thr3ads.net - samba - [Samba] ADS Problem : segmentation fault [Nov 2011]

If this information is useful, please help other people find it:
Share via:

djamel boussebha

2011-Nov-21 09:09 UTC

[Samba] ADS Problem : segmentation fault

?????????

























Hi;
?
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
?
When I try to join the AD via ADS protocol I have?a error :?segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
?
The kinit works fine? :
?
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting???? Expires??????????? Service principal
11/21/11 09:56:18? 11/21/11 16:36:18? krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at
P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
?
wbinfo -u et wbinfo -g work fine : 

# wbinfo -u
administrateur
invit??
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync

My configuration is as follows :
?
hosts file on the linux server? :
?
# cat /etc/hosts
127.0.0.1?????? local.localdomain?? localhost CILVS049
187.0.22.177??? CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104??? CINVW067.p9bis.neoplus.laposte.poc CINVW067
?
#cat /etc/samba/smb.conf :
[global]
??????? dedicated keytab file = /etc/krb5.keytab
??????? kerberos method = secrets and keytab
??????? security = ads
??????? client use spnego = yes
??????? realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? server string = CILVS049
??????? workgroup = P9BIS
??????? password server = 187.0.17.104.p9bis.neoplus.laposte.poc
??????? interfaces = 127.0.0.1 eth0
??????? bind interfaces only = true
??????? printing = cups
??????? printcap name = cups
??????? load printers = yes
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? #idmap backend = ad
??????? winbind enum users = yes
??????? winbind enum groups = yes
??????? client use spnego = yes
??????? encrypt passwords = yes
??????? winbind nested groups = yes
??????? winbind separator = /
??????? winbind nss info = sfu
??????? winbind cache time = 3600
??????? winbind use default domain = yes
??????? preferred master = no
??????? domain master = no
??????? restrict anonymous = 2
??????? log file = /var/log/samba/log.smbd
??????? max log size = 50
??????? usershare allow guests = no
??????? netbios name = CILVS049
??????? #wins server = 187.0.17.104
??????? #wins proxy = no
??????? dns proxy = no
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

?
#cat /etc/krb5.conf :
[libdefaults]
??????? default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? default_keytab_name = FILE:/etc/krb5.keytab
??????? kdc_timesync = 1
??????? ticket_lifetime = 24000
??????? dns_lookup_kdc = true
??????? dns_lookup_realm = true
??????? forwardable = true
??????? fcc-mit-ticketflags = true
??????? clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
??????? kdc = 187.0.17.104:88
??????? default_domain = p9bis.neoplus.laposte.poc
??????? admin_server = 187.0.17.104:749
}
[logging]
??????? kdc = FILE:/var/log/krb5/krb5kdc.log
??????? admin_server = FILE:/var/log/krb5/kadmind.log
??????? default = SYSLOG:NOTICE:DAEMON
[domain_realm]
??????? MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
??????? .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
??????? ticket_lifetime = 1d
??????? renew_lifetime = 1d
??????? forwardable = true
??????? proxiable = false
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
kinit = {
??????? forwardable = true
??????? proxiable = false
??????? renewable = true
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
?
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
?
#cat /etc/nsswitch.conf
passwd: files winbind
group:? files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:?????? files
services:?????? files
protocols:????? files
rpc:??? files
ethers: files
netmasks:?????? files
netgroup:?????? files
publickey:????? files
bootparams:???? files
automount:????? files
aliases:??????? files
?
How my configuration Samba/kerberos/winbind fails with ADS ?
?
Regards

djamel boussebha

2011-Nov-21 09:12 UTC

head link

[Samba] ADS Problem : segmentation fault

Hi;
?
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
?
When I try to join the AD via ADS protocol I have?a error :?segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
?
The kinit works fine? :
?
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting???? Expires??????????? Service principal
11/21/11 09:56:18? 11/21/11 16:36:18? krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at
P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
?
wbinfo -u et wbinfo -g work fine : 

# wbinfo -u
administrateur
invit??
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync

My configuration is as follows :
?
hosts file on the linux server? :
?
# cat /etc/hosts
127.0.0.1?????? local.localdomain?? localhost CILVS049
187.0.22.177??? CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104??? CINVW067.p9bis.neoplus.laposte.poc CINVW067
?
#cat /etc/samba/smb.conf :
[global]
??????? dedicated keytab file = /etc/krb5.keytab
??????? kerberos method = secrets and keytab
??????? security = ads
??????? client use spnego = yes
??????? realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? server string = CILVS049
??????? workgroup = P9BIS
??????? password server = 187.0.17.104.p9bis.neoplus.laposte.poc
??????? interfaces = 127.0.0.1 eth0
??????? bind interfaces only = true
??????? printing = cups
??????? printcap name = cups
??????? load printers = yes
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? #idmap backend = ad
??????? winbind enum users = yes
??????? winbind enum groups = yes
??????? client use spnego = yes
??????? encrypt passwords = yes
??????? winbind nested groups = yes
??????? winbind separator = /
??????? winbind nss info = sfu
??????? winbind cache time = 3600
??????? winbind use default domain = yes
??????? preferred master = no
??????? domain master = no
??????? restrict anonymous = 2
??????? log file = /var/log/samba/log.smbd
??????? max log size = 50
??????? usershare allow guests = no
??????? netbios name = CILVS049
??????? #wins server = 187.0.17.104
??????? #wins proxy = no
??????? dns proxy = no
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

?
#cat /etc/krb5.conf :
[libdefaults]
??????? default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? default_keytab_name = FILE:/etc/krb5.keytab
??????? kdc_timesync = 1
??????? ticket_lifetime = 24000
??????? dns_lookup_kdc = true
??????? dns_lookup_realm = true
??????? forwardable = true
??????? fcc-mit-ticketflags = true
??????? clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
??????? kdc = 187.0.17.104:88
??????? default_domain = p9bis.neoplus.laposte.poc
??????? admin_server = 187.0.17.104:749
}
[logging]
??????? kdc = FILE:/var/log/krb5/krb5kdc.log
??????? admin_server = FILE:/var/log/krb5/kadmind.log
??????? default = SYSLOG:NOTICE:DAEMON
[domain_realm]
??????? MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
??????? .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
??????? ticket_lifetime = 1d
??????? renew_lifetime = 1d
??????? forwardable = true
??????? proxiable = false
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
kinit = {
??????? forwardable = true
??????? proxiable = false
??????? renewable = true
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
?
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
?
#cat /etc/nsswitch.conf
passwd: files winbind
group:? files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:?????? files
services:?????? files
protocols:????? files
rpc:??? files
ethers: files
netmasks:?????? files
netgroup:?????? files
publickey:????? files
bootparams:???? files
automount:????? files
aliases:??????? files
?
How my configuration Samba/kerberos/winbind fails with ADS ?
?
Regards

djamel boussebha

2011-Nov-21 09:17 UTC

head link

[Samba] ADS Problem : segmentation fault

Hi;
?
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104 (CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
?
When I try to join the AD via ADS protocol I have a error : segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
?
The kinit works fine? :
?
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting???? Expires??????????? Service principal
11/21/11 09:56:18? 11/21/11 16:36:18? krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at
P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
?
wbinfo -u et wbinfo -g work fine : 
# wbinfo -u
administrateur
invit??
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync
My configuration is as follows :
?
hosts file on the linux server? :
?
# cat /etc/hosts
127.0.0.1?????? local.localdomain?? localhost CILVS049
187.0.22.177??? CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104??? CINVW067.p9bis.neoplus.laposte.poc CINVW067
?
#cat /etc/samba/smb.conf :
[global]
??????? dedicated keytab file = /etc/krb5.keytab
??????? kerberos method = secrets and keytab
??????? security = ads
??????? client use spnego = yes
??????? realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? server string = CILVS049
??????? workgroup = P9BIS
??????? password server = 187.0.17.104.p9bis.neoplus.laposte.poc
??????? interfaces = 127.0.0.1 eth0
??????? bind interfaces only = true
??????? printing = cups
??????? printcap name = cups
??????? load printers = yes
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? #idmap backend = ad
??????? winbind enum users = yes
??????? winbind enum groups = yes
??????? client use spnego = yes
??????? encrypt passwords = yes
??????? winbind nested groups = yes
??????? winbind separator = /
??????? winbind nss info = sfu
??????? winbind cache time = 3600
??????? winbind use default domain = yes
??????? preferred master = no
??????? domain master = no
??????? restrict anonymous = 2
??????? log file = /var/log/samba/log.smbd
??????? max log size = 50
??????? usershare allow guests = no
??????? netbios name = CILVS049
??????? #wins server = 187.0.17.104
??????? #wins proxy = no
??????? dns proxy = no
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
?
#cat /etc/krb5.conf :
[libdefaults]
??????? default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? default_keytab_name = FILE:/etc/krb5.keytab
??????? kdc_timesync = 1
??????? ticket_lifetime = 24000
??????? dns_lookup_kdc = true
??????? dns_lookup_realm = true
??????? forwardable = true
??????? fcc-mit-ticketflags = true
??????? clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
??????? kdc = 187.0.17.104:88
??????? default_domain = p9bis.neoplus.laposte.poc
??????? admin_server = 187.0.17.104:749
}
[logging]
??????? kdc = FILE:/var/log/krb5/krb5kdc.log
??????? admin_server = FILE:/var/log/krb5/kadmind.log
??????? default = SYSLOG:NOTICE:DAEMON
[domain_realm]
??????? MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
??????? .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
??????? ticket_lifetime = 1d
??????? renew_lifetime = 1d
??????? forwardable = true
??????? proxiable = false
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
kinit = {
??????? forwardable = true
??????? proxiable = false
??????? renewable = true
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
?
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
?
#cat /etc/nsswitch.conf
passwd: files winbind
group:? files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:?????? files
services:?????? files
protocols:????? files
rpc:??? files
ethers: files
netmasks:?????? files
netgroup:?????? files
publickey:????? files
bootparams:???? files
automount:????? files
aliases:??????? files
?
How my configuration Samba/kerberos/winbind fails with ADS ?
?
Regards

