SnapServer authentication does not function with Windows Server 2008 R2

Version 1

    More specifically the issue is with NTLM/SSP based security.  This issue is a known Samba incompatibility and affects multiple Linux and NAS servers.  There is currently no fix.

     

    There is a work-around in that if the customer uses name based look-ups they will revert to Kerberos authentication which still works most of the time.  However according to Snap QA there is still potential for Kerberos authentication to fail in this scenario.

     

    In order to properly identify this issue you will see messages similar to the following in /var/log/samba/log.winbindd-DOMAIN (note DOMAIN refers to the domain name in the log)

     

    winbindd[4494]: [2010/02/12 14:23:33, 0]

    rpc_client/cli_pipe.c:rpc_api_pipe(790)

    winbindd[4494]: rpc_api_pipe: Remote machine IU-MSSG-TSDC1.testads.iu.edu pipe

    \NETLOGON fnum 0xereturned critical error. Error was

    NT_STATUS_PIPE_DISCONNECTED

     

    If you see this issue and can confirm please escalate the case so that we can track it. This issue currently affects Guardian OS 5.2 and later.  Guardian OS versions prior to 5.2 are not compatible with Windows 2008 domains.