not. >> >> This is what I am seeing in the logs. >> >> winbindd/winbindd_util.c:289(trustdom_recv) Could not receive trustdoms : >> 240 Time(s) >> >> And >> >> [root@pdc ~]# wbinfo -t >> checking the trust secret for domain TAYLORTELEPHONE via RPC calls failed >> Could not check secret >> [root@pdc ~]# wbinfo -a someuser%password >> plaintext password authentication failed >> Could not authenticate user someuser%password with plaintext password >> challenge/response password authentication failed >> error code was NT_STATUS_ACCESS_DENIED (0xc0000022) >> error messsage was: Access denied >> Could not authenticate user someuser with challenge/response >> >> [root@pdc ~]# klist -e >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: [email protected] >> >> Valid starting Expires Service principal >> 04/28/11 09:23:18 04/28/11 09:23:22 >> krbtgt/[email protected] >> renew until 04/28/11 09:23:22, Etype (skey, tkt): ArcFour with >> HMAC/md5, ArcFour with HMAC/md5 >> >> >> Kerberos 4 ticket cache: /tmp/tkt0 >> klist: You have no tickets cached >> >> >> And then if I do >> >> [root@pdc ~]# net ads join -Uadministrator%password >> Using short domain name -- TAYLORTELEPHONE >> Joined 'PDC' to realm 'taylortelephone.com' >> DNS update failed! >> [root@pdc ~]# wbinfo -a someuser%password >> plaintext password authentication succeeded >> challenge/response password authentication succeeded >> >> everything works again for awhile. >> >> samba3x-common-3.5.4-0.70.el5_6.1 >> samba3x-winbind-3.5.4-0.70.el5_6.1 >> samba3x-client-3.5.4-0.70.el5_6.1 >> samba3x-3.5.4-0.70.el5_6.1 >> >> >> [global] >> workgroup = TAYLORTELEPHONE >> realm = TAYLORTELEPHONE.COM >> server string = Cluster Share %L >> interfaces = eth0, lo >> security = ADS >> password server = 192.168.173.10 >> log file = /var/log/samba/samba3.log >> clustering = Yes >> wins server = 192.168.173.10 >> idmap backend = idmap_rid:TAYLORTELEPHONE=500-4000000 >> idmap uid = 500-4000000 >> idmap gid = 500-4000000 >> template homedir = /home/%U >> template shell = /bin/bash >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind refresh tickets = Yes >> winbind offline logon = Yes >> >> [apps] >> comment = Application Data >> path = /data/programs >> force user = root >> force group = Domain Admins >> read only = No >> inherit acls = Yes >> vfs objects = recycle >> recycle: config-files = /etc/samba/samba-recycle.conf >> >> [share] >> comment = Share Data >> path = /clusterdata/share >> force user = root >> force group = Domain Admins >> read only = No >> inherit acls = Yes >> vfs objects = recycle >> recycle: config-files = /etc/samba/samba-recycle.conf >> >> [home] >> comment = Home Directories >> path = /clusterdata/home >> read only = No >> >> [printers] >> comment = SMB Print Spool >> path = /var/spool/samba >> guest ok = Yes >> printable = Yes >> browseable = No >> >> [netlogon] >> comment = Network Logon Service >> path = /clusterdata/netlogon >> guest ok = Yes >> locking = No >> >> [profiles] >> comment = Profile Share >> path = /clusterdata/profiles >> read only = No >> inherit owner = Yes >> profile acls = Yes >> hide files = /desktop.ini/outlook*.lnk/*Briefcase*/ >> store dos attributes = Yes >> >> [print$] >> comment = Printer Drivers >> path = /var/lib/samba/drivers >> read only = No >> [root@pdc ~]# cat /etc/krb5.conf >> [libdefaults] >> default_realm = TAYLORTELEPHONE.COM >> dns_lookup_realm = false >> dns_lookup_kdc = false >> ticket_lifetime = 24h >> forwardable = yes >> >> [realms] >> TAYLORTELEPHONE.COM = { >> kdc = qbserver.taylortelephone.com:88 >> admin_server = qbserver.taylortelephone.com:749 >> default_domain = taylortelephone.com >> } >> >> [domain_realm] >> .taylortelephone.com = TAYLORTELEPHONE.COM >> taylortelephone.com = TAYLORTELEPHONE.COM >> >> [appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> } >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