Volker Lendecke

2011-Nov-21 09:21 UTC

head link

[Samba] ADS Problem : segmentation fault

On Mon, Nov 21, 2011 at 09:12:04AM +0000, djamel boussebha
wrote:> Hi;
> ?
> Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
> My platform is :
> ?
> Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
> Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 :
187.0.22.177 (CILVS049)
> ?
> When I try to join the AD via ADS protocol I have?a error :?segmentation
fault :
> # net ads join -S CINVW067 -U administrateur%laposte+1
> Segmentation fault
Can you try running that under valgrind?

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 G?ttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG G?ttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

Anna-Karin.Burman at bjurholm.se

2011-Nov-21 09:22 UTC

head link

[Samba] newcomer

I am just getting to know the server and network I am supposed to handle.

What would be the first thing to check when it comes to a Samba server you know
nothing about?

Kind regards

djamel boussebha

2011-Nov-21 12:49 UTC

head link

[Samba] Re : ADS Problem : segmentation fault

Hi
?
I would like to compare?the values of my configuration so If you have
the?following?platform :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS04)
?
Could you please to confirm which are the good values to set into the following
conf file ?
??
The entries for the hosts file /etc/hosts on the 2 servers linux and W2008R2 ?
?
The values for the file /etc/samba/smb.conf :
[global]
?????????security = ads
???????? realm =??????
??????? server string =?????
??????? workgroup =?????
??????? password server =?????
????????netbios name =?????
??????? wins server =?????
?????????
The values for the?kerberos file ?/etc/krb5.conf :
[libdefaults]
??????? default_realm =?????
[realms]
?????= {
??????? kdc =?????
??????? default_domain =?????
??????? admin_server = ????
}
[[domain_realm]
??????? ?????=?????
???????????? = ????
??????????????
?
The values for the file cat /etc/resolv.conf :
nameserver ????
search?????
?
The values for the file /etc/nsswitch.conf :

passwd: ????
group:? ????
shadow: ????
hosts:???
??
Regards

--- En date de?: Lun 21.11.11, djamel boussebha <dboussebha at yahoo.fr> a
?crit?:


De: djamel boussebha <dboussebha at yahoo.fr>
Objet: [Samba] ADS Problem : segmentation fault
?: samba at lists.samba.org, "Robert Freeman-Day" <presgas at
gmail.com>
Date: Lundi 21 novembre 2011, 10h12






Hi;
?
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
?
When I try to join the AD via ADS protocol I have?a error :?segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
?
The kinit works fine? :
?
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting???? Expires??????????? Service principal
11/21/11 09:56:18? 11/21/11 16:36:18? krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at
P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
?
wbinfo -u et wbinfo -g work fine : 

# wbinfo -u
administrateur
invit??
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync

My configuration is as follows :
?
hosts file on the linux server? :
?
# cat /etc/hosts
127.0.0.1?????? local.localdomain?? localhost CILVS049
187.0.22.177??? CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104??? CINVW067.p9bis.neoplus.laposte.poc CINVW067
?
#cat /etc/samba/smb.conf :
[global]
??????? dedicated keytab file = /etc/krb5.keytab
??????? kerberos method = secrets and keytab
??????? security = ads
??????? client use spnego = yes
??????? realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? server string = CILVS049
??????? workgroup = P9BIS
??????? password server = 187.0.17.104.p9bis.neoplus.laposte.poc
??????? interfaces = 127.0.0.1 eth0
??????? bind interfaces only = true
??????? printing = cups
??????? printcap name = cups
??????? load printers = yes
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? #idmap backend = ad
??????? winbind enum users = yes
??????? winbind enum groups = yes
??????? client use spnego = yes
??????? encrypt passwords = yes
??????? winbind nested groups = yes
??????? winbind separator = /
??????? winbind nss info = sfu
??????? winbind cache time = 3600
??????? winbind use default domain = yes
??????? preferred master = no
??????? domain master = no
??????? restrict anonymous = 2
??????? log file = /var/log/samba/log.smbd
??????? max log size = 50
??????? usershare allow guests = no
??????? netbios name = CILVS049
??????? #wins server = 187.0.17.104
??????? #wins proxy = no
??????? dns proxy = no
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

