user authentication issues with samba4-beta5 as a member server
Jean Raby
jraby at inverse.ca
Thu Sep 6 07:59:58 MDT 2012
On 12-09-05 7:17 PM, Andrew Bartlett wrote:
>> Alright, I tested this again with beta8 and /usr/sbin/samba won't even
>> > start when configured as a member server.
>> > So I guess the release notes were right;-)
>> >
>> > We've been using samba as a DC along with openchange and sogo and it
>> > works pretty well for our development needs, but we're trying to find a
>> > way to integrate that with existing domains with a windows DC.
>> >
>> > At first I thought that we'd simply have to join samba as a member
>> > server, but obviously, that won't work for now.
> It is meant to still permit a startup in this situation. Is there any
> chance you could debug the code in source4/smbd/server.c that imposes
> this restriction and work out why if doesn't allow you to start up?
Indeed, samba will start if 'dcerpc endpoint servers' contains 'mapiproxy'.
It didn't work in my tests since I was using a minimal smb.conf without
this parameter.
However, I get the same behavior when trying to authenticate a user
using wbinfo -K :
wbsrv_samba3_pam_auth called
wb_sid2domain_send called
wb_sid2domain_send called
seed 5e6aa7e2:daa2ed4a
seed+time aeb3513a:daa2ed4a
CLIENT 61dd86df:7ac44384
seed+time+1 aeb3513b:daa2ed4a
SERVER 97d78633:4efdf572
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0.21
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]
Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /var/lib/samba/private/smbd.tmp/msg/msg.0.50
single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED
>
>> > Are there any other options that we could try to be able to authenticate
>> > users against an existing domain short of joining samba as a DC?
>> > Or if it is not possible at all right now, is this something that might
>> > be implemented in the foreseeable future?
>> >
>> > Like I said earlier, we need to use 'samba' instead of smbd since we
>> > need to use the following configuration parameters, which I think are
>> > only available with the samba daemon :
>> >
>> > dcerpc endpoint servers = epmapper, mapiproxy
>> > dcerpc_mapiproxy:server = true
>> > dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
>> > exchange_ds_rfr
> The winbindd issues we still need to sort out, but if the Openchange
> folks expect this to work from their end, then we will keep the Samba
> side available. The startup check is just to try and avoid user
> confusion from our broader user base.
Do you expect to be able to sort the winbindd issue before the samba4
release or will it be part of a later release?
--
Jean
More information about the samba-technical
mailing list