SuSe Linux 9.1 Samba 3.0.7 from rpm for SuSe Linux 9.1 deadking for Samba WINBIND daemon srvcao02:/lib # /etc/init.d/winbind start doneting Samba WINBIND daemon - Warning: /var/run/samba/winbindd.pid exists. srvcao02:/lib # /etc/init.d/winbind status deadking for Samba WINBIND daemon srvcao02:/lib # Here is the log file : ________________________________________________________________________________ [2004/09/29 16:20:50, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No such file or directory) [2004/09/29 16:20:51, 0] lib/fault.c:fault_report(36) =============================================================== [2004/09/29 16:20:51, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 7118 (3.0.7-1.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection #15 /usr/sbin/winbindd(main+0x5d4) [0x80705e0] #16 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x40257500] #17 /usr/sbin/winbindd [0x806e9f1] [2004/09/29 16:20:50, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No such file or directory) [2004/09/29 16:20:51, 0] lib/fault.c:fault_report(36) =============================================================== [2004/09/29 16:20:51, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 7118 (3.0.7-1.1-SUSE) Please read the appendix Bugs of the Samba HOWTO collection [2004/09/29 16:20:51, 0] lib/fault.c:fault_report(39) =============================================================== [2004/09/29 16:20:51, 0] lib/util.c:smb_panic2(1381) PANIC: internal error [2004/09/29 16:20:51, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 18 stack frames: #0 /usr/sbin/winbindd(smb_panic2+0x1ec) [0x80d2a05] #1 /usr/sbin/winbindd(smb_panic+0x25) [0x80d2813] #2 /usr/sbin/winbindd [0x80be377] #3 /usr/sbin/winbindd [0x80be3ed] #4 [0xffffe420] #5 /usr/lib/libkrb5.so.17 [0x400b0d12] #6 /usr/lib/libkrb5.so.17(krb5_cc_default+0x40) [0x400b0ed0] #7 /usr/sbin/winbindd(kerberos_kinit_password+0x85) [0x81920f0] ________________________________________________________________________________ testparm : srvcao02:/ # /usr/local/samba/bin/testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Processing section "[printers]" Processing section "[print$]" Processing section "[mmedia$]" Processing section "[databem$]" Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = DUBUSIND realm = DUBUSIND.COM server string = Test samba 3.0 on Windows 2000 domain security = ADS auth methods = winbind obey pam restrictions = Yes password server = serveur log file = /var/log/samba/%m.log max log size = 50 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY os level = 33 local master = No domain master = No dns proxy = No wins server = 192.0.0.51 ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = + winbind cache time = 10 winbind use default domain = Yes preserve case = No short preserve case = No [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [mmedia$] comment = Mmedia path = /Data/mmedia read only = No create mask = 0777 directory mask = 0777 inherit permissions = Yes inherit acls = Yes [databem$] comment = Bemeca path = /Data/data-bem/ admin users = @DUBUSIND.COM+AdminBEM, DUBUSIND.COM+admbem write list = @DUBUSIND.COM+BEM read only = No create mask = 0777 directory mask = 0777 inherit permissions = Yes inherit acls = Yes ________________________________________________________________________________ Find below the /etc/krb5.conf [libdefaults] default_realm = DUBUSIND.COM clockskew = 300 ticket_lifetime = 24000 dns_lookup_realm = false dns_lookup_kdc = false [realms] DUBUSIND.COM = { kdc = serveur.dubusind.com:88 admin_server = serveur.dubusind.com:749 kpasswd_server = serveur.dubusind.com default_domain = dubusind.com } OTHER.REALM = { kdc = OTHER.COMPUTER } [domain_realms] .dubusind.com = DUBUSIND.COM dubusind.com = DUBUSIND.COM [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/kdc5kdc.log admin_server = FILE:/var/log/kadmind.log [KDC] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } ________________________________________________________________________________ kinit work well but net ads testjoin : srvcao02:/etc # net ads testjoin Segmentation fault
There is a very high chance this is triggered by several memleaks that were fixed in winbindd. Fixing those memleaks triggers a bug in SuSE 9.1's kerberos-implementation (heimdal 0.6.1rc3; AFAIK, SuSE is currently preparing an update). Until SuSE has this update available, you could either a) avoid using security=ads b) give sernet-rpms a try. they use a custom, bugfixed and statically linked kerberos-version, see: ftp://ftp.sernet.de/pub/samba/suse91/ manually limiting auth methods is really something you should only do when you exactly know what you're doing. please give use feedback :)
I have verified all configuration files and re - installed every rpm binary of the samba 3.0.7 with the tool SuSE YAST2. Now Winbind does not crach any more, but I always have the error " Segmentation fault " for all the commands "net ads". I would like knowing from SuSE if there is the same problem with the version SUSE Linux Enterprise 9 of the Operating system.
