[Samba] RE: Trying to join a Solaris 8 box to Windows 2000 AD.

Clive.Elsum at csiro.au Clive.Elsum at csiro.au
Tue Nov 12 23:35:11 GMT 2002


Hi Andrew,

Finally got back to this after locating a machine with more disk space!
The dbg output was:
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
/11715: No such file or directory.
Attaching to program `/proc/11715/object/a.out', process 11715
Reading symbols from /usr/lib/libsec.so.1...done.
Loaded symbols for /usr/lib/libsec.so.1
Reading symbols from /usr/lib/libgen.so.1...done.
Loaded symbols for /usr/lib/libgen.so.1
Reading symbols from /usr/lib/libresolv.so.2...done.
Loaded symbols for /usr/lib/libresolv.so.2
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/local/krb5/lib/libkrb5.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libkrb5.so.3
Reading symbols from /usr/local/krb5/lib/libcom_err.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libcom_err.so.3
Reading symbols from /usr/local/krb5/lib/libk5crypto.so.3...done.
Loaded symbols for /usr/local/krb5/lib/libk5crypto.so.3
Reading symbols from /usr/local/krb5/lib/libgssapi_krb5.so.2...done.
Loaded symbols for /usr/local/krb5/lib/libgssapi_krb5.so.2
Reading symbols from /usr/local/ldap/lib/liblber.so.2...done.
Loaded symbols for /usr/local/ldap/lib/liblber.so.2
Reading symbols from /usr/local/ldap/lib/libldap.so.2...done.
Loaded symbols for /usr/local/ldap/lib/libldap.so.2
Reading symbols from /usr/lib/libpam.so.1...done.
Loaded symbols for /usr/lib/libpam.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/local/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/local/lib/libgcc_s.so.1
Reading symbols from /usr/local/ssl/lib/libssl.so.0.9.6...done.
Loaded symbols for /usr/local/ssl/lib/libssl.so.0.9.6
Reading symbols from /usr/local/ssl/lib/libcrypto.so.0.9.6...done.
Loaded symbols for /usr/local/ssl/lib/libcrypto.so.0.9.6
Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
Retry #1:
Retry #2:
Retry #3:
Retry #4:
[New LWP 1]
Symbols already loaded for /usr/lib/libsec.so.1
Symbols already loaded for /usr/lib/libgen.so.1
Symbols already loaded for /usr/lib/libresolv.so.2
Symbols already loaded for /usr/lib/libsocket.so.1
Symbols already loaded for /usr/lib/libnsl.so.1
Symbols already loaded for /usr/lib/libdl.so.1
Symbols already loaded for /usr/local/krb5/lib/libkrb5.so.3
Symbols already loaded for /usr/local/krb5/lib/libcom_err.so.3
Symbols already loaded for /usr/local/krb5/lib/libk5crypto.so.3
Symbols already loaded for /usr/local/krb5/lib/libgssapi_krb5.so.2
Symbols already loaded for /usr/local/ldap/lib/liblber.so.2
Symbols already loaded for /usr/local/ldap/lib/libldap.so.2
Symbols already loaded for /usr/lib/libpam.so.1
Symbols already loaded for /usr/lib/libc.so.1
Symbols already loaded for /usr/lib/libmp.so.2
Symbols already loaded for /usr/local/lib/libgcc_s.so.1
Symbols already loaded for /usr/local/ssl/lib/libssl.so.0.9.6
Symbols already loaded for /usr/local/ssl/lib/libcrypto.so.0.9.6
Symbols already loaded for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
0xff01b844 in _waitid () from /usr/lib/libc.so.1
#0  0xff01b844 in _waitid () from /usr/lib/libc.so.1
#1  0xfefd5d00 in _waitpid () from /usr/lib/libc.so.1
#2  0xff01113c in system () from /usr/lib/libc.so.1
#3  0x5fb58 in smb_panic (why=0xefb40 "internal error") at lib/util.c:1142
#4  0x4e760 in fault_report (sig=11) at lib/fault.c:41
#5  0x4e7b8 in sig_fault (sig=11) at lib/fault.c:61
#6  <signal handler called>
#7  0xff0506bc in exit () from
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
#8  0xff235554 in process_gethost () from /usr/lib/libnsl.so.1
#9  0xff235388 in _door_gethostbyname_r () from /usr/lib/libnsl.so.1
#10 0xff21af10 in _get_hostserv_inetnetdir_byname () from
/usr/lib/libnsl.so.1
#11 0xff2348d0 in gethostbyname_r () from /usr/lib/libnsl.so.1
#12 0x50a18 in sys_gethostbyname (name=0x19a6e0 "") at lib/system.c:513
#13 0x5f708 in interpret_addr (str=0xffbeec48 "nxact1-bm.nexus.csiro.au")
    at lib/util.c:832
#14 0x5f830 in interpret_addr2 (
    str=0xffffffff <Address 0xffffffff out of bounds>) at lib/util.c:854
#15 0xe0048 in ads_try_dns (ads=0x199430) at libads/ldap.c:129
#16 0xe040c in ads_connect (ads=0x199430) at libads/ldap.c:227
#17 0x3d05c in ads_cached_connection (domain=0x18ed30)
    at nsswitch/winbindd_ads.c:136
#18 0x3f3b0 in domain_sid (domain=0x18ed30, sid=0x18ef30)
    at nsswitch/winbindd_ads.c:803
#19 0x36ec0 in domain_sid (domain=0x18ed30, sid=0x18ef30)
    at nsswitch/winbindd_cache.c:892
#20 0x34d44 in init_domain_list () at nsswitch/winbindd_util.c:201
#21 0x2f3ac in winbind_setup_common () at nsswitch/winbindd.c:700
#22 0x2f878 in main (argc=1, argv=0xffbef95c) at nsswitch/winbindd.c:875