?
#cat /etc/krb5.conf :
[libdefaults]
??????? default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? default_keytab_name = FILE:/etc/krb5.keytab
??????? kdc_timesync = 1
??????? ticket_lifetime = 24000
??????? dns_lookup_kdc = true
??????? dns_lookup_realm = true
??????? forwardable = true
??????? fcc-mit-ticketflags = true
??????? clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
??????? kdc = 187.0.17.104:88
??????? default_domain = p9bis.neoplus.laposte.poc
??????? admin_server = 187.0.17.104:749
}
[logging]
??????? kdc = FILE:/var/log/krb5/krb5kdc.log
??????? admin_server = FILE:/var/log/krb5/kadmind.log
??????? default = SYSLOG:NOTICE:DAEMON
[domain_realm]
??????? MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
??????? .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
??????? ticket_lifetime = 1d
??????? renew_lifetime = 1d
??????? forwardable = true
??????? proxiable = false
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
kinit = {
??????? forwardable = true
??????? proxiable = false
??????? renewable = true
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
?
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
?
#cat /etc/nsswitch.conf
passwd: files winbind
group:? files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:?????? files
services:?????? files
protocols:????? files
rpc:??? files
ethers: files
netmasks:?????? files
netgroup:?????? files
publickey:????? files
bootparams:???? files
automount:????? files
aliases:??????? files
?
How my configuration Samba/kerberos/winbind fails with ADS ?
?
Regards

djamel boussebha

2011-Nov-21 12:51 UTC

head link

[Samba] Re : ADS Problem : segmentation fault

Oups the dns domain for AD is : p9bis.neoplus.laposte.poc

--- En date de?: Lun 21.11.11, djamel boussebha <dboussebha at yahoo.fr> a
?crit?:


De: djamel boussebha <dboussebha at yahoo.fr>
Objet: Re : [Samba] ADS Problem : segmentation fault
?: samba at lists.samba.org, "Robert Freeman-Day" <presgas at
gmail.com>
Date: Lundi 21 novembre 2011, 13h49







Hi
?
I would like to compare?the values of my configuration so If you have
the?following?platform :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS04)
?
Could you please to confirm which are the good values to set into the following
conf file ?
??
The entries for the hosts file /etc/hosts on the 2 servers linux and W2008R2 ?
?
The values for the file /etc/samba/smb.conf :
[global]
?????????security = ads
???????? realm =??????
??????? server string =?????
??????? workgroup =?????
??????? password server =?????
????????netbios name =?????
??????? wins server =?????
?????????
The values for the?kerberos file ?/etc/krb5.conf :
[libdefaults]
??????? default_realm =?????
[realms]
?????= {
??????? kdc =?????
??????? default_domain =?????
??????? admin_server = ????
}
[[domain_realm]
??????? ?????=?????
???????????? = ????
??????????????
?
The values for the file cat /etc/resolv.conf :
nameserver ????
search?????
?
The values for the file /etc/nsswitch.conf :

passwd: ????
group:? ????
shadow: ????
hosts:???
??
Regards

--- En date de?: Lun 21.11.11, djamel boussebha <dboussebha at yahoo.fr> a
?crit?:


De: djamel boussebha <dboussebha at yahoo.fr>
Objet: [Samba] ADS Problem : segmentation fault
?: samba at lists.samba.org, "Robert Freeman-Day" <presgas at
gmail.com>
Date: Lundi 21 novembre 2011, 10h12






Hi;
?
Please I would like to know which are the corrects values to set into the
samba/kerberos configuration to ads protocol works fine.
My platform is :
?
Windows server 2008 R2 with AD LDAP is : 187.0.17.104?(CINVW067)
Linux server with Samba/Winbind version 3.5.12 + kerberos 1.4 : 187.0.22.177
(CILVS049)
?
When I try to join the AD via ADS protocol I have?a error :?segmentation fault :
# net ads join -S CINVW067 -U administrateur%laposte+1
Segmentation fault
?
The kinit works fine? :
?
# kinit administrateur
Password for administrateur at P9BIS.NEOPLUS.LAPOSTE.POC:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrateur at P9BIS.NEOPLUS.LAPOSTE.POC
Valid starting???? Expires??????????? Service principal
11/21/11 09:56:18? 11/21/11 16:36:18? krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC at
P9BIS.NEOPLUS.LAPOSTE.POC
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
?
wbinfo -u et wbinfo -g work fine : 

