[Samba] Problem with AD

Stephan Ellis stephan.ellis at gmail.com
Tue Jun 26 19:59:47 GMT 2007


Hi All,

  New to the list here.  I am trying to connect my samba box to an Windows
Server 2003 box (yuck).  My users want to be able to access shares on the
samba box with the same credentials they used to login into the windows
domain.  Am I correct in thinking this is possible?  As far as I can tell
from numerous tutorials and docs, I am.  Anyway, I downloaded MIT's
kerberos5 1.6.1, dod configure (with no extra options), make && make
install, everything worked just fine.

Here is my krb5.conf
-------SNIP-------
[logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log

[libdefaults]
        default_realm = EAGLE-SYSTEMS.LOCAL

[realms]
        EAGLE-SYSTEMS.LOCAL = {
                kdc = esass001.eagle-systems.local
        }

[domain_realms]
        .kerberos.server = EAGLE-SYSTEMS.LOCAL
------SNIP---------



I ran kinit and It seems to have worked!  Awesome, here is what klist says
------SNIP-------
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: esasadmin at EAGLE-SYSTEMS.LOCAL

Valid starting     Expires            Service principal
06/26/07 09:39:03  06/26/07 19:39:07  krbtgt/EAGLE-
SYSTEMS.LOCAL at EAGLE-SYSTEMS.LOCAL
        renew until 06/27/07 09:39:03


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
-------SNIP---------

Next, I compiled samba 3.0.25a on Slackware Linux 11.  Here are the option I
used with configure:

./configure --with-ads --with-krb5=/usr/local --with-winbind --with-libmsrpc
--with-acl-support --with-ldap

It configures, compiles and installs without errors.

Here is my smb.conf
------SNIP------
[global]
workgroup = EAGLE-SYSTEMS
realm = EAGLE-SYSTEMS.LOCAL
preferred master = no
server string = Eagle FTP Server
security = ADS
password server = 192.168.0.20
encrypt passwords = yes
log level = 3
client use spnego = Yes
netbios name = FTP
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
printcap name = cups
printing = cups
idmap uid = 10000-20000
idmap gid = 10000-20000

[safety]
path = /home/safety
comment = Safety Officer
valid users = sellis
read only = No
browseable = No
-----SNIP------

Notice that for the safety share, I have a valid user called sellis, which
is a user in the Active Directory.

I ran testparm and it said everything was ok. I fired up smbd and nmbd and
they run fine. Next I ran:


# ./net ads join -U esasadmin
esasadmin's password:
Using short domain name -- EAGLE-SYSTEMS
Joined 'FTP' to realm 'EAGLE-SYSTEMS.LOCAL'

And it seems to have worked.  I look under 'Computers' in active directory
and sure enough, FTP shows up in the list.

Next I edited /etc/nsswitch.conf and changed the passw and group lines to
look like this:
passwd:         compat winbind
group:          compat winbind

No I fired up winbindd and it looked good.  However, when ever I run wbinfo
-u, I see no list of users (it says: Error looking up domain users).  I
check to make sure winbindd is still running, but I it isn't.
I looked and the logs for winbindd (specifically log.wb-EAGLE-SYSTEMS) and
it shows this:
-----SNIP-----
[2007/06/26 14:50:50, 3]
nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(121)
  [  898]: list trusted domains
[2007/06/26 14:50:50, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/06/26 14:50:50, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 899 (3.0.25a)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/06/26 14:50:50, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/06/26 14:50:50, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/06/26 14:50:50, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 899): internal error
[2007/06/26 14:50:50, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 24 stack frames:
   #0 ./winbindd(log_stack_trace+0x26) [0x800bec88]
   #1 ./winbindd(smb_panic+0x76) [0x800beb18]
   #2 ./winbindd [0x800ac248]
   #3 ./winbindd [0x800ac256]
   #4 [0xffffe420]
   #5 ./winbindd(cm_connect_sam+0x79) [0x8005b915]
   #6 ./winbindd [0x8005ebbb]
   #7 ./winbindd [0x8005f6f2]
   #8 ./winbindd [0x8004970f]
   #9 ./winbindd [0x80049bb9]
   #10 ./winbindd [0x8004ccb2]
   #11 ./winbindd(winbindd_dual_list_trusted_domains+0x9d) [0x80056b5c]
   #12 ./winbindd [0x80063f40]
   #13 ./winbindd [0x800656f5]
   #14 ./winbindd [0x80063bba]
   #15 ./winbindd(async_request+0x154) [0x800637cc]
   #16 ./winbindd(init_child_connection+0x219) [0x80047221]
   #17 ./winbindd(async_domain_request+0xed) [0x80063ced]
   #18 ./winbindd [0x80046c76]
   #19 ./winbindd(rescan_trusted_domains+0x45) [0x80046ffb]
   #20 ./winbindd [0x8003f95d]
   #21 ./winbindd(main+0x652) [0x800404b3]
   #22 /lib/tls/libc.so.6(__libc_start_main+0xd4) [0xb7c60e14]
   #23 ./winbindd [0x8003e661]
[2007/06/26 14:50:50, 0] lib/fault.c:dump_core(181)
  dumping core in /usr/local/samba/var/cores/winbindd
------SNIP------


The interesting thing is that wbinfo worked yesterday (meaning I saw a list
of all the users and group from AD), but I can't figure out what I changed.
Any help is appreciated.  Thanks guys....

-stephan


More information about the samba mailing list