[Samba] problem with winbind
Heyrendt, Jean-Marc
Jean-Marc.Heyrendt at xrce.xerox.com
Tue Jul 11 14:48:44 GMT 2006
Hi,
Since 1 month, I tried without any success to configure Samba.
My problem is that winbind crashes when I list users and groups. And I
think that it is linked to my trusted domains (wbinfo -domain=myADdomain
-u works well).
The error is the following :
[2006/07/11 14:30:29, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(757)
got principal=machine$@TRUSTEDDOMAIN.COM
[2006/07/11 14:30:29, 10]
libads/kerberos.c:kerberos_kinit_password_ext(88)
kerberos_kinit_password: using MEMORY:cliconnect as ccache
[2006/07/11 14:30:29, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(546)
Doing kerberos session setup
[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(41)
===============================================================
[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 7396 (3.0.23)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(44)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(45)
===============================================================
[2006/07/11 14:30:29, 0] lib/util.c:smb_panic(1592)
PANIC (pid 7396): internal error
[2006/07/11 14:30:29, 0] lib/util.c:log_stack_trace(1699)
BACKTRACE: 23 stack frames:
#0 winbindd(log_stack_trace+0x2d) [0x50081d]
#1 winbindd(smb_panic+0x5d) [0x50094d]
#2 winbindd [0x4ec30a]
#3 [0x297420]
#4 /lib/libc.so.6(memcpy+0x1c) [0x18464c]
#5 /usr/lib/libkrb5.so.3(krb5_copy_principal+0x115) [0xb90ea5]
#6 /usr/lib/libkrb5.so.3(krb5_copy_creds+0x64) [0xb90a04]
#7 /usr/lib/libkrb5.so.3 [0xb86feb]
#8 /usr/lib/libkrb5.so.3(krb5_cc_store_cred+0x20) [0xb87b90]
#9 /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1c3) [0xb94463]
#10 winbindd(cli_krb5_get_ticket+0x4b9) [0x529ed9]
#11 winbindd(spnego_gen_negTokenTarg+0x62) [0x52aef2]
#12 winbindd(cli_session_setup_spnego+0x6b6) [0x5220b6]
#13 winbindd [0x492d1d]
#14 winbindd(set_dc_type_and_flags+0x9c) [0x49425c]
#15 winbindd [0x481fb8]
#16 winbindd [0x4849ac]
#17 winbindd(winbindd_list_users+0x130) [0x476e90]
#18 winbindd [0x4755d7]
#19 winbindd [0x476ca8]
#20 winbindd(main+0x8e9) [0x476129]
#21 /lib/libc.so.6(__libc_start_main+0xdc) [0x12e724]
#22 winbindd [0x4747b1]
[2006/07/11 14:30:30, 0] lib/fault.c:dump_core(173)
dumping core in /var/log/samba/cores/winbindd
When, winbind is not launched, I get this error :
smbd/sesssetup.c:reply_spnego_kerberos(310)
Username myADdomain\MACHINE$ is invalid on this system
It works well, but operations on clients are very slow. For ex. a copy
hangs 500ms at every file access.
My configuration files are :
* smb.conf
[global]
workgroup = myADdomain
realm = myADdomain.COM
security = ADS
password server = myDC
log level = 2 passdb:2 winbind:10 auth:2
log file = /var/log/samba/log.smbd
max log size = 50000
server signing = auto
printcap name = /etc/printcap
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = myIPWinsServer
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
winbind trusted domains only = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
* krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
[libdefaults]
ticket_lifetime = 24000
clockskew = 300
default_realm = MYADDOMAIN.COM
[realms]
MYADDOMAIN.COM = {
kdc = myDC:88
admin_server = myDC:464
default_domain = MYADDOMAIN.COM
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
I run samba 3.023 on a Fedora Core 5 server. My AD domain is in a large
forest. My AD domain controller is running Windows 2003 sp1. Other
trusted domains are not in the same subnet. Several questions. Is
winbind needed in my configuration ? How to limit the usage of Samba to
my domain (how to remove trusted domains scans)?
Many tanks in advance,
--Yann
More information about the samba
mailing list