Bug 11554 - Computer accounts go missing intermittently
Computer accounts go missing intermittently
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB
4.1.18
x64 Linux
: P5 major
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-13 22:06 UTC by Patrick Headley
Modified: 2015-10-26 10:33 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Headley 2015-10-13 22:06:32 UTC
Version 4.1.18-Debian
Ubuntu 14.04 with all updates

Intermittently, my computer accounts disappear. I don't have much information yet but I will provide what I know. I can provide a log file but I don't know which one would be helpful.

I installed Samba 4 about a month ago. I was using a SBS 2008 server prior to that. Since then, every week or so, one of my Linux computers could not log me in with my domain credentials. After joining the machine to the domain again the login works again. The machines that have had the most issues are OpenSUSE 13.2 clients. If memory serves me correctly, I can open the Domain Membership tool in Yast and it doesn't indicate that it has left the domain but clicking OK rejoins the machine to the domain anyway.

Last Friday I worked primarily in two computers all day long. One computer is an OpenSUSE 13.2 box that I use as a VirtualBox host for several development computers. The other box is one of the development computers (VirtualBox guest) that has Windows 7 installed. All was well on Friday but yesterday (Monday) I tried to log into the host box using domain credentials and couldn't. I was finally able to log into the box using domain credentials by first commenting out the line "	kerberos method = secrets and keytab" from smb.conf. After a successful login I added the line back and have not experienced any additional problems. Then, on the Windows box, I wasn't able to log in using domain credentials. Windows presents an error message stating that the domain controller has no computer account. On that box I logged in as the administrator and rejoined the domain. It is working again.

As I stated before, I have experienced similar problems with other domain clients that run OpenSUSE 13.2. At least one of those doesn't even have the line "	kerberos method = secrets and keytab" so that line may not be part of the problem.

I installed Samba as part of a SOGo installation using the script at http://majentis.com/?p=344 if that's any help. The html encoded characters in the script were first converted back to ascii characters.

Please let me know if any of the log files might help. If the issue persists I will be able to amend this bug report with more information.
Comment 1 Patrick Headley 2015-10-14 01:43:39 UTC
It happened again on an OpenSUSE 13.2 client. I went to log in and the domain user was missing from the login form. I logged in as a local user. Then, opened the Yast tool for managing domain membership. The form shows that the computer belongs to the domain so I click OK and the computer goes through the process of joining the domain. After that, I can log into the domain account.

I ran "sudo pdbedit -L -w | grep '\[[WI]'" from the DC computer before and after rejoining the OpenSUSE computer to the domain. Before there was no record. After, the record looks like this:

linx1012$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9EB1E710626496CF226595E275E4F19A:[WX         ]:LCT-561DB0B5: