• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1305
  • Last Modified:

Integrate samba server on AIX 5.3 in Active Directory using winbind

I have very similar situation as described in "http://www.experts-exchange.com/Software/Server_Software/File_Servers/Samba/Q_23087726.html?eeSearch=true"

1) AIX OS level is 5300-03
2) Downloaded and installed Samba packages (version 3.0.28)from "http://us1.samba.org/samba/ftp/Binary_Packages/AIX/
3) After following configuration from above listing for smb.conf, I was able to successfully join ADS ( net join ads worked).
4) I am having issues where winbind process will die and also get following message in winbind log file
   "[2008/11/18 10:09:42, 0] libsmb/cliconnect.c:cli_session_setup_spnego(857)
  Kinit failed: Improper format of Kerberos configuration file"

5)  Below is krb5.conf file  
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = 172.16.0.75  <<=== This is the password server in smb.conf
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 MYDOMAIN.NET= {
  kdc =  172.16.0.75:88
  admin_server = 172.16.0.75:749
  default_domain = MYDOMAIN.NET
 }

[domain_realm]
 .mydomain.net = MYDOMAIN.NET
 mydomain.net = MYDOMAIN.NET

#[kdc]
# profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

===========================================
Question,

Should kerberos client be running on the system? Also, I don't have kdc.conf file. I really think issue is in this kerberos configuration file. Below is the list of kerberos files that came with the package.

kappa-d:/opt/pware# ls
BerkeleyDB.4.4  etc             info            libexec         samba           share           start_samba
bin             include         lib             man             sbin            ssl             var
kappa-d:/opt/pware# find ./ -name *krb* -ls
133159  312 -rwxr-xr-x  1 root      system      316146 Sep 12  2006 ./bin/krb524init
133176    6 -rwxr-xr-x  1 root      system        5671 Sep 12  2006 ./bin/krb5-config
133178  124 -rw-r--r--  1 root      system      123751 Sep 12  2006 ./lib/libkrb5support.a.0.0
133179    0 lrwxrwxrwx  1 root      system          20 Nov  5 13:48 ./lib/libkrb5support.a -> libkrb5support.a.0.0
133180    0 lrwxrwxrwx  1 root      system          13 Nov  5 13:48 ./lib/libkrb5.a -> libkrb5.a.3.2
133187    0 lrwxrwxrwx  1 root      system          13 Nov  5 13:48 ./lib/libkrb4.a -> libkrb4.a.2.0
133185 4048 -rw-r--r--  1 root      system     4144905 Sep 12  2006 ./lib/libkrb5.a.3.2
133188 1296 -rw-r--r--  1 root      system     1324254 Sep 12  2006 ./lib/libkrb4.a.2.0
133192 1232 -rw-r--r--  1 root      system     1258068 Sep 12  2006 ./lib/libgssapi_krb5.a.2.2
133193    0 lrwxrwxrwx  1 root      system          20 Nov  5 13:48 ./lib/libgssapi_krb5.a -> libgssapi_krb5.a.2.2
59462    3 -rw-r--r--  1 root      system        2597 Sep 12  2006 ./man/man8/krb524d.8
59463    5 -rw-r--r--  1 root      system        4382 Sep 12  2006 ./man/man8/krb5kdc.8
59474    4 -rw-r--r--  1 root      system        3209 Sep 12  2006 ./man/man8/login.krb5.8
 8196    9 -rw-r--r--  1 root      system        8205 Sep 12  2006 ./man/man1/krb5-send-pr.1
 8213    3 -rw-r--r--  1 root      system        2638 Sep 12  2006 ./man/man1/krb5-config.1
41044   18 -rw-r--r--  1 root      system       18252 Sep 12  2006 ./man/man5/krb5.conf.5
41047    1 drwxr-xr-x  2 root      system         512 Sep 12  2006 ./share/examples/krb5
41049    1 -rw-r--r--  1 root      system         786 Sep 12  2006 ./share/examples/krb5/krb5.conf
133199   15 -rwxr-xr-x  1 root      system       14361 Sep 12  2006 ./sbin/krb5-send-pr
133200  448 -rwxr-xr-x  1 root      system      458107 Sep 12  2006 ./sbin/krb524d
133201  824 -rwxr-xr-x  1 root      system      843759 Sep 12  2006 ./sbin/krb5kdc
133212  528 -rwxr-xr-x  1 root      system      536951 Sep 12  2006 ./sbin/login.krb5
133248    1 -rw-r--r--  1 root      system         706 Nov 18 10:08 ./etc/krb5.conf
133249    1 -rw-r--r--  1 root      system         706 Nov 13 16:06 ./etc/krb5.conf.orig
133251    1 -rw-r--r--  1 root      system         829 Nov 17 17:13 ./etc/krb5.conf.modified
135233    8 -rw-r--r--  1 root      system        7642 Sep 11  2006 ./include/openssl/krb5_asn.h
41059   10 -rw-r--r--  1 root      system       10027 Sep 12  2006 ./include/gssapi/gssapi_krb5.h
41061   25 -rw-r--r--  1 root      system       25421 Sep 12  2006 ./include/kerberosIV/krb.h
41064   16 -rw-r--r--  1 root      system       16140 Sep 12  2006 ./include/kerberosIV/krb_err.h
135248  100 -rw-r--r--  1 root      system       98426 Sep 12  2006 ./include/krb5.h
196729    1 drwxr-xr-x  2 root      system         512 Nov 13 13:37 ./var/kerberos/krb5kdc
135281    1 drwxr-xr-x  2 root      system         512 Nov 18 10:09 ./samba/3.0.28/var/locks/smb_krb5


6) In addition, when winbind is running, samba/3.0.28/bin/wbinfo -g works fine, but wbinfo -u and wbinfo -a fail. After this, winbind dumps a core file and I get following message in winbind.log file.

[2008/11/17 16:02:47, 2] lib/dmallocmsg.c:register_dmalloc_msgs(75)
:$
[2008/11/18 16:58:19, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2008/11/18 16:58:19, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2008/11/18 16:58:19, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 618616): internal error
[2008/11/18 16:58:19, 0] lib/util.c:log_stack_trace(1787)
  unable to produce a stack trace on this platform
[2008/11/18 16:58:19, 0] lib/fault.c:dump_core(181)
  dumping core in /opt/pware/samba/3.0.28/var/cores/winbindd
0
rajram
Asked:
rajram
1 Solution
 
Henrik JohanssonSystems engineerCommented:
> [libdefaults]
> default_realm = 172.16.0.75  <<=== This is the password server in smb.conf

The above should be MYDOMAIN.NET and not server-IP
Not sure if it matters, but you've used IP instead of FQDN in realms-section and maybe nead to remove the additional port information.

[domain_realm]
.kerberos.server=MYDOMAIN.NET
.mydomain.net=MYDOMAIN.NET

Also see this guides:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
0
 
rajramAuthor Commented:
I tried both suggestions seperately and it did not work. I will go thru the docs tonight and get some more information. These docs look great references. I will keep you posted. Thanks.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now