[Samba] ADS Problem : segmentation fault
djamel boussebha
dboussebha at yahoo.fr
Mon Nov 21 02:09:11 MST 2011
Hi;
Please I would like to know which are the corrects values to set into the samba/kerberos configuration to ads protocol works fine.
My platform is :
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177 (CILVS049)
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
The kinit works fine :
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting Expires Service principal
11/21/11 09:56:18 11/21/11 16:36:18 krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
wbinfo -u et wbinfo -g work fine :
# wbinfo -u
administrateur
invité
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync
My configuration is as follows :
hosts file on the linux server :
# cat /etc/hosts
127.0.0.1 local.localdomain localhost CILVS049
187.0.22.177 CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104 CINVW067.p9bis.neoplus.laposte.poc CINVW067
#cat /etc/samba/smb.conf :
[global]
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
security = ads
client use spnego = yes
realm = P9BIS.NEOPLUS.LAPOSTE.POC
server string = CILVS049
workgroup = P9BIS
password server = 187.0.17.104.p9bis.neoplus.laposte.poc
interfaces = 127.0.0.1 eth0
bind interfaces only = true
printing = cups
printcap name = cups
load printers = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
#idmap backend = ad
winbind enum users = yes
winbind enum groups = yes
client use spnego = yes
encrypt passwords = yes
winbind nested groups = yes
winbind separator = /
winbind nss info = sfu
winbind cache time = 3600
winbind use default domain = yes
preferred master = no
domain master = no
restrict anonymous = 2
log file = /var/log/samba/log.smbd
max log size = 50
usershare allow guests = no
netbios name = CILVS049
#wins server = 187.0.17.104
#wins proxy = no
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#cat /etc/krb5.conf :
[libdefaults]
default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
default_keytab_name = FILE:/etc/krb5.keytab
kdc_timesync = 1
ticket_lifetime = 24000
dns_lookup_kdc = true
dns_lookup_realm = true
forwardable = true
fcc-mit-ticketflags = true
clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
kdc = 187.0.17.104:88
default_domain = p9bis.neoplus.laposte.poc
admin_server = 187.0.17.104:749
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
.p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
kinit = {
forwardable = true
proxiable = false
renewable = true
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
#cat /etc/nsswitch.conf
passwd: files winbind
group: files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files
bootparams: files
automount: files
aliases: files
How my configuration Samba/kerberos/winbind fails with ADS ?
Regards
More information about the samba
mailing list