[corpo]

Ah, well, that explains it then – is there any way to get information on the DirectoryService credentials?

Thanks.

[corpo]

When it’s bound to AD, there are no Kerberos credentials/tickets according to klist or the Kerberos app in /System/Library/CoreServices – which is what caused me to make that assumption. Presumably, if there were a Kerberos trust relationship, wouldn’t I be able to see the ticket with those utilities?

[corpo]

Further investigation leads me to believe that the trust relationship between the XServe and the AD controller does not rely on Kerberos, but rather some proprietary microsoft credential system. The problem with the Xserve losing it’s binding with AD seems to be caused by the fact that the AD controller requires a periodic password change for the machine accounts – which is not supported by the ADPlugin in Tiger. Does anyone know if there’s a way to use Kerberos for this trust mechanism, rather than the Microsoft trust credential system?

[corpo]

I’m having a similar problem. When you can’t login, can you still see the active directory users? (easiest way to check is to type ‘id jnaubur’ in the terminal) Also – is the mac server still visible to the Windows network? To determine that use smbfind – it lists all the machines in the windows network that are registered – you’ve got a fair sized network, so I’d grep the output for your server’s name (e.g smbfind | grep ).

I managed to determine that the problem that we are (still) having was actually two separate problems – the first was that the xserve was disappearing from the windows network – which yielded errors similar to what you posted. That problem was caused by the windows name service daemon on the xserve crashing randomly, and I solved it by writing a little shell script that checks to see if the daemon is running every 5 minutes, and if it isn’t, starts it up again – i’ll post the code below. Someone else on this forum wrote a similar script – but it would actually restart the whole windows service, which isn’t necessary, and could very likely disrupt active connections (which don’t need nmbd to maintain connectivity).

Anyway, if you find that the xserves are disappearing from the windows network, add this script to (root’s) crontab (you’ll probably have to do it for all three machines) – and that will solve at least one of the problems. The other problem I’m having is described in this post. Let me know if you’re experiencing similar issues, and perhaps we can come up with an answer.

—kick-nmbd.sh—
[code]
#!/bin/sh

ps -auxw | grep `cat /var/run/nmbd.pid` | grep nmbd > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo “nmbd crashed – dispensing swift kick in the ass”
/usr/sbin/nmbd -D
echo “kick dispensed – happy sharing!”
else
echo “windows service is running smoothly!”
fi
[/code]

don’t forget to chmod +x the script!

[Author]

Posts