[Samba] Upgrading from 4.1.4 to 4.1.6 on FreeBSD 9.2
Rowland Penny
rowlandpenny at googlemail.com
Fri Mar 21 15:26:24 MDT 2014
On 21/03/14 20:04, Doug Sampson wrote:
>> No, the compilation of the new version is linking against the installed
>> libraries of the old version rather than the ones it just built.
>>
>>> I will uninstall Samba 4.1.4 completely before installing 4.1.6.
>>>
>
> Okay, so I completely uninstalled Samba 4.1.4, rebooted and installed 4.1.6. The install completed without any warning messages.
>
> However, I am unable to join the AD- the login using the administrator's account just hangs there without returning to a command prompt. The console.log shows:
>
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: [2014/03/21 11:07:33.571552, 0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: Got sig[15] terminate (is_parent=1)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: [2014/03/21 11:07:33.581594, 0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: Got sig[15] terminate (is_parent=0)
> root at P43003:/usr/local/lib #
>
> Okay, so winbindd isn't working. Why? wbinfo -u shows expected list of AD users. However, getent passwd shows only the local unix user accounts.
>
> root at P43003:/usr/local/lib # cat /etc/nsswitch.conf
> #
> # nsswitch.conf(5) - name service switch configuration file
> # $FreeBSD: release/9.2.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
> #
> group: files winbind
> group_compat: nis
> hosts: files dns winbind
> networks: files
> passwd: files winbind
> passwd_compat: nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
> root at P43003:/usr/local/lib #
>
> Looks good, no?
>
> winbind.so does exist in /usr/local/lib:
>
> root at P43003:/usr/local/lib # ll *winbind*
> -rwxr-xr-x 1 root wheel 22832 Mar 20 19:55 nss_winbind.so.1*
> -rwxr-xr-x 1 root wheel 53098 Mar 20 19:55 pam_winbind.so*
> -rwxr-xr-x 1 root wheel 6026 Mar 20 19:56 winbind_krb5_locator.so*
> root at P43003:/usr/local/lib #
>
> make showconfig:
>
> root at P43003:/usr/ports/net/samba41 # make showconfig
> ===> The following configuration options are available for samba41-4.1.6:
> ACL_SUPPORT=on: File system ACL support
> ADS=on: Active Directory support
> AIO_SUPPORT=on: Asyncronous IO support
> CUPS=off: CUPS printing system support
> DEBUG=off: With debug information in the binaries
> DEVELOPER=off: With development support
> DNSUPDATE=on: Dynamic DNS update(require ADS)
> EXP_MODULES=on: Experimental modules
> FAM_SUPPORT=off: File Alteration Monitor support
> LDAP=on: LDAP support
> MANPAGES=off: Build and/or install manual pages
> PAM_SMBPASS=on: PAM authentication via passdb backends
> PTHREADPOOL=on: Pthread pool
> QUOTAS=off: Disk quota support
> SYSLOG=on: Syslog support
> UTMP=on: UTMP accounting support
> ====> Options available for the single DNS: you have to select exactly one of them
> NSUPDATE=on: Use internal DNS with NSUPDATE utility
> BIND98=off: Use bind98 as a DNS server frontend
> BIND99=off: Use bind99 as a DNS server frontend
> ====> Options available for the radio ZEROCONF: you can only select none or one of them
> AVAHI=off: Zeroconf support via Avahi
> MDNSRESPONDER=on: Zeroconf support via mDNSResponder
> ===> Use 'make config' to modify these settings
> root at P43003:/usr/ports/net/samba41 #
>
> testparm:
>
> root at P43003:/usr/ports/net/samba41 # testparm
> Load smb config files from /usr/local/etc/smb4.conf
> Processing section "[doug]"
> Processing section "[public]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = EXAMPLE
> realm = EXAMPLE.COM
> server string =
> security = ADS
> kerberos method = system keytab
> log file = /var/log/samba4/log.%m
> smb ports = 445
> min receivefile size = 16384
> disable netbios = Yes
> max mux = 32768
> name resolve order = lmhosts, hosts, bcast
> client ldap sasl wrapping = seal
> socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> local master = No
> domain master = No
> template shell = /bin/bash
> winbind separator = -
> winbind cache time = 10
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind nss info = rfc2307
> winbind refresh tickets = Yes
> winbind offline logon = Yes
> idmap config *:range = 70001-80000
> idmap config EXAMPLE:backend = ad
> idmap config EXAMPLE:schema_mode = rfc2307
> idmap config EXAMPLE:range = 50001-60000
> idmap config * : backend = tdb
> admin users = <<<redacted>>>
> inherit permissions = Yes
> inherit acls = Yes
> hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.
> aio read size = 16384
> aio write size = 16384
> aio write behind = true
> directory name cache size = 0
> use sendfile = Yes
> dos filemode = Yes
>
> [doug]
> comment = /usr/home/EXAMPLE/doug
> path = /usr/home/EXAMPLE/doug
> valid users = <<<redacted>>>
> read only = No
> create mask = 0774
> directory mask = 0774
> inherit owner = Yes
>
> [public]
> comment = Public Stuff
> path = /usr/home/public
> write list = <<<redacted>>>
> read only = No
> create mask = 0774
> directory mask = 0774
> force directory mode = 0774
> guest ok = Yes
>
>
>
> I am trying to join this machine as a member server of the AD.
>
> root at P43003:/usr/ports/net/samba41 # net ads info
> ads_connect: No logon servers
> ads_connect: No logon servers
> Didn't find the ldap server!
> root at P43003:/usr/ports/net/samba41 # net ads join -U admin
> Enter admin's password:
> ^C <<<<<<<<<<<<<<<<<<------------ this is after waiting ~15 minutes
> root at P43003:/usr/ports/net/samba41 # net ads info
> LDAP server: 192.168.xxx.x
> LDAP server name: <<<redacted>>>.example.com
> Realm: EXAMPLE.COM
> Bind Path: dc=EXAMPLE,dc=COM
> LDAP port: 389
> Server time: Fri, 21 Mar 2014 12:59:06 PDT
> KDC server: 192.168.xxx.x
> Server time offset: 0
> root at P43003:/usr/ports/net/samba41 #
>
> Still cannot enumerate AD users via getent passwd.
>
> What am I doing wrong?
>
> ~Doug
>
Hi, what do you have in krb5.conf & resolv.conf
Rowland
More information about the samba
mailing list