[Samba] ADS Problem : segmentation fault

djamel boussebha dboussebha at yahoo.fr
Mon Nov 21 02:12:04 MST 2011


Hi;
 
Please I would like to know which are the corrects values to set into the samba/kerberos configuration to ads protocol works fine.
My platform is :
 
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177 (CILVS049)
 
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
 
The kinit works fine  :
 
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting     Expires            Service principal
11/21/11 09:56:18  11/21/11 16:36:18  krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
 
wbinfo -u et wbinfo -g work fine : 

# wbinfo -u
administrateur
invité
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync

My configuration is as follows :
 
hosts file on the linux server  :
 
# cat /etc/hosts
127.0.0.1       local.localdomain   localhost CILVS049
187.0.22.177    CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104    CINVW067.p9bis.neoplus.laposte.poc CINVW067
 
#cat /etc/samba/smb.conf :
[global]
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        security = ads
        client use spnego = yes
        realm = P9BIS.NEOPLUS.LAPOSTE.POC
        server string = CILVS049
        workgroup = P9BIS
        password server = 187.0.17.104.p9bis.neoplus.laposte.poc
        interfaces = 127.0.0.1 eth0
        bind interfaces only = true
        printing = cups
        printcap name = cups
        load printers = yes
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        #idmap backend = ad
        winbind enum users = yes
        winbind enum groups = yes
        client use spnego = yes
        encrypt passwords = yes
        winbind nested groups = yes
        winbind separator = /
        winbind nss info = sfu
        winbind cache time = 3600
        winbind use default domain = yes
        preferred master = no
        domain master = no
        restrict anonymous = 2
        log file = /var/log/samba/log.smbd
        max log size = 50
        usershare allow guests = no
        netbios name = CILVS049
        #wins server = 187.0.17.104
        #wins proxy = no
        dns proxy = no
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

 
#cat /etc/krb5.conf :
[libdefaults]
        default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
        default_keytab_name = FILE:/etc/krb5.keytab
        kdc_timesync = 1
        ticket_lifetime = 24000
        dns_lookup_kdc = true
        dns_lookup_realm = true
        forwardable = true
        fcc-mit-ticketflags = true
        clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
        kdc = 187.0.17.104:88
        default_domain = p9bis.neoplus.laposte.poc
        admin_server = 187.0.17.104:749
}
[logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
[domain_realm]
        MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
        .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
        ticket_lifetime = 1d
        renew_lifetime = 1d
        forwardable = true
        proxiable = false
        retain_after_close = false
        minimum_uid = 1
        try_first_pass = true
}
kinit = {
        forwardable = true
        proxiable = false
        renewable = true
        retain_after_close = false
        minimum_uid = 1
        try_first_pass = true
}
 
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
 
#cat /etc/nsswitch.conf
passwd: files winbind
group:  files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files
services:       files
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       files
publickey:      files
bootparams:     files
automount:      files
aliases:        files
 
How my configuration Samba/kerberos/winbind fails with ADS ?
 
Regards


More information about the samba mailing list