Hi All,
We're going to upgrade our DCs to Windows 2008 R2 native mode soon, so we're
facing with the challenge that how to get our samba servers (Solaris 8 &
Solaris 10) work with Windows 2008 R2 native mode. I've compiled Samba 3.5.9
with AD support. Then I installed and configured the binaries on my 3 test
machines (one Solaris 8 and two Solaris 10). The strange problem is one of my
test machines (Solaris 10) working perfectly, no problem at all, but the other
two machines, one Solaris 8 and another Solaris 10, are having the
intermittence problem, sometime I'm able to connect to the share directories
from windows machines, and sometime I have " The trust relationship between
this workstation and the primary domain failed" error and the errors in the
samba log as below
"[2011/07/13 14:40:20.560609, 0]
auth/auth_domain.c:188(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session
to machine SCAR.PC.COG
NEX.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2011/07/13 14:40:20.564083, 0]
rpc_client/cli_pipe.c:4163(cli_rpc_pipe_open_schannel)
cli_rpc_pipe_open_schannel: failed to get schannel session key from server
SCAR.PC.COGNEX.COM for
domain NATICK-NT.
[2011/07/13 14:40:20.564230, 0]
auth/auth_domain.c:188(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client session
to machine SCAR.PC.COG
NEX.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2011/07/13 14:40:20.564726, 0] auth/auth_domain.c:289(domain_client_validate)
domain_client_validate: Domain password server not available.
[2011/07/13 14:40:31.544390, 0] lib/util_sock.c:474(read_fd_with_timeout)
[2011/07/13 14:40:31.544582, 0] lib/util_sock.c:1441(get_peer_addr_internal)
getpeername failed. Error was Transport endpoint is not connected
read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer."
I could not figure out why it causes the intermittence problem on my two test
machines. They are very much configured the same. I've also spent days on
Google but still have not find any good solution.
Any idea what can cause the problem?
Thanks a lot,
Anh
By the way, here are my smb.conf and krb5.conf
# Global parameters
[global]
workgroup = NATICK-NT
realm = PC.COGNEX.COM
preferred master = no
netbios name = TALON
server string = Samba %v - %h
security = ADS
encrypt passwords = yes
password server = scar
domain master = No
local master = No
domain logons = No
inherit acls = Yes
debug level = 0
log file = /var/log/smb.log
idmap uid = 9000-20000
idmap gid = 600-1000
deadtime = 15
load printers = No
disable spoolss = Yes
printcap name = /dev/null
And
#
[libdefaults]
default_realm = PC.COGNEX.COM
clockskew = 300
[realms]
PC.COGNEX.COM = {
kdc = scar.pc.cognex.com
kdc = sherekhan.pc.cognex.com
admin_server = scar.pc.cognex.com
default_domain = pc.cognex.com
}
[domain_realm]
.kerberos.server = PC.COGNEX.COM
pc.cognex.com = PC.COGNEX.COM
.pc.cognex.com = PC.COGNEX.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/log/kdc.log
kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageVi
ew/1195
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
