Theodotos Andreou
2014-May-30 10:13 UTC
[Samba] Problems after PC is joined to the domain - Samba 4
Hello SAMBA community,
I used this guide to join a PC to the domain as member using samba 4:
https://wiki.samba.org/index.php/Samba4/Domain_Member
I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The
stock samba version is:
# samba --version
Version 4.1.6-Ubuntu
When I tried to join the PC to the domain I got:
# net ads join -U admin
kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in
Kerberos database
Failed to join domain: failed to connect to AD: Client not found in Kerberos
database
Nevertheless the PC was joined to the domain despite the above error and
proceeded with the following steps. But when I try the lists the users
using 'wbinfo -u' I get some strange behavior. The command takes too
long to complete and it then gives:
# wbinfo -u --verbose
FOREST\usbms_somepcname
The second time I run the command it takes again too long but it gives
out the complete list of AD users. But when I try to login as a
particular user though I get:
# su - myusername
No passwd entry for user 'myusername'
# id myusername
id: myusername: no such user
This is my smb.conf:
# cat /etc/samba/smb.conf
[global]
netbios name = MYPCNAME
workgroup = DOM
security = ADS
realm = DOM.FOREST.INT
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config LIM:backend = ad
idmap config LIM:schema_mode = rfc2307
idmap config LIM:range = 500-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
My nsswitch.conf:
# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
All the relevant services appear to be started:
# ps aux | grep 'smbd\|nmbd\|winbind'
root 621 0.0 0.2 276132 8416 ? Ss 11:42 0:00 smbd -F
root 894 0.0 0.0 276132 3612 ? S 11:42 0:00 smbd -F
root 1710 0.0 0.2 237704 7800 ? Ss 11:42 0:00
/usr/sbin/winbindd -F
root 1734 0.0 0.0 191448 2776 ? Ss 11:42 0:00 nmbd -D
root 1738 0.0 0.1 252152 6744 ? S 11:42 0:00
/usr/sbin/winbindd -F
root 1751 0.0 0.1 246528 5856 ? S 11:43 0:00
/usr/sbin/winbindd -F
root 7458 0.0 0.0 235360 3512 ? S 11:51 0:00
/usr/sbin/winbindd -F
root 7459 0.0 0.0 235776 3688 ? S 11:51 0:00
/usr/sbin/winbindd -F
root 14186 0.0 0.1 54364 5516 pts/27 S+ 12:45 0:00 view
log.winbindd
root 18139 0.0 0.0 16068 1116 pts/9 S+ 13:12 0:00 grep
--color=auto smbd\|nmbd\|winbind
root 32118 0.0 0.2 256420 8732 ? S 12:25 0:00
/usr/sbin/winbindd -F
In the logs I get:
# cat log.wb-DOM
[2014/05/30 11:56:38.836954, 0] ../lib/util/fault.c:72(fault_report)
==============================================================[2014/05/30
11:56:38.837130, 0] ../lib/util/fault.c:73(fault_report)
INTERNAL ERROR: Signal 11 in pid 11014 (4.1.6-Ubuntu)
Please read the Trouble-Shooting section of the Samba HOWTO
[2014/05/30 11:56:38.837269, 0] ../lib/util/fault.c:75(fault_report)
==============================================================[2014/05/30
11:56:38.837325, 0] ../source3/lib/util.c:785(smb_panic_s3)
PANIC (pid 11014): internal error
[2014/05/30 11:56:38.837938, 0] ../source3/lib/util.c:896(log_stack_trace)
BACKTRACE: 21 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a)
[0x7f8642bbdf3a]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
[0x7f8642bbe010]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
[0x7f8646e97c6f]
#3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1ae86) [0x7f8646e97e86]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x10340) [0x7f86472c5340]
#5
/usr/lib/x86_64-linux-gnu/samba/liblibcli_netlogon3.so.0(rpccli_netlogon_sam_network_logon+0x15b)
[0x7f8644b9223b]
#6 /usr/sbin/winbindd(+0x3c5ed) [0x7f86477345ed]
#7 /usr/sbin/winbindd(winbindd_dual_pam_auth_crap+0x35f) [0x7f8647737e4f]
