[Samba] Upgrading from 4.1.4 to 4.1.6 on FreeBSD 9.2
Doug Sampson
dougs at dawnsign.com
Fri Mar 21 14:04:19 MDT 2014
> No, the compilation of the new version is linking against the installed
> libraries of the old version rather than the ones it just built.
>
> > I will uninstall Samba 4.1.4 completely before installing 4.1.6.
> >
Okay, so I completely uninstalled Samba 4.1.4, rebooted and installed 4.1.6. The install completed without any warning messages.
However, I am unable to join the AD- the login using the administrator's account just hangs there without returning to a command prompt. The console.log shows:
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: [2014/03/21 11:07:33.571552, 0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: Got sig[15] terminate (is_parent=1)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: [2014/03/21 11:07:33.581594, 0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: Got sig[15] terminate (is_parent=0)
root at P43003:/usr/local/lib #
Okay, so winbindd isn't working. Why? wbinfo -u shows expected list of AD users. However, getent passwd shows only the local unix user accounts.
root at P43003:/usr/local/lib # cat /etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: release/9.2.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
#
group: files winbind
group_compat: nis
hosts: files dns winbind
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
root at P43003:/usr/local/lib #
Looks good, no?
winbind.so does exist in /usr/local/lib:
root at P43003:/usr/local/lib # ll *winbind*
-rwxr-xr-x 1 root wheel 22832 Mar 20 19:55 nss_winbind.so.1*
-rwxr-xr-x 1 root wheel 53098 Mar 20 19:55 pam_winbind.so*
-rwxr-xr-x 1 root wheel 6026 Mar 20 19:56 winbind_krb5_locator.so*
root at P43003:/usr/local/lib #
make showconfig:
root at P43003:/usr/ports/net/samba41 # make showconfig
===> The following configuration options are available for samba41-4.1.6:
ACL_SUPPORT=on: File system ACL support
ADS=on: Active Directory support
AIO_SUPPORT=on: Asyncronous IO support
CUPS=off: CUPS printing system support
DEBUG=off: With debug information in the binaries
DEVELOPER=off: With development support
DNSUPDATE=on: Dynamic DNS update(require ADS)
EXP_MODULES=on: Experimental modules
FAM_SUPPORT=off: File Alteration Monitor support
LDAP=on: LDAP support
MANPAGES=off: Build and/or install manual pages
PAM_SMBPASS=on: PAM authentication via passdb backends
PTHREADPOOL=on: Pthread pool
QUOTAS=off: Disk quota support
SYSLOG=on: Syslog support
UTMP=on: UTMP accounting support
====> Options available for the single DNS: you have to select exactly one of them
NSUPDATE=on: Use internal DNS with NSUPDATE utility
BIND98=off: Use bind98 as a DNS server frontend
BIND99=off: Use bind99 as a DNS server frontend
====> Options available for the radio ZEROCONF: you can only select none or one of them
AVAHI=off: Zeroconf support via Avahi
MDNSRESPONDER=on: Zeroconf support via mDNSResponder
===> Use 'make config' to modify these settings
root at P43003:/usr/ports/net/samba41 #
testparm:
root at P43003:/usr/ports/net/samba41 # testparm
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[doug]"
Processing section "[public]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = EXAMPLE
realm = EXAMPLE.COM
server string =
security = ADS
kerberos method = system keytab
log file = /var/log/samba4/log.%m
smb ports = 445
min receivefile size = 16384
disable netbios = Yes
max mux = 32768
name resolve order = lmhosts, hosts, bcast
client ldap sasl wrapping = seal
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
load printers = No
printcap name = /dev/null
disable spoolss = Yes
local master = No
domain master = No
template shell = /bin/bash
winbind separator = -
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config *:range = 70001-80000
idmap config EXAMPLE:backend = ad
idmap config EXAMPLE:schema_mode = rfc2307
idmap config EXAMPLE:range = 50001-60000
idmap config * : backend = tdb
admin users = <<<redacted>>>
inherit permissions = Yes
inherit acls = Yes
hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.
aio read size = 16384
aio write size = 16384
aio write behind = true
directory name cache size = 0
use sendfile = Yes
dos filemode = Yes
[doug]
comment = /usr/home/EXAMPLE/doug
path = /usr/home/EXAMPLE/doug
valid users = <<<redacted>>>
read only = No
create mask = 0774
directory mask = 0774
inherit owner = Yes
[public]
comment = Public Stuff
path = /usr/home/public
write list = <<<redacted>>>
read only = No
create mask = 0774
directory mask = 0774
force directory mode = 0774
guest ok = Yes
I am trying to join this machine as a member server of the AD.
root at P43003:/usr/ports/net/samba41 # net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at P43003:/usr/ports/net/samba41 # net ads join -U admin
Enter admin's password:
^C <<<<<<<<<<<<<<<<<<------------ this is after waiting ~15 minutes
root at P43003:/usr/ports/net/samba41 # net ads info
LDAP server: 192.168.xxx.x
LDAP server name: <<<redacted>>>.example.com
Realm: EXAMPLE.COM
Bind Path: dc=EXAMPLE,dc=COM
LDAP port: 389
Server time: Fri, 21 Mar 2014 12:59:06 PDT
KDC server: 192.168.xxx.x
Server time offset: 0
root at P43003:/usr/ports/net/samba41 #
Still cannot enumerate AD users via getent passwd.
What am I doing wrong?
~Doug
More information about the samba
mailing list