SLES9 suffers the same heimdal-problem, yes.
Pascal, can you please check if the SerNet RPMs work fine for you?
Yes, I shall like making it but I am blocked by a dependency problem of package rpm between the version 3.0.7-1.1 and the version 3.0.7-14. I have to uninstall all old rpm packages ?
Not all, just the samba-related ones :) rpm -qa | grep ^samba will show you the list.
Uninstall 3.0.7-1.1 ok Install 3.0.7-14 sernet-rpms ok The configuration seems good (join domain OK, kinit = OK, testparm = OK, wbinfo -u = OK), but it does not work... srvcao02:~ # smbclient -Uoroussy //srvcao02/databem$ Password: session setup failed: Call timed out: server did not respond after 20000 millise conds under windows 2k client i have olso a time out message srvcao02:/etc/samba # wbinfo -g Error looking up domain groups ? I think i have some error in the krb5.conf ____________________________________________________________________________ /etc/krb5.conf [libdefaults] default_realm = DUBUSIND.COM clockskew = 300 ticket_lifetime = 24000 dns_lookup_realm = false dns_lookup_kdc = false [realms] DUBUSIND.COM = { kdc = serveur.dubusind.com:88 admin_server = serveur.dubusind.com:749 kpasswd_server = serveur.dubusind.com default_domain = dubusind.com } OTHER.REALM = { kdc = OTHER.COMPUTER } [domain_realms] .dubusind.com = DUBUSIND.COM dubusind.com = DUBUSIND.COM [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/kdc5kdc.log admin_server = FILE:/var/log/kadmind.log [KDC] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } ____________________________________________________________________________ srvcao02:~ # net ads status accountExpires: 9223372036854775807 badPasswordTime: 0 badPwdCount: 0 codePage: 0 cn: srvcao02 countryCode: 0 dNSHostName: srvcao02.dubusind.com instanceType: 4 isCriticalSystemObject: FALSE lastLogoff: 0 lastLogon: 127411132820156250 logonCount: 5 distinguishedName: CN=srvcao02,CN=Computers,DC=DUBUSIND,DC=com objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=DUBUSIND,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer objectGUID: be1d9931-b830-4ae9-a6cd-3f210411ef45 objectSid: S-1-5-21-1211050506-785693551-330609462-1346 operatingSystem: Samba operatingSystemVersion: 3.0.7-SerNet-SuSE primaryGroupID: 515 pwdLastSet: 127411114600937500 name: srvcao02 sAMAccountName: srvcao02$ sAMAccountType: 805306369 servicePrincipalName: CIFS/srvcao02.dubusind.com servicePrincipalName: CIFS/srvcao02 servicePrincipalName: HOST/srvcao02.dubusind.com servicePrincipalName: HOST/srvcao02 userAccountControl: 69632 userPrincipalName: HOST/srvcao02@DUBUSIND.COM uSNChanged: 547798 uSNCreated: 547795 whenChanged: 20041001133740.0Z whenCreated: 20041001133739.0Z
Are you sure, you have restarted your servers with "rcsmb restart; rcwinbind restart"? I cannot reproduce your problem.
yes i have restart all services with /etc/init.d/nmb stop /etc/init.d/smb stop /etc/init.d/winbind stop /etc/init.d/nmb start /etc/init.d/smb start /etc/init.d/winbind start i have change the smb.conf file with security = domain and now all work well.
ok, now winbind does not use kerberos-authentication any more :) Closing this bug - after thoroughly testing the sernet rpms, I could not reproduce any heimdal-related crashes. Please reopen this bug, if you feel this is not correct.