SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002839: Proxy Auth and AD 2008R2 fail - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002839Endian FirewallProxy HTTPpublic2010-04-09 19:072010-11-22 11:49
lryc299 
ra-endian 
normalmajoralways
closedfixed 
2.3 
2.42.4 
0002839: Proxy Auth and AD 2008R2 fail
Enterprise version.
winbindd/smbd : Version 3.2.14-2.endian8

Domain join was successful.
Users and groups are showing up in the GUI.

Error in samba.log

winbindd[7024]: rpc_client/cli_pipe.c:rpc_api_pipe(789)
winbindd[7024]: rpc_api_pipe: Remote machine DC1R2.domain.local pipe \NETLOGON fnum 0x8003 returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED
No tags attached.
Issue History
2010-04-09 19:07lryc299New Issue
2010-04-09 20:18lryc299Note Added: 0004126
2010-04-09 22:25lryc299Note Added: 0004127
2010-04-14 00:58lryc299Note Added: 0004143
2010-04-14 01:12AnonymousStatusnew => feedback
2010-06-23 10:52peter-endianStatusfeedback => confirmed
2010-06-23 10:53peter-endianTarget Version => 2.4
2010-06-23 10:57peter-endianNote Added: 0004553
2010-06-23 13:05peter-endianNote Added: 0004554
2010-07-05 16:46peter-endianNote Added: 0004594
2010-07-05 16:46peter-endianStatusconfirmed => resolved
2010-07-05 16:46peter-endianFixed in Version => 2.4
2010-07-05 16:46peter-endianResolutionopen => fixed
2010-07-05 16:46peter-endianAssigned To => peter-endian
2010-07-05 16:46peter-endianStatusresolved => new
2010-07-05 16:46peter-endianAssigned Topeter-endian => ra-endian
2010-07-05 16:47peter-endianStatusnew => resolved
2010-07-05 16:48peter-endianNote Added: 0004595
2010-07-05 16:49peter-endianNote Deleted: 0004594
2010-11-22 11:49peter-endianStatusresolved => closed

Notes
(0004126)
lryc299   
2010-04-09 20:18   
Openfiler has the same problem.
See: https://forums.openfiler.com/viewtopic.php?id=4431 [^]

Fix: upgrade samba to 3.4.5
(0004127)
lryc299   
2010-04-09 22:25   
Before compiling a new version of samba try squid_kerb_auth insead of ntlm...
Can't try it here as I don't have a binary of the file.
(0004143)
lryc299   
2010-04-14 00:58   
It's working here with samba 3.4.5 and talloc 1.3.1.

Installed devel first.
Compiled samba3.4.5 from source with:
./configure --prefix=/usr
--with-fhs
--libdir=/usr/lib/samba
--with-configdir=/etc/samba
--localstatedir=/var
--with-lockdir=/var/cache/samba
--with-swatdir=/usr/share/swat

Compiled talloc1.3.1
Copied libtalloc.so.1.3.1 to /usr/lib/samba/libtalloc.so.1
(0004553)
peter-endian   
2010-06-23 10:57   
fix seems backported to 3.3.10:
http://old.nabble.com/NTLM_auth-to-win2008-r2-failed-(NT_STATUS_PIPE_DISCONNECTED)-td27336513.html [^]

probably it is this bug:
https://bugzilla.samba.org/show_bug.cgi?id=6711 [^]

this happens on 2008 R2, on 2008 it is fine
no chance to configure r2 in a manner that it is working
-> we need a samba update or backport the patch
(0004554)
peter-endian   
2010-06-23 13:05   
try to upgrade to latest version

thank you lryc299 for tests and report!
(0004595)
peter-endian   
2010-07-05 16:48   
upgraded to 3.5.4, it is working ok with windows server 2008 and windows server 2008 r2

before release needs however to be tested with all other windows server versions