#8 /usr/sbin/winbindd(+0x5337c) [0x7f864774b37c]
#9 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x867b) [0x7f8640c2f67b]
#10 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x6b27) [0x7f8640c2db27]
#11 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d)
[0x7f8640c2a5ed]
#12 /usr/sbin/winbindd(+0x55702) [0x7f864774d702]
#13 /usr/sbin/winbindd(+0x55db5) [0x7f864774ddb5]
#14
/usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0xd4)
[0x7f8640c2ae14]
#15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8437) [0x7f8640c2f437]
#16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x6b27) [0x7f8640c2db27]
#17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d)
[0x7f8640c2a5ed]
#18 /usr/sbin/winbindd(main+0xad2) [0x7f864771ce42]
#19 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f8640882ec5]
#20 /usr/sbin/winbindd(+0x25532) [0x7f864771d532]
[2014/05/30 11:56:38.838488, 0] ../source3/lib/dumpcore.c:317(dump_core)
dumping core in /var/log/samba/cores/winbindd
[2014/05/30 12:25:36.903054, 0]
../source3/winbindd/winbindd_dual.c:1367(child_handler)
Could not write result
# cat log.wb-FOREST
[2014/05/30 11:51:37.364057, 0]
../source3/libads/sasl.c:994(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
[2014/05/30 12:06:03.136753, 0]
../source3/libads/sasl.c:994(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
# cat log.winbindd
[2014/05/30 11:42:56, 0] ../source3/winbindd/winbindd.c:1453(main)
winbindd version 4.1.6-Ubuntu started.
Copyright Andrew Tridgell and the Samba Team 1992-2013
[2014/05/30 11:42:56.244725, 0]
../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
initialize_winbindd_cache: clearing cache and re-creating with version number
2
[2014/05/30 11:56:38.494103, 0]
../source3/winbindd/winbindd_util.c:330(trustdom_list_done)
Got invalid trustdom response
The SAMBA HOWTO refers SAMBA 3.5 and I am not sure if the
troubleshooting section is relevant to samba 4.
It used to work in samba 3 using this guide:
http://phreek.org/guides/ubuntu-samba-active-directory-member-server
Is this a bug or am I doing something wrong? How can I troubleshoot this
issue further?
On Fri, 2014-05-30 at 13:13 +0300, Theodotos Andreou wrote:> Hello SAMBA community, > > I used this guide to join a PC to the domain as member using samba 4: > https://wiki.samba.org/index.php/Samba4/Domain_Member > > I am using Ubuntu 14.04 64 bit and I installed samba from the repos. The > stock samba version is: > > # samba --version > Version 4.1.6-Ubuntu > > When I tried to join the PC to the domain I got: > > # net ads join -U admin > kerberos_kinit_password DOM\admin at DOM.FOREST.INT failed: Client not found in Kerberos database > Failed to join domain: failed to connect to AD: Client not found in Kerberos database > > Nevertheless the PC was joined to the domain despite the above error and > proceeded with the following steps. But when I try the lists the users > using 'wbinfo -u' I get some strange behavior. The command takes too > long to complete and it then gives: > > # wbinfo -u --verbose > FOREST\usbms_somepcname > > The second time I run the command it takes again too long but it gives > out the complete list of AD users. But when I try to login as a > particular user though I get: > > # su - myusername > No passwd entry for user 'myusername' > # id myusername > id: myusername: no such user > > This is my smb.conf: > > # cat /etc/samba/smb.conf > [global] > > netbios name = MYPCNAME > workgroup = DOM > security = ADS > realm = DOM.FOREST.INT > encrypt passwords = yesHi try: add kerberos method = system keytab to [global] and issue: net ads keytab create -Uadmin (ru sure admin has sufficient privs to add machines?)?