Linus Hedström
2006-Apr-11 13:00 UTC
[Samba] PANIC: Could not fetch our SID - did we join?
Hi, I have some problems running Samba and Winbind 3.0.22 in a AD, kerberos environment. I have seen previous posts on several forums about this problem but haven't found any solution for it yet. I have no problem with the default Samba package that comes with Ubuntu, 3.0.14a. But I do wan't to upgrade and the only option in that case seems to be to compile it. I compiled it with the following options: ./configure --with-winbind --with-configdir=/etc/samba --with-logfilebase=/var/log/samba --with-pam_smbpass --with-pam "net rpc join" and "net ads join" added the computer successfully to the AD. net ads status and such commands give successful results and the kerberos connection works. But, when starting winbind I do get this: [2006/04/11 14:24:19, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.16 bcast=192.168.0.255 nmask=255.255.255.0 [2006/04/11 14:24:19, 5] lib/util.c:init_names(260) Netbios name list:- my_netbios_names[0]="XXXX" [2006/04/11 14:24:19, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.XXX bcast=192.168.0.255 nmask=255.255.255.0 [2006/04/11 14:24:19, 5] lib/gencache.c:gencache_init(59) Opening cache file at /usr/local/samba/var/locks/gencache.tdb [2006/04/11 14:24:19, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2006/04/11 14:24:19, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2006/04/11 14:24:19, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2006/04/11 14:24:19, 10] sam/idmap_tdb.c:db_idmap_init(500) db_idmap_init: Opening tdbfile /usr/local/samba/var/locks/winbindd_idmap.tdb [2006/04/11 14:24:19, 8] lib/util.c:fcntl_lock(1820) fcntl_lock 8 13 0 1 1 [2006/04/11 14:24:19, 8] lib/util.c:fcntl_lock(1855) fcntl_lock: Lock call successful [2006/04/11 14:24:19, 4] lib/time.c:TimeInit(142) TimeInit: Serverzone is -7200 [2006/04/11 14:24:19, 2] lib/tallocmsg.c:register_msg_pool_usage(61) Registered MSG_REQ_POOL_USAGE [2006/04/11 14:24:19, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2006/04/11 14:24:19, 0] lib/util.c:smb_panic2(1554) PANIC: Could not fetch our SID - did we join? [2006/04/11 14:24:19, 0] lib/util.c:smb_panic2(1562) BACKTRACE: 6 stack frames: #0 /usr/local/samba/sbin/winbindd(smb_panic2+0x17f) [0x80099c82] #1 /usr/local/samba/sbin/winbindd(smb_panic+0x1d) [0x80099afb] #2 /usr/local/samba/sbin/winbindd(init_domain_list+0x78) [0x80038721] #3 /usr/local/samba/sbin/winbindd(main+0x531) [0x8003274e] #4 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd2) [0xb7d92ec2] #5 /usr/local/samba/sbin/winbindd [0x800308c1] Where do Winbind look for the SID? net getlocalsid shows the SID number. None of the wbinfo commands works. wbinfo -t: checking the trust secret via RPC calls failed error code was (0x0) Could not check secret Part of my smb.conf, everything but the shares.: ---------------------------------------------- use kerberos keytab = true realm = XXX.XXX.XXX workgroup = SWEDEN security = ADS netbios name = XXX password server = XXX.XXX.XXX.XXX domain master = no # # Winbind uses the default domain mapping so this isn't strictly # needed for user data, but we want it to map Administrator => root # username map = /etc/samba/smbusers # # Winbind settings. # winbind cache time = 15 winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes obey pam restrictions = no encrypt passwords = true idmap uid = 10000-20000 idmap gid = 10000-20000 nt acl support = yes wins support = yes remote browse sync = XXX.XXX.XXX.XXX log file = /var/log/samba/log.%m max log size = 50 load printers = no socket options = TCP_NODELAY dead time = 15 getwd cache = yes --------------------------------------------------------------- It's running on Ubuntu 5.10 with 2.6.12-10-386 kernel. Cheers Linus