[Samba] problem with winbind

Heyrendt, Jean-Marc Jean-Marc.Heyrendt at xrce.xerox.com
Tue Jul 11 14:48:44 GMT 2006


 

Hi,

Since 1 month, I tried without any success to configure Samba. 

My problem is that winbind crashes when I list users and groups. And I
think that it is linked to my trusted domains (wbinfo -domain=myADdomain
-u works well).

 

The error is the following :

 

[2006/07/11 14:30:29, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(757)

  got principal=machine$@TRUSTEDDOMAIN.COM

[2006/07/11 14:30:29, 10]
libads/kerberos.c:kerberos_kinit_password_ext(88)

  kerberos_kinit_password: using MEMORY:cliconnect as ccache

[2006/07/11 14:30:29, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(546)

  Doing kerberos session setup

[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(41)

  ===============================================================

[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(42)

  INTERNAL ERROR: Signal 11 in pid 7396 (3.0.23)

  Please read the Trouble-Shooting section of the Samba3-HOWTO

[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(44)

  

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf

[2006/07/11 14:30:29, 0] lib/fault.c:fault_report(45)

  ===============================================================

[2006/07/11 14:30:29, 0] lib/util.c:smb_panic(1592)

  PANIC (pid 7396): internal error

[2006/07/11 14:30:29, 0] lib/util.c:log_stack_trace(1699)

  BACKTRACE: 23 stack frames:

   #0 winbindd(log_stack_trace+0x2d) [0x50081d]

   #1 winbindd(smb_panic+0x5d) [0x50094d]

   #2 winbindd [0x4ec30a]

   #3 [0x297420]

   #4 /lib/libc.so.6(memcpy+0x1c) [0x18464c]

   #5 /usr/lib/libkrb5.so.3(krb5_copy_principal+0x115) [0xb90ea5]

   #6 /usr/lib/libkrb5.so.3(krb5_copy_creds+0x64) [0xb90a04]

   #7 /usr/lib/libkrb5.so.3 [0xb86feb]

   #8 /usr/lib/libkrb5.so.3(krb5_cc_store_cred+0x20) [0xb87b90]

   #9 /usr/lib/libkrb5.so.3(krb5_get_credentials+0x1c3) [0xb94463]

   #10 winbindd(cli_krb5_get_ticket+0x4b9) [0x529ed9]

   #11 winbindd(spnego_gen_negTokenTarg+0x62) [0x52aef2]

   #12 winbindd(cli_session_setup_spnego+0x6b6) [0x5220b6]

   #13 winbindd [0x492d1d]

   #14 winbindd(set_dc_type_and_flags+0x9c) [0x49425c]

   #15 winbindd [0x481fb8]

   #16 winbindd [0x4849ac]

   #17 winbindd(winbindd_list_users+0x130) [0x476e90]

   #18 winbindd [0x4755d7]

   #19 winbindd [0x476ca8]

   #20 winbindd(main+0x8e9) [0x476129]

   #21 /lib/libc.so.6(__libc_start_main+0xdc) [0x12e724]

   #22 winbindd [0x4747b1]

[2006/07/11 14:30:30, 0] lib/fault.c:dump_core(173)

  dumping core in /var/log/samba/cores/winbindd

 

 

When, winbind is not launched, I get this error :

smbd/sesssetup.c:reply_spnego_kerberos(310)

            Username myADdomain\MACHINE$ is invalid on this system

It works well, but operations on clients are very slow. For ex. a copy
hangs 500ms at every file access.

 

My configuration files are :

 

* smb.conf

 

[global]

        workgroup = myADdomain

        realm = myADdomain.COM

        security = ADS

        password server = myDC

        log level = 2 passdb:2 winbind:10 auth:2

        log file = /var/log/samba/log.smbd

        max log size = 50000

        server signing = auto

        printcap name = /etc/printcap

        preferred master = No

        local master = No

        domain master = No

        dns proxy = No

        wins server = myIPWinsServer

        ldap ssl = no

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        template homedir = /home/%U

        winbind trusted domains only = Yes

 

[homes]

        comment = Home Directories

        read only = No

        browseable = No

 

* krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

 

[libdefaults]

 ticket_lifetime = 24000

 clockskew = 300

 default_realm = MYADDOMAIN.COM

 

[realms]

MYADDOMAIN.COM = {

 kdc = myDC:88

 admin_server = myDC:464

 default_domain = MYADDOMAIN.COM

}

 

[domain_realm]

 .mydomain.com = MYDOMAIN.COM

mydomain.com = MYDOMAIN.COM

 

[kdc]

 profile = /var/kerberos/krb5kdc/kdc.conf

 

[appdefaults]

 pam = {

   debug = false

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

 }

 

I run samba 3.023 on a Fedora Core 5 server. My AD domain is in a large
forest. My AD domain controller is running Windows 2003 sp1. Other
trusted domains are not in the same subnet. Several questions. Is
winbind needed in my configuration ? How to limit the usage of Samba to
my domain (how to remove trusted domains scans)?

 

Many tanks in advance,

 

--Yann



More information about the samba mailing list