[Samba] Problems after PC is joined to the domain - Samba 4

Theodotos Andreou theo at ubuntucy.org
Fri May 30 04:13:35 MDT 2014 

Hello SAMBA community,

I used this guide to join a PC to the domain as member using samba 4:
https://wiki.samba.org/index.php/Samba4/Domain_Member

I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The 
stock samba version is:

# samba --version
Version 4.1.6-Ubuntu

When I tried to join the PC to the domain I got:

# net ads join -U admin
kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database
Failed to join domain: failed to connect to AD: Client not found in Kerberos database

Nevertheless the PC was joined to the domain despite the above error and 
proceeded with the following steps. But when I try the lists the users 
using 'wbinfo -u' I get some strange behavior. The command takes too 
long to complete and it then gives:

# wbinfo -u --verbose
FOREST\usbms_somepcname

The second time I run the command it takes again too long but it gives 
out the complete list of AD users. But when I try to login as a 
particular user though I get:

# su - myusername
No passwd entry for user 'myusername'
# id myusername
id: myusername: no such user

This is my smb.conf:

# cat /etc/samba/smb.conf
  [global]

    netbios name = MYPCNAME
    workgroup = DOM
    security = ADS
    realm = DOM.FOREST.INT
    encrypt passwords = yes

    idmap config *:backend = tdb
    idmap config *:range = 70001-80000
    idmap config LIM:backend = ad
    idmap config LIM:schema_mode = rfc2307
    idmap config LIM:range = 500-40000

    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

My nsswitch.conf:

# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

All the relevant services appear to be started:

# ps aux | grep 'smbd\|nmbd\|winbind'
root       621  0.0  0.2 276132  8416 ?        Ss   11:42   0:00 smbd -F
root       894  0.0  0.0 276132  3612 ?        S    11:42   0:00 smbd -F
root      1710  0.0  0.2 237704  7800 ?        Ss   11:42   0:00 /usr/sbin/winbindd -F
root      1734  0.0  0.0 191448  2776 ?        Ss   11:42   0:00 nmbd -D
root      1738  0.0  0.1 252152  6744 ?        S    11:42   0:00 /usr/sbin/winbindd -F
root      1751  0.0  0.1 246528  5856 ?        S    11:43   0:00 /usr/sbin/winbindd -F
root      7458  0.0  0.0 235360  3512 ?        S    11:51   0:00 /usr/sbin/winbindd -F
root      7459  0.0  0.0 235776  3688 ?        S    11:51   0:00 /usr/sbin/winbindd -F
root     14186  0.0  0.1  54364  5516 pts/27   S+   12:45   0:00 view log.winbindd
root     18139  0.0  0.0  16068  1116 pts/9    S+   13:12   0:00 grep --color=auto smbd\|nmbd\|winbind
root     32118  0.0  0.2 256420  8732 ?        S    12:25   0:00 /usr/sbin/winbindd -F


In the logs I get:

# cat log.wb-DOM
[2014/05/30 11:56:38.836954,  0] ../lib/util/fault.c:72(fault_report)
   ===============================================================
[2014/05/30 11:56:38.837130,  0] ../lib/util/fault.c:73(fault_report)
   INTERNAL ERROR: Signal 11 in pid 11014 (4.1.6-Ubuntu)
   Please read the Trouble-Shooting section of the Samba HOWTO
[2014/05/30 11:56:38.837269,  0] ../lib/util/fault.c:75(fault_report)
   ===============================================================
[2014/05/30 11:56:38.837325,  0] ../source3/lib/util.c:785(smb_panic_s3)
   PANIC (pid 11014): internal error
[2014/05/30 11:56:38.837938,  0] ../source3/lib/util.c:896(log_stack_trace)
   BACKTRACE: 21 stack frames:
    #0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f8642bbdf3a]
    #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f8642bbe010]
    #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f8646e97c6f]
    #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1ae86) [0x7f8646e97e86]
    #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x10340) [0x7f86472c5340]
    #5 /usr/lib/x86_64-linux-gnu/samba/liblibcli_netlogon3.so.0(rpccli_netlogon_sam_network_logon+0x15b) [0x7f8644b9223b]
    #6 /usr/sbin/winbindd(+0x3c5ed) [0x7f86477345ed]
    #7 /usr/sbin/winbindd(winbindd_dual_pam_auth_crap+0x35f) [0x7f8647737e4f]
    #8 /usr/sbin/winbindd(+0x5337c) [0x7f864774b37c]
    #9 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x867b) [0x7f8640c2f67b]
    #10 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x6b27) [0x7f8640c2db27]
    #11 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f8640c2a5ed]
    #12 /usr/sbin/winbindd(+0x55702) [0x7f864774d702]
    #13 /usr/sbin/winbindd(+0x55db5) [0x7f864774ddb5]
    #14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f8640c2ae14]
    #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8437) [0x7f8640c2f437]
    #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x6b27) [0x7f8640c2db27]
    #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f8640c2a5ed]
    #18 /usr/sbin/winbindd(main+0xad2) [0x7f864771ce42]
    #19 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f8640882ec5]
    #20 /usr/sbin/winbindd(+0x25532) [0x7f864771d532]
[2014/05/30 11:56:38.838488,  0] ../source3/lib/dumpcore.c:317(dump_core)
   dumping core in /var/log/samba/cores/winbindd
[2014/05/30 12:25:36.903054,  0] ../source3/winbindd/winbindd_dual.c:1367(child_handler)
   Could not write result

# cat log.wb-FOREST
[2014/05/30 11:51:37.364057,  0] ../source3/libads/sasl.c:994(ads_sasl_spnego_bind)
   kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
[2014/05/30 12:06:03.136753,  0] ../source3/libads/sasl.c:994(ads_sasl_spnego_bind)
   kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials

# cat log.winbindd
[2014/05/30 11:42:56,  0] ../source3/winbindd/winbindd.c:1453(main)
   winbindd version 4.1.6-Ubuntu started.
   Copyright Andrew Tridgell and the Samba Team 1992-2013
[2014/05/30 11:42:56.244725,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
   initialize_winbindd_cache: clearing cache and re-creating with version number 2
[2014/05/30 11:56:38.494103,  0] ../source3/winbindd/winbindd_util.c:330(trustdom_list_done)
   Got invalid trustdom response

The SAMBA HOWTO refers SAMBA 3.5 and I am not sure if the 
troubleshooting section is relevant to samba 4.

It used to work in samba 3 using this guide:
http://phreek.org/guides/ubuntu-samba-active-directory-member-server

Is this a bug or am I doing something wrong? How can I troubleshoot this 
issue further?

More information about the samba mailing list