Highlighted
Prindl Regular Contributor.
Regular Contributor.
225 views

Domain Logon not possible from WinXP PCs after upgrade to OES2018SP1on DSfW server

Has anybody encountered the same?

Only change was update of DSfW server to SP1 of OES2018.

In kdc.log it shows this error: "preauth (encrypted_timestamp) verify failure: ASN.1 structure is missing a required field"

What is really strange I can access all shares - even the sysvol share on the DSfW DC - if i map the shares manually. And interestingly Domain Logon does work for Windows 2000 member computers.

And according to the documentation joining a WinXP PC to the DSfW Domain is supported, which means Domain Logon from WinXP PCs is also supported.

I will probably open a SR after my August vacation - but I fear the result will be a change in the documentation to unsupported for WinXP member computers.☹️

 

 

 

0 Likes
2 Replies
Franz Sirl
New Member.

Re: Domain Logon not possible from WinXP PCs after upgrade to OES2018SP1on DSfW server

Hi,

I'm reposting a message to the old forums here (since I cannot find it anywhere?) which maybe related:

====

Hi,

I've updated our DSfW servers to OES2018.1 over the weekend and it went 99% well. The only problem was that the NMAS methods weren't properly updated.

Symptom on the DSfW server, in ndsd.log:
Feb 10 19:02:59 Method load failed: libgssapi.so.1: cannot open shared object file: No such file or directory

Symptoms on samba servers (I used SLES15) joined to the AD domain:
- users cannot access the shares (Administrator access often worked though)
- "net ads testjoin" reports: "Join to domain is not valid: No logon servers are currently available to service the logon request."

Fix:
Install all NMAS methods from /opt/novell/xad/share again on all your DSfW servers. Like this

nmasinst -addmethod admin.your-context your-tree /opt/novell/xad/share/nmasmthd/Kerberos/config.txt -h <DSfW-IP>

Judging by the timestamps of the files in /var/opt/novell/eDirectory/data/nmas-methods/ at least the Kerberos and IPCExternal methods were out of sync.
Updating the Kerberos method immediately fixed the ndsd.log messages.

Hope this helps,
Franz

 

0 Likes
Prindl Regular Contributor.
Regular Contributor.

Re: Domain Logon not possible from WinXP PCs after upgrade to OES2018SP1on DSfW server

In my case the methods were correct besides of an antique MD-5 method.

But what I found in the non DSfW servers ndsd.log is really annoying. They are now filled with:

"Method load failed: libxadnds.so.2: cannot open shared object file: No such file or directory."

(and the other ones for the rest of the DSfW NMAS methods) messages, so that the log is unreadable. It grows to 700MB only for those messages in about a month.

I think I have to open a SR.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.