[Samba] PDC: realm changed: authentication aborted

Thu, 11 Oct 2012 06:01:16 -0700 

Hi list,

We have a network with some XP and some Windows 7 computer, we use samba 3.6.6
on debian 6.0.6 from debian-backports. It's a pdc with passdb backend = ldapsam.

In our logs there are lots of:
ARCServer slapd[1263]: SASL [conn=46778] Failure: realm changed: authentication
aborted

I found out that at that time this emerges the tcpdump says:

12:59:54.656399 IP client.49551 > 192.168.43.202.ldap: Flags [S], seq
3802010171, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
12:59:54.656444 IP 192.168.43.202.ldap > client.49551: Flags [S.], seq
3999710145, ack 3802010172, win 5840, options [mss
1460,nop,nop,sackOK,nop,wscale 6], length 0
12:59:54.656831 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 1, win
256, length 0
12:59:54.665734 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 1:351,
ack 1, win 256, length 350
12:59:54.665756 IP 192.168.43.202.ldap > client.49551: Flags [.], ack 351, win
108, length 0
12:59:54.677914 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 1:377,
ack 351, win 108, length 376
12:59:54.678040 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 377:391,
ack 351, win 108, length 14
12:59:54.678316 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 391, win
255, length 0
12:59:54.678707 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 351:391,
ack 391, win 255, length 40
12:59:54.679001 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 391:672,
ack 391, win 108, length 281
12:59:54.679619 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 391:678,
ack 672, win 254, length 287
12:59:54.679858 IP 192.168.43.202.ldap > client.49551: Flags [P.], seq 672:758,
ack 678, win 125, length 86
12:59:54.680464 IP client.49551 > 192.168.43.202.ldap: Flags [P.], seq 678:689,
ack 758, win 253, length 11
12:59:54.680480 IP client.49551 > 192.168.43.202.ldap: Flags [F.], seq 689, ack
758, win 253, length 0
12:59:54.680710 IP 192.168.43.202.ldap > client.49551: Flags [F.], seq 758, ack
690, win 125, length 0
12:59:54.680987 IP client.49551 > 192.168.43.202.ldap: Flags [.], ack 759, win
253, length 0

This happens every 15 minutes per Win7 machine


on the client wireshark says:

//client->server
0„   X   c„   O  
  
       x   ‡ objectclass0„   +  subschemaSubentry 
dsServiceName  namingContexts  defaultNamingContext  schemaNamingContext 
configurationNamingContext  rootDomainNamingContext  supportedControl 
supportedLDAPVersion  supportedLDAPPolicies  supportedSASLMechanisms
dnsHostName  ldapServiceName 
serverName  supportedCapabilities 

//server ->client
0‚ t   d‚ m 0‚ g0'  namingContexts1   dc=arc-aachen,dc=de0À 
supportedControl1«  2.16.840.1.113730.3.4.18  2.16.840.1.113730.3.4.2 
1.3.6.1.4.1.4203.1.10.1  1.2.840.113556.1.4.319  1.2.826.0.1.3344810.2.3 
1.3.6.1.1.13.2  1.3.6.1.1.13.1  1.3.6.1.1.120   supportedLDAPVersion1   307 
supportedSASLMechanisms1   CRAM-MD5 
DIGEST-MD5  NTLM0#  subschemaSubentry1   cn=Subschema0    e 
       
//client->server
0„   "   `„         £„     
DIGEST-MD5   

//server->client
0‚     a‚   
     @SASL(0): successful result: security flags do not match
required‡Änonce="cryptic1",realm="ARCServer.arc-aachen.de",qop="auth,auth-int,
auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,
algorithm=md5-sess

//client->server
0„       `„         £„      
DIGEST-MD5 ‚ 
õusername="client$",realm="arcd",nonce="cryptic1",digest-uri="ldap/ARCSERVER",
cnonce="cryptic2",nc=00000001,response=cryptic3,qop=auth-conf,cipher=3des,
charset=utf-8

//server->client
0T   aO 
 1   HSASL(-13): authentication failure: realm changed: authentication aborted

//client->server
0„       B  



I understand that the win7 machine tries to ask the server something concernig
the network, but the problem is, that the server expects a reply from
client.arc-aachen.de but gets a reply from client.arcd. But why?

extracts from smb.conf:
[global]
  workgroup = ARCD
  netbios name = ARCServer

  # domain settings
  domain master = yes
  domain logons = yes

  os level = 100
  preferred master = yes
  wins support = no

  passdb backend = ldapsam
  ldap suffix = dc=arc-aachen,dc=de
  ldap admin dn = cn=samba,dc=arc-aachen,dc=de
  ldap user suffix = ou=users
  ldap group suffix = ou=groups
  ldap machine suffix = ou=computers
  ldap idmap suffix = ou=idmaps
[...]


I know this is a slapd problem if this server wouldn't be our samba file server
this problem would not emerge.


Does anybody know what to do?

Thanks for your help
Sebastian

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to