[Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects

L. Mark Stone LMStone at RNoME.com
Wed Oct 13 14:49:49 GMT 2004 

We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a 
Windows Active Directory domain where the AD server was running Windows 2000 
Server.

We found that the instructions in Chapter 9.3.3 were, at least in our case, 
incomplete.

The AD server was managing a private domain, so following the Windows 
Configure My Server wizard the domain was setup as "smelug.local".

When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with 
the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got 
an error indicating the Linux box could not find the Kerberos server.

After Googling, we saw that others experiencing this problem had as the root 
cause either a DNS configuration problem or a misconfigured realm in 
krb5.conf.

We checked DNS on the W2K server and on the Linux box, added entries in the 
Linux and Windows hosts files, and then watched the packets go back and forth 
with Ethereal between the Windows 2K AD server and the SuSE box, but we still 
got the error. The two boxes were clearly exchanging packets, so we felt 
pretty good that we didn't have any DNS configuration errors.

Next, we undid all of the above changes, and simply edited the krb5.conf file 
to include the realm information and the IP:port info for the AD server. The 
join was successful now.

May I therefore suggest that configuring the krb5.conf file be added to 
Chapter 9.3.3 in S3BE?

Separately, we found two winbind errors during testing:

First, we found that winbind does not shut down cleanly during a reboot (we 
used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup 
automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in 
place, which we must remove manually before we can start winbind. 

Second, even after starting/stopping/restarting winbind manually, wbinfo -u 
(and -g) do not work at first. We found we needed to run "net ads info" 
first, and then wbinfo -whatever would work just fine.

Please let me know if you would like me to file bugzilla reports on these 
errors, or if you would like more detail. We are not programmers so we don't 
know how to narrow this down further.

With best regards,
Mark

P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 
host. We can make the virtual machine files available to you if you would 
like to run these machines locally for testing (assuming you have VMware and 
a Windows 2000 Server license).

-- 
_________________________________________________
A Message From...  L. Mark Stone

Reliable Networks of Maine, LLC
477 Congress Street
Portland, ME 04101
Tel: (207) 772-5678
Web: www.RNoME.com

More information about the samba mailing list