Any help on where to go on this would be greatly appreciated,

Clive

---------------------------------------------------------------------
Clive Elsum BAppSc, RHCE
Systems Engineer - Information Technology Group
CSIRO Atmospheric Research
PMB 1, Aspendale, Victoria, Australia  3195
Phone : (+61 3) 9239 4509
Fax:    (+61 3) 9239 4444
E-mail Clive.Elsum at csiro.au
---------------------------------------------------------------------



-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Sunday, 10 November 2002 11:39 PM
To: Clive.Elsum at csiro.au
Cc: samba at lists.samba.org; samba-technical at lists.samba.org
Subject: Re: Trying to join a Solaris 8 box to Windows 2000 AD.

On Sun, 2002-11-10 at 21:13, Clive.Elsum at csiro.au wrote:
> I am having major problems with SAMBA samba-3.0alpha20 in trying to
connect
> to 
> Windows 2000 AD. I have attached info if that helps.  Any help you can
give
> me
> would be greatly appreciated.
> 
> Thanks in advance
> 
> Clive Elsum
> 
> I can get samba-3.0alpha20 working if I include reference to our NT PDC
> in the smb.conf file and do a net rpc join command.
> This joins our NT PDC domain which has a trust relationship with the
> Windows 2000 ADS.
> The "joined domian XXX" message appears and a wbinfo -m shows the
> Windows 2000 AD domain "YYYYY" as a trusted-domain.
> I can then login using domain/userid and everything works correctly.
> The working smb.conf relvant bits are
> 	workgroup = xxx
> 	security = server
>         encrypt passwords = yes
>         stat cache = false
>         winbind separator = /
>         winbind uid = 10000-30000
>         winbind gid = 10000-30000
>         winbind use default domain = true
>         winbind enum groups = yes
>         winbind enum users = yes
> 	security = server
>         template shell = /bin/tcsh
> 
> 
> However with the imminent departure of the local NT PDC I will be forced
> to use the net ads join command which at present fails.

There isn't a 'forced' here - you should still be able to 'net rpc join'
a Win2k domain.  But that doesn't solve your real problem.

> The kinit command works correctly (password entered prompt returned)
> The klist command appears to do the right thing.
> Suggesting that kerberos is set up OK.
> 
> I have samba-3.0alpha20 version installed on Solaris 8. It was configured
> with
> ./configure  --with-ads --with-ldap --with-krb5=/usr/local/kerberos
> --with-pam --with-winbind
> 
> The include/config.h file shows
> #define HAVE_KRB5 1
> #define HAVE_GSSAPI 1
> #define WITH_ADS 1
> #define HAVE_LDAP_H 1
> 
> 
> I am using GCC Version 3.2;  Kerberos  krb5-1.2.6; LDAP openldap-2.1.8; on
a
> Solaris 8 platform.
> 
> I have modified the Makefile so as to overcome errors in compiling e.g
> passdb/pdb_ldap.c

What were they, btw?

> I then do a make install and copy relevant files with relevant links:
> cp pam_winbind.so /lib/security
> cp libnss_winbind.so /lib/nss_winbind.so
> 
> 
> Relevant bits from smb.conf:
>         workgroup = OUR
>         realm = OUR.2000AD.DOMAIN
>         security =  ADS
>         encrypt passwords = yes
>         stat cache = false
>         winbind separator = /
>         winbind uid = 10000-30000
>         winbind gid = 10000-30000
>         winbind use default domain = true
>         winbind enum groups = yes
>         winbind enum users = yes
>         ads server = <IP ADDRESS of ads server>
>         template shell = /bin/tcsh
> 
> WINBINDD adds the AD DOMAIN and relevant machines in lookup sequence but
> then 
> aborts with:
> 
> convert_string: Required 1521, available 2048
> ===============================================================
> INTERNAL ERROR: Signal 11 in pid 25953 (3.0alpha20)
> Please read the file BUGS.txt in the distribution
> ===============================================================
> PANIC: internal error
> Abort (core dumped)

Any chance of recompiling --enable-krb5developer and getting us a gdb
backtrace?  See 'panic action' in the smb.conf

> Obviously the command net ads join also fails with:
> [2002/11/10 20:36:44, 0] libads/kerberos.c:ads_kinit_password(122)
>   kerberos_kinit_password user at OUR.2000AD.DOMAIN failed: Preauthentication
> failed
> [2002/11/10 20:36:44, 1] utils/net_ads.c:ads_startup(148)
>   ads_connect: Invalid credentials

Why is this 'obviously'?  Anyway, a backtrace of this would be good.

Anyway, if you can get that, and also try the lastest 3.0 CVS
(pserver.samba.org), that will help us to chase it down.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba mailing list