winbindd crashes on startup after joining server to windows 2003 ad domain with "net ads join" suse linux 9.1 kernel 2.6.4-52-default heimdal-0.6.1rc3-51 smb.conf: [global] security=ADS realm=HJEMME.HOME encrypt passwords=yes password server=hjemme.home winbind cache time = 3 winbind separator = + workgroup = NETBIOS auth methods = winbind #obey pam restrictions = yes #winbind use default domain = yes interfaces = 127.0.0.1 eth0 eth1 #bind interfaces only = true printing = cups idmap uid = 10000-40000 idmap gid = 10000-40000 printcap name = cups printer admin = @ntadmin, root, administrator map to guest = Bad User [groups] comment = All groups path = /home/groups writeable = Yes inherit permissions = Yes krb5.conf: [libdefaults] default_realm = HJEMME.HOME clockskew = 300 [realms] HJEMME.HOME = { kdc = hjemme.home admin_server = hjemme.home kpasswd_server = hjemme.home } OTHER.REALM = { kdc = OTHER.COMPUTER } [domain_realm] .HJEMME.HOME = HJEMME.HOME [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } winbind -F -i -d 3 (end of dump:)add_trusted_domain: NETBIOS is an NT4 domain Added domain NETBIOS HJEMME.HOME S-0-0 Connected to LDAP server 192.168.2.100 got ldap server name dotnet3@HJEMME.HOME, using bind path: dc=HJEMME,dc=HOME IPC$ connections done anonymously Connecting to host=DOTNET3 Connecting to 192.168.2.100 at port 445 Doing spnego session setup (blob length=108) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got principal=dotnet3$@HJEMME.HOME Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration fre, 12 nov 2004 09:36:18 GMT lsa_io_sec_qos: length c does not match size 8 ads: alternate_name Connected to LDAP server 192.168.2.100 got ldap server name dotnet3@HJEMME.HOME, using bind path: dc=HJEMME,dc=HOME ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name =dotnet3$@HJEMME.HOME ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) =============================================================== INTERNAL ERROR: Signal 11 in pid 28398 (3.0.8) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== PANIC: internal error BACKTRACE: 18 stack frames: #0 ../sbin/winbindd(smb_panic2+0x18c) [0x80bd903] #1 ../sbin/winbindd(smb_panic+0x10) [0x80bd775] #2 ../sbin/winbindd [0x80ad642] #3 ../sbin/winbindd [0x80ad697] #4 [0xffffe420] #5 /usr/lib/libkrb5.so.17 [0x400b3d12] #6 ../sbin/winbindd(kerberos_kinit_password+0x7a) [0x8150d58] #7 ../sbin/winbindd(ads_kinit_password+0x55) [0x8150eca] #8 ../sbin/winbindd [0x8149a68] #9 ../sbin/winbindd(ads_sasl_bind+0xfe) [0x814a00d] #10 ../sbin/winbindd(ads_connect+0x21c) [0x8144ca7] #11 ../sbin/winbindd [0x8080ecd] #12 ../sbin/winbindd [0x808326a] #13 ../sbin/winbindd [0x80790b4] #14 ../sbin/winbindd(init_domain_list+0x86) [0x8074d9d] also tried exactly same thing on SLES 9.0 <-> w2k3 ad-domain. Same result. after degrading to samba 3.0.7 it works well.
This is a known issue. SuSE ships a heimdal-version that contains a bug that got just not triggered in 3.0.7 (AFAIK, SuSE will publish a heimdal update rather soon now. Lars, correct me if I'm wrong). You could either rebuild with a heimdal version >0.6.1rc3 or use the sernet rpms that use their own static-linked-heimdal version that does not have this problem.
There will be an update for heimdal on SuSE Linux 9.1. But this might take some time to get published. Erik: As a current workaround I've added fixed heimdal packages to the ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/ tree. Same packages are at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/
Tried heimdal-package on ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/ and heimdal 0.6.1/0.6.2/0.6.3. All four of them fixed this bug and and they also fixed bug id 2026 on my two linux-machines.
my last comment contains an error. Sorry heimdal 0.6.1/0.6.2/0.6.3 corrected the problem on my linux machines. however, the package on ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/ , heimdal-0.6.1rc3-55.9 did not.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.