[Samba] Upgrading from 4.1.4 to 4.1.6 on FreeBSD 9.2

Rowland Penny rowlandpenny at googlemail.com
Fri Mar 21 15:26:24 MDT 2014 

On 21/03/14 20:04, Doug Sampson wrote:
>> No, the compilation of the new version is linking against the installed
>> libraries of the old version rather than the ones it just built.
>>
>>> I will uninstall Samba 4.1.4 completely before installing 4.1.6.
>>>
>
> Okay, so I completely uninstalled Samba 4.1.4, rebooted and installed 4.1.6. The install completed without any warning messages.
>
> However, I am unable to join the AD- the login using the administrator's account just hangs there without returning to a command prompt. The console.log shows:
>
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]: [2014/03/21 11:07:33.571552,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1397]:   Got sig[15] terminate (is_parent=1)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]: [2014/03/21 11:07:33.581594,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
> Mar 21 11:07:33 P43003 kernel: Mar 21 11:07:33 P43003 winbindd[1399]:   Got sig[15] terminate (is_parent=0)
> root at P43003:/usr/local/lib #
>
> Okay, so winbindd isn't working. Why? wbinfo -u shows expected list of AD users. However, getent passwd shows only the local unix user accounts.
>
> root at P43003:/usr/local/lib # cat /etc/nsswitch.conf
> #
> # nsswitch.conf(5) - name service switch configuration file
> # $FreeBSD: release/9.2.0/etc/nsswitch.conf 224765 2011-08-10 20:52:02Z dougb $
> #
> group: files winbind
> group_compat: nis
> hosts: files dns winbind
> networks: files
> passwd: files winbind
> passwd_compat: nis
> shells: files
> services: compat
> services_compat: nis
> protocols: files
> rpc: files
> root at P43003:/usr/local/lib #
>
> Looks good, no?
>
> winbind.so does exist in /usr/local/lib:
>
> root at P43003:/usr/local/lib # ll *winbind*
> -rwxr-xr-x  1 root  wheel  22832 Mar 20 19:55 nss_winbind.so.1*
> -rwxr-xr-x  1 root  wheel  53098 Mar 20 19:55 pam_winbind.so*
> -rwxr-xr-x  1 root  wheel   6026 Mar 20 19:56 winbind_krb5_locator.so*
> root at P43003:/usr/local/lib #
>
> make showconfig:
>
> root at P43003:/usr/ports/net/samba41 # make showconfig
> ===> The following configuration options are available for samba41-4.1.6:
>       ACL_SUPPORT=on: File system ACL support
>       ADS=on: Active Directory support
>       AIO_SUPPORT=on: Asyncronous IO support
>       CUPS=off: CUPS printing system support
>       DEBUG=off: With debug information in the binaries
>       DEVELOPER=off: With development support
>       DNSUPDATE=on: Dynamic DNS update(require ADS)
>       EXP_MODULES=on: Experimental modules
>       FAM_SUPPORT=off: File Alteration Monitor support
>       LDAP=on: LDAP support
>       MANPAGES=off: Build and/or install manual pages
>       PAM_SMBPASS=on: PAM authentication via passdb backends
>       PTHREADPOOL=on: Pthread pool
>       QUOTAS=off: Disk quota support
>       SYSLOG=on: Syslog support
>       UTMP=on: UTMP accounting support
> ====> Options available for the single DNS: you have to select exactly one of them
>       NSUPDATE=on: Use internal DNS with NSUPDATE utility
>       BIND98=off: Use bind98 as a DNS server frontend
>       BIND99=off: Use bind99 as a DNS server frontend
> ====> Options available for the radio ZEROCONF: you can only select none or one of them
>       AVAHI=off: Zeroconf support via Avahi
>       MDNSRESPONDER=on: Zeroconf support via mDNSResponder
> ===> Use 'make config' to modify these settings
> root at P43003:/usr/ports/net/samba41 #
>
> testparm:
>
> root at P43003:/usr/ports/net/samba41 # testparm
> Load smb config files from /usr/local/etc/smb4.conf
> Processing section "[doug]"
> Processing section "[public]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>          workgroup = EXAMPLE
>          realm = EXAMPLE.COM
>          server string =
>          security = ADS
>          kerberos method = system keytab
>          log file = /var/log/samba4/log.%m
>          smb ports = 445
>          min receivefile size = 16384
>          disable netbios = Yes
>          max mux = 32768
>          name resolve order = lmhosts, hosts, bcast
>          client ldap sasl wrapping = seal
>          socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
>          load printers = No
>          printcap name = /dev/null
>          disable spoolss = Yes
>          local master = No
>          domain master = No
>          template shell = /bin/bash
>          winbind separator = -
>          winbind cache time = 10
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind nss info = rfc2307
>          winbind refresh tickets = Yes
>          winbind offline logon = Yes
>          idmap config *:range = 70001-80000
>          idmap config EXAMPLE:backend = ad
>          idmap config EXAMPLE:schema_mode = rfc2307
>          idmap config EXAMPLE:range = 50001-60000
>          idmap config * : backend = tdb
>          admin users = <<<redacted>>>
>          inherit permissions = Yes
>          inherit acls = Yes
>          hosts allow = 192.168.xxx., 192.168.xxx., 127., 10.8.
>          aio read size = 16384
>          aio write size = 16384
>          aio write behind = true
>          directory name cache size = 0
>          use sendfile = Yes
>          dos filemode = Yes
>
> [doug]
>          comment = /usr/home/EXAMPLE/doug
>          path = /usr/home/EXAMPLE/doug
>          valid users = <<<redacted>>>
>          read only = No
>          create mask = 0774
>          directory mask = 0774
>          inherit owner = Yes
>
> [public]
>          comment = Public Stuff
>          path = /usr/home/public
>          write list = <<<redacted>>>
>          read only = No
>          create mask = 0774
>          directory mask = 0774
>          force directory mode = 0774
>          guest ok = Yes
>
>
>
> I am trying to join this machine as a member server of the AD.
>
> root at P43003:/usr/ports/net/samba41 # net ads info
> ads_connect: No logon servers
> ads_connect: No logon servers
> Didn't find the ldap server!
> root at P43003:/usr/ports/net/samba41 # net ads join -U admin
> Enter admin's password:
> ^C                           <<<<<<<<<<<<<<<<<<------------ this is after waiting ~15 minutes
> root at P43003:/usr/ports/net/samba41 # net ads info
> LDAP server: 192.168.xxx.x
> LDAP server name: <<<redacted>>>.example.com
> Realm: EXAMPLE.COM
> Bind Path: dc=EXAMPLE,dc=COM
> LDAP port: 389
> Server time: Fri, 21 Mar 2014 12:59:06 PDT
> KDC server: 192.168.xxx.x
> Server time offset: 0
> root at P43003:/usr/ports/net/samba41 #
>
> Still cannot enumerate AD users via getent passwd.
>
> What am I doing wrong?
>
> ~Doug
>
Hi, what do you have in krb5.conf & resolv.conf

Rowland

More information about the samba mailing list