[Samba] Samba 4.51 Solaris 11 AD client

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Dec 8 02:33:22 UTC 2016 

Solaris 11 include samba 3.6.25.  I compiled samba 4.5.1 using GCC 4.8 and
gmake.  Had set following env variables to make sure krb5.conf was found

 

 

 

# CPLUS_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/

# C_INCLUDE_PATH=/usr/include:/usr/include/kerberosv5/

 

After setting  "client ldap sasl wrapping = plain"   I was able to join to a
Windows 2008 domain with samba 4.  

 

The samba 4.5.1 "wbinfo -m" showed the domain.  However "wbinfo -u" did not
show any users.

 

This works OK with samba 3.6.25 .

 

With Samba 3 

 

# testparm -v | grep signing

Load smb config files from /etc/samba/smb.conf

rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)

Processing section "[homes]"

Processing section "[printers]"

Loaded services file OK.

Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

 

        client signing = required

        client ipc signing = required

        server signing = No

 

 

 

With samba4

 

 

# /usr/local/samba/bin/testparm -v | grep signing

Load smb config files from /usr/local/samba-4.5.1/etc/smb.conf

rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)

Processing section "[homes]"

Processing section "[printers]"

Loaded services file OK.

Server role: ROLE_DOMAIN_MEMBER

 

Press enter to see a dump of your service definitions

 

        client ipc signing = default

        client signing = default

        server signing = default

 

 

log.winbindd has

 

 

[2016/12/07 21:16:22.781818,  1, pid=1520, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd_util.c:352(trustdom_list_done)

  trustdom_list_done: Could not receive trusts for domain MYDOMAIN

 

 

 

both samba3 and samba4 create krb5.conf.MYDOMAIN files 

 

#/usr/local/samba/var/lock/smb_krb5# cat krb5.conf.MYDOMAIN

[libdefaults]

        default_realm = MYDOMAIN.COM

        default_tgs_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5

        default_tkt_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC DES-CBC-CRC DES-CBC-MD5

        preferred_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
RC4-HMAC DES-CBC-CRC DES-CBC-MD5

        dns_lookup_realm = false

 

[realms]

        MYDOMAIN.COM = {

                kdc = 192.168.x.y

                kdc = 192.168.x.z

        }

#:/usr/local/samba/var/lock/smb_krb5#

 

 

 

 

I would like to disable DES encryption.   Or maybe have samba use the system
krb5.conf .    

 

 

 

With samba3, wbinfo will not show users from "classic" trusted domains but
will show users from AD trusted domains.

 

Beginning to think that I should have uninstalled samba3 before compiling
samba4 to make sure no conflicts between different versions of samba
libraries.

More information about the samba mailing list