[Samba] Upgrading from 4.1.4 to 4.1.6 on FreeBSD 9.2

Doug Sampson dougs at dawnsign.com
Fri Mar 21 14:04:19 MDT 2014

> No, the compilation of the new version is linking against the installed
> libraries of the old version rather than the ones it just built.
> > I will uninstall Samba 4.1.4 completely before installing 4.1.6.
> >

Okay, so I completely uninstalled Samba 4.1.4, rebooted and installed 4.1.6. The install completed without any warning messages.

However, I am unable to join the AD- the login using the administrator's account just hangs there without returning to a command prompt. The console.log shows:

Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: [2014/03/21 11:07:33.571552,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]:   Got sig[15] terminate (is_parent=1)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: [2014/03/21 11:07:33.581594,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]:   Got sig[15] terminate (is_parent=0)
root at P43003:/usr/local/lib #

Okay, so winbindd isn't working. Why? wbinfo -u shows expected list of AD users. However, getent passwd shows only the local unix user accounts.

root at P43003:/usr/local/lib # cat /etc/nsswitch.conf 
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: release/9.2.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
group: files winbind
group_compat: nis
hosts: files dns winbind
networks: files
passwd: files winbind
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
root at P43003:/usr/local/lib #

Looks good, no?

winbind.so does exist in /usr/local/lib:

root at P43003:/usr/local/lib # ll *winbind*
-rwxr-xr-x  1 root  wheel  22832 Mar 20 19:55 nss_winbind.so.1*
-rwxr-xr-x  1 root  wheel  53098 Mar 20 19:55 pam_winbind.so*
-rwxr-xr-x  1 root  wheel   6026 Mar 20 19:56 winbind_krb5_locator.so*
root at P43003:/usr/local/lib #

make showconfig:

root at P43003:/usr/ports/net/samba41 # make showconfig
===> The following configuration options are available for samba41-4.1.6:
     ACL_SUPPORT=on: File system ACL support
     ADS=on: Active Directory support
     AIO_SUPPORT=on: Asyncronous IO support
     CUPS=off: CUPS printing system support
     DEBUG=off: With debug information in the binaries
     DEVELOPER=off: With development support
     DNSUPDATE=on: Dynamic DNS update(require ADS)
     EXP_MODULES=on: Experimental modules
     FAM_SUPPORT=off: File Alteration Monitor support
     LDAP=on: LDAP support
     MANPAGES=off: Build and/or install manual pages
     PAM_SMBPASS=on: PAM authentication via passdb backends
     PTHREADPOOL=on: Pthread pool
     QUOTAS=off: Disk quota support
     SYSLOG=on: Syslog support
     UTMP=on: UTMP accounting support
====> Options available for the single DNS: you have to select exactly one of them
     NSUPDATE=on: Use internal DNS with NSUPDATE utility
     BIND98=off: Use bind98 as a DNS server frontend
     BIND99=off: Use bind99 as a DNS server frontend
====> Options available for the radio ZEROCONF: you can only select none or one of them
     AVAHI=off: Zeroconf support via Avahi
     MDNSRESPONDER=on: Zeroconf support via mDNSResponder
===> Use 'make config' to modify these settings
root at P43003:/usr/ports/net/samba41 #


root at P43003:/usr/ports/net/samba41 # testparm
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[doug]"
Processing section "[public]"
Loaded services file OK.
Press enter to see a dump of your service definitions

        workgroup = EXAMPLE
        realm = EXAMPLE.COM
        server string = 
        security = ADS
        kerberos method = system keytab
        log file = /var/log/samba4/log.%m
        smb ports = 445
        min receivefile size = 16384
        disable netbios = Yes
        max mux = 32768
        name resolve order = lmhosts, hosts, bcast
        client ldap sasl wrapping = seal
        socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        local master = No
        domain master = No
        template shell = /bin/bash
        winbind separator = -
        winbind cache time = 10
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nss info = rfc2307
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        idmap config *:range = 70001-80000
        idmap config EXAMPLE:backend = ad
        idmap config EXAMPLE:schema_mode = rfc2307
        idmap config EXAMPLE:range = 50001-60000
        idmap config * : backend = tdb
        admin users = <<<redacted>>>
        inherit permissions = Yes
        inherit acls = Yes
        hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.
        aio read size = 16384
        aio write size = 16384
        aio write behind = true
        directory name cache size = 0
        use sendfile = Yes
        dos filemode = Yes

        comment = /usr/home/EXAMPLE/doug
        path = /usr/home/EXAMPLE/doug
        valid users = <<<redacted>>>
        read only = No
        create mask = 0774
        directory mask = 0774
        inherit owner = Yes

        comment = Public Stuff
        path = /usr/home/public
        write list = <<<redacted>>>
        read only = No
        create mask = 0774
        directory mask = 0774
        force directory mode = 0774
        guest ok = Yes

I am trying to join this machine as a member server of the AD.

root at P43003:/usr/ports/net/samba41 # net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at P43003:/usr/ports/net/samba41 # net ads join -U admin
Enter admin's password:
^C                           <<<<<<<<<<<<<<<<<<------------ this is after waiting ~15 minutes
root at P43003:/usr/ports/net/samba41 # net ads info
LDAP server: 192.168.xxx.x
LDAP server name: <<<redacted>>>.example.com
Bind Path: dc=EXAMPLE,dc=COM
LDAP port: 389
Server time: Fri, 21 Mar 2014 12:59:06 PDT
KDC server: 192.168.xxx.x
Server time offset: 0
root at P43003:/usr/ports/net/samba41 #

Still cannot enumerate AD users via getent passwd.

What am I doing wrong?


More information about the samba mailing list