hi gurus My samba upgrade woes: -
I have to run 2 instances of samba one for dev and one for UAT. both the instances are giving me hard time after the upgrade. One instance keeps giving me following error: - connect_to_domain_password_server: unable to open the domain client session to machine xxxxx.xxxxx.xxxxx.xxxxxxx.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 16:19:36.993000, 0] auth/auth_domain.c:292(domain_client_validate) It returns this error for all the password servers. I deleted the server from ad and tried to rejoin the domain. it did join the domain but returned the error: - # /opt/local/samba/bin/net -s /opt/local/samba/lib/smb.conf.dev ads join -U admin Enter admin's password: Using short domain name -- XXXX Joined 'XXXX' to realm 'xxxx.xxxx.xxxx.com' DNS Update for xxxxx.xxxx.xx.xxxxxxx.com failed: ERROR_DNS_UPDATE_FAILED DNS update failed! since then it keeps giving me error: - [2012/09/04 21:43:10.299657, 0] smbd/server.c:1109(main) standard input is not a socket, assuming -D option [2012/09/04 21:43:10.606915, 0] libads/kerberos_util.c:101(ads_kinit_password) kerberos_kinit_password [email protected] failed: Preauthentication failed [2012/09/04 21:43:10.608476, 0] printing/nt_printing.c:102(nt_printing_init) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED moving on to other instance: - [2012/09/04 15:51:47.207600, 5] rpc_client/cli_pipe.c:738(rpc_api_pipe_send) rpc_api_pipe: host XXXXXX.XXXXX.XXXXX.XXXXXX.COM [2012/09/04 15:51:47.209191, 5] rpc_client/cli_pipe.c:97(rpc_read_send) rpc_read_send: data_to_read: 52 [2012/09/04 15:51:47.209422, 5] rpc_client/cli_pipe.c:1521(check_bind_response) check_bind_response: accepted! [2012/09/04 15:51:47.209687, 5] passdb/passdb.c:2365(get_trust_pw_clear) get_trust_pw_clear: could not fetch clear text trust account password for domain XXXXXX [2012/09/04 15:51:47.209844, 5] passdb/machine_account_secrets.c:267(secrets_fetch_trust_account_password_legacy) secrets_fetch failed! [2012/09/04 15:51:47.209998, 5] passdb/passdb.c:2403(get_trust_pw_hash) get_trust_pw_hash: could not fetch trust account password for domain XXXXXXX [2012/09/04 15:51:47.210109, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common) get_schannel_session_key: could not fetch trust account password for domain 'XXXXX' [2012/09/04 15:51:47.211665, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server XXXXXXX.XXXXXXXXX.XXXXXXX.XXXXXX.COM for domain XXXXXX. [2012/09/04 15:51:47.211845, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine XXXXXXXX.XXXXXXXX.XXXX.XXXXXXXX.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2012/09/04 15:51:47.213484, 0] auth/auth_domain.c:292(domain_client_validate) domain_client_validate: Domain password server not available. [2012/09/04 15:51:47.213654, 5] auth/auth.c:271(check_ntlm_password) check_ntlm_password: winbind authentication for user [XXXX] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2012/09/04 15:51:47.213779, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [XXXXX] -> [XXXXXX] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2012/09/04 15:51:47.213950, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_CANT_ACCESS_DOMAIN_INFO Here is the smbd.conf for 1st instance #======================= Global Settings ===================================== [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = XXXXX workgroup = XXXXX server string = XXXX Samba Server ver %v security = ADS log file = /opt/local/samba/dev/logs/log.%m max log size = 50 password server = xxxxxx.xxxx.xxxx.xxxxxxx.com, xxxx.xxxx.xxxx.xxxxxxx.com encrypt passwords = yes realm = XXXXXXX.XXXX.XXXXXXXXX.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba/dev/private private dir = /opt/local/samba/dev/private username map = /opt/local/samba/dev/users.map pid directory = /opt/local/samba/dev bind interfaces only = yes wins support = no domain master = no allow trusted domains = yes locking = yes lock directory = /opt/local/samba/var/dev/locks preserve case = yes short preserve case = yes name resolve order = host bcast load printers = no printcap name = /dev/null deadtime = 15 preferred master = no guest account = nobody guest ok = yes syslog = 0 interfaces = xxx.xxx.xxx.xxx socket address = xxx.xxx.xxx.xxx [share] comment = share path = /share read only = No create mask = 0774 browseable = yes preserve case = yes and smb.conf.uat for second instance [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = XXXXX-UAT workgroup = XXXXX server string = XXXX-UAT Samba Server ver %v security = ADS map untrusted to domain = Yes log file = /opt/local/samba/uat/logs/log.%m log level = 5 max log size = 50 password server = xxx.xxx.xxx.xxxx.xxx xxxx.xxxx.xxxx.xxxx.com encrypt passwords = yes realm = XXXXX.XXXX.XXXX.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba/uat/private private dir = /opt/local/samba/uat/private username map = /opt/local/samba/uat/users.map pid directory = /opt/local/samba/uat bind interfaces only = yes wins support = no domain master = no allow trusted domains = yes locking = yes lock directory = /opt/local/samba/uat/var/locks preserve case = yes short preserve case = yes name resolve order = host bcast load printers = no printcap name = /dev/null deadtime = 15 preferred master = no guest account = nobody guest ok = yes syslog = 0 interfaces = xxx.xxx.xxx.xxx socket address = xxx.xxx.xxx.xxx [uat-share] comment = uat-share path = /uat-share read only = No create mask = 0774 browseable = yes ------------------------------------------------------------------------------------------------------- I am using: - krb5-1.10.3 openldap-2.4.31 samba-3.6.7 The same config files work fine with: - krb5-1.7 openldap-2.4.16 samba-3.3.5 Any pointers? Thanks Nitin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
