[Samba] Samba 3.4 Panic in Debian
dale at BriannasSaladDressing.com
Tue Jan 26 07:56:00 MST 2010
On 01/26/2010 12:44 AM, Christian PERRIER wrote:
> Quoting Jeremy Allison (jra at samba.org):
>> On Mon, Jan 25, 2010 at 11:14:31AM -0600, Dale Schroeder wrote:
>>> This time, it seems to be an ADS specific winbind error.
>>> I have attempted with the current kernel - 2.6.32-trunk-686 and the
>>> previous kernel - 2.6.30-2-686.
>>> What kind of encryption change has occurred, and which program is it
>>> referring to as lacking the encryption type - samba or krb5?
>> This is a krb5 error. Try upgrading the krb5 libraries ?
> Dale, can you send the output of "dpkg -s libkrb5-3"
> Sam Hartman is working hardly on krb5 these days. I can't check right
> now but it's highly probable that Debian testing hasn't the same
> version than unstable (1.7 in testing, 1.8 in unstable).
> So, Jeremy's advice is probably worth it if you have 1.7 version of
> krb5 and if that solves your problems, then we might need to update
> dependencies in samba packages.
Actually, I think it was the upgrade to 1.8 that caused the problem.
Steve Langasek informed me that DES is disabled by default in 1.8 and
gave me a link to
documentation that indicated I need this in krb5.conf under [libdefaults]:
dpks -s libkrb5-3
Status: install ok installed
Maintainer: Sam Hartman<hartmans at debian.org>
Replaces: libkrb53 (<< 1.6.dfsg.4~beta1-7)
Depends: libc6 (>= 2.9), libcomerr2 (>= 1.34), libk5crypto3 (>= 1.8+dfsg~alpha1), libkeyutils1, libkrb5support0 (= 1.8+dfsg~alpha1-4)
Suggests: krb5-doc, krb5-user
Conflicts: libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2), ssh-krb5 (<< 3.8.1p1-10)
Description: MIT Kerberos runtime libraries
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the Kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
This is the MIT reference implementation of Kerberos V5.
This package contains the runtime library for the main Kerberos v5 API
used by applications and Kerberos clients.
Enabling DES has only been mostly successful. One system running stable
(3.2.5) could now rejoin the domain, shares are accessible, but getent
and wbinfo give no output.
The other system running testing (3.4.3) still gives the encryption
error on a testjoin, shows correct info with getent and wbinfo (now
minus the panics), and allows access to shares
based on user permissions, but fails with group permissions. An attempt
to rejoin the domain still fails. However, winbind has never worked for
me in testing, so this doesn't really
I see that libkrb5-3 is being updated again today to 1.8+dfsg~alpha1-5
and will try it as soon as apt-get update quits throwing "Hash sum
Additionally, I will attempt Samba unstable (3.4.5).
There are still errors, but things are improving. Advice is very welcome.
More information about the samba