# wbinfo -u
administrateur
invit??
admin_local
krbtgt
sp-farm
sp-serviceapp
sp-apppool
sql-service
sp-usersync

My configuration is as follows :
?
hosts file on the linux server? :
?
# cat /etc/hosts
127.0.0.1?????? local.localdomain?? localhost CILVS049
187.0.22.177??? CILVS049.p9bis.neoplus.laposte.poc CILVS049
187.0.17.104??? CINVW067.p9bis.neoplus.laposte.poc CINVW067
?
#cat /etc/samba/smb.conf :
[global]
??????? dedicated keytab file = /etc/krb5.keytab
??????? kerberos method = secrets and keytab
??????? security = ads
??????? client use spnego = yes
??????? realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? server string = CILVS049
??????? workgroup = P9BIS
??????? password server = 187.0.17.104.p9bis.neoplus.laposte.poc
??????? interfaces = 127.0.0.1 eth0
??????? bind interfaces only = true
??????? printing = cups
??????? printcap name = cups
??????? load printers = yes
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? #idmap backend = ad
??????? winbind enum users = yes
??????? winbind enum groups = yes
??????? client use spnego = yes
??????? encrypt passwords = yes
??????? winbind nested groups = yes
??????? winbind separator = /
??????? winbind nss info = sfu
??????? winbind cache time = 3600
??????? winbind use default domain = yes
??????? preferred master = no
??????? domain master = no
??????? restrict anonymous = 2
??????? log file = /var/log/samba/log.smbd
??????? max log size = 50
??????? usershare allow guests = no
??????? netbios name = CILVS049
??????? #wins server = 187.0.17.104
??????? #wins proxy = no
??????? dns proxy = no
??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

?
#cat /etc/krb5.conf :
[libdefaults]
??????? default_realm = P9BIS.NEOPLUS.LAPOSTE.POC
??????? default_keytab_name = FILE:/etc/krb5.keytab
??????? kdc_timesync = 1
??????? ticket_lifetime = 24000
??????? dns_lookup_kdc = true
??????? dns_lookup_realm = true
??????? forwardable = true
??????? fcc-mit-ticketflags = true
??????? clockskew = 300
[realms]
P9BIS.NEOPLUS.LAPOSTE.POC = {
??????? kdc = 187.0.17.104:88
??????? default_domain = p9bis.neoplus.laposte.poc
??????? admin_server = 187.0.17.104:749
}
[logging]
??????? kdc = FILE:/var/log/krb5/krb5kdc.log
??????? admin_server = FILE:/var/log/krb5/kadmind.log
??????? default = SYSLOG:NOTICE:DAEMON
[domain_realm]
??????? MONWORKGROUP = P9BIS.NEOPLUS.LAPOSTE.POC
??????? .p9bis.neoplus.laposte.poc = P9BIS.NEOPLUS.LAPOSTE.POC
[appdefaults]
pam = {
??????? ticket_lifetime = 1d
??????? renew_lifetime = 1d
??????? forwardable = true
??????? proxiable = false
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
kinit = {
??????? forwardable = true
??????? proxiable = false
??????? renewable = true
??????? retain_after_close = false
??????? minimum_uid = 1
??????? try_first_pass = true
}
?
# cat /etc/resolv.conf
nameserver 187.0.17.3
nameserver 187.0.17.4
nameserver 187.0.17.104
search p9bis.neoplus.laposte.poc
?
#cat /etc/nsswitch.conf
passwd: files winbind
group:? files winbind
shadow: files winbind
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:?????? files
services:?????? files
protocols:????? files
rpc:??? files
ethers: files
netmasks:?????? files
netgroup:?????? files
publickey:????? files
bootparams:???? files
automount:????? files
aliases:??????? files
?
How my configuration Samba/kerberos/winbind fails with ADS ?
?
Regards

samba - Nov 2011 - ADS Problem : segmentation fault

[Samba] ADS Problem : segmentation fault

[Samba] ADS Problem : segmentation fault

[Samba] ADS Problem : segmentation fault

[Samba] ADS Problem : segmentation fault

[Samba] newcomer

[Samba] Re : ADS Problem : segmentation fault

[Samba] Re : ADS Problem : segmentation fault