Domain Logon not possible from WinXP PCs after upgrade to OES2018SP1on DSfW server
Has anybody encountered the same?
Only change was update of DSfW server to SP1 of OES2018.
In kdc.log it shows this error: "preauth (encrypted_timestamp) verify failure: ASN.1 structure is missing a required field"
What is really strange I can access all shares - even the sysvol share on the DSfW DC - if i map the shares manually. And interestingly Domain Logon does work for Windows 2000 member computers.
And according to the documentation joining a WinXP PC to the DSfW Domain is supported, which means Domain Logon from WinXP PCs is also supported.
I will probably open a SR after my August vacation - but I fear the result will be a change in the documentation to unsupported for WinXP member computers.☹️
I'm reposting a message to the old forums here (since I cannot find it anywhere?) which maybe related:
I've updated our DSfW servers to OES2018.1 over the weekend and it went 99% well. The only problem was that the NMAS methods weren't properly updated.
Symptom on the DSfW server, in ndsd.log:
Feb 10 19:02:59 Method load failed: libgssapi.so.1: cannot open shared object file: No such file or directory
Symptoms on samba servers (I used SLES15) joined to the AD domain:
- users cannot access the shares (Administrator access often worked though)
- "net ads testjoin" reports: "Join to domain is not valid: No logon servers are currently available to service the logon request."
Install all NMAS methods from /opt/novell/xad/share again on all your DSfW servers. Like this
nmasinst -addmethod admin.your-context your-tree /opt/novell/xad/share/nmasmthd/Kerberos/config.txt -h <DSfW-IP>
Judging by the timestamps of the files in /var/opt/novell/eDirectory/data/nmas-methods/ at least the Kerberos and IPCExternal methods were out of sync.
Updating the Kerberos method immediately fixed the ndsd.log messages.
Hope this helps,
In my case the methods were correct besides of an antique MD-5 method.
But what I found in the non DSfW servers ndsd.log is really annoying. They are now filled with:
"Method load failed: libxadnds.so.2: cannot open shared object file: No such file or directory."
(and the other ones for the rest of the DSfW NMAS methods) messages, so that the log is unreadable. It grows to 700MB only for those messages in about a month.
I think I have to open a SR.