|
|
Hi all,
I have a situation here where I cannot join a Active Directory using a
user account that is a member of a large number (500 in this test) of
groups using Samba 3.0.23c. I can also reproduce the problem thusly:
- kinit someuser@xxxxxxxxx
- rpcclient -k ADS-DC
Problem is that Windows resets the connection after we attempt a
SessionSetupAndX:
read_socket_with_timeout: timeout read. read error = Connection reset by
peer.
Cannot connect to server. Error was NT_STATUS_INVALID_NETWORK_RESPONSE
There were problems with older Kerberos libraries not handling
KRB5_ERR_RESPONSE_TOO_BIG properly, but the libraries I'm using appear
to handle it correctly and the kinit works.
A domain join with the same user under Windows XP Pro works. Looking at
the packet captures, Windows is using port 139, whereas we're using 445
and Windows isn't fragmenting the SessionSetupAndX, but we are.
Can anyone offer any suggestions for things to try or look for?
thx,
Matt
|
|