• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1322
  • Last Modified:

Integrate samba server on AIX 5.3 in Active Directory using winbind

I have very similar situation as described in "http://www.experts-exchange.com/Software/Server_Software/File_Servers/Samba/Q_23087726.html?eeSearch=true"

1) AIX OS level is 5300-03
2) Downloaded and installed Samba packages (version 3.0.28)from "http://us1.samba.org/samba/ftp/Binary_Packages/AIX/
3) After following configuration from above listing for smb.conf, I was able to successfully join ADS ( net join ads worked).
4) I am having issues where winbind process will die and also get following message in winbind log file
   "[2008/11/18 10:09:42, 0] libsmb/cliconnect.c:cli_session_setup_spnego(857)
  Kinit failed: Improper format of Kerberos configuration file"

5)  Below is krb5.conf file  
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = 172.16.0.75  <<=== This is the password server in smb.conf
 dns_lookup_realm = true
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 MYDOMAIN.NET= {
  kdc =  172.16.0.75:88
  admin_server = 172.16.0.75:749
  default_domain = MYDOMAIN.NET
 }

[domain_realm]
 .mydomain.net = MYDOMAIN.NET
 mydomain.net = MYDOMAIN.NET

#[kdc]
# profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

===========================================
Question,

Should kerberos client be running on the system? Also, I don't have kdc.conf file. I really think issue is in this kerberos configuration file. Below is the list of kerberos files that came with the package.

kappa-d:/opt/pware# ls
BerkeleyDB.4.4  etc             info            libexec         samba           share           start_samba
bin             include         lib             man             sbin            ssl             var
kappa-d:/opt/pware# find ./ -name *krb* -ls
133159  312 -rwxr-xr-x  1 root      system      316146 Sep 12  2006 ./bin/krb524init
133176    6 -rwxr-xr-x  1 root      system        5671 Sep 12  2006 ./bin/krb5-config
133178  124 -rw-r--r--  1 root      system      123751 Sep 12  2006 ./lib/libkrb5support.a.0.0
133179    0 lrwxrwxrwx  1 root      system          20 Nov  5 13:48 ./lib/libkrb5support.a -> libkrb5support.a.0.0
133180    0 lrwxrwxrwx  1 root      system          13 Nov  5 13:48 ./lib/libkrb5.a -> libkrb5.a.3.2
133187    0 lrwxrwxrwx  1 root      system          13 Nov  5 13:48 ./lib/libkrb4.a -> libkrb4.a.2.0
133185 4048 -rw-r--r--  1 root      system     4144905 Sep 12  2006 ./lib/libkrb5.a.3.2
133188 1296 -rw-r--r--  1 root      system     1324254 Sep 12  2006 ./lib/libkrb4.a.2.0
133192 1232 -rw-r--r--  1 root      system     1258068 Sep 12  2006 ./lib/libgssapi_krb5.a.2.2
133193    0 lrwxrwxrwx  1 root      system          20 Nov  5 13:48 ./lib/libgssapi_krb5.a -> libgssapi_krb5.a.2.2
59462    3 -rw-r--r--  1 root      system        2597 Sep 12  2006 ./man/man8/krb524d.8
59463    5 -rw-r--r--  1 root      system        4382 Sep 12  2006 ./man/man8/krb5kdc.8
59474    4 -rw-r--r--  1 root      system        3209 Sep 12  2006 ./man/man8/login.krb5.8
 8196    9 -rw-r--r--  1 root      system        8205 Sep 12  2006 ./man/man1/krb5-send-pr.1
 8213    3 -rw-r--r--  1 root      system        2638 Sep 12  2006 ./man/man1/krb5-config.1
41044   18 -rw-r--r--  1 root      system       18252 Sep 12  2006 ./man/man5/krb5.conf.5
41047    1 drwxr-xr-x  2 root      system         512 Sep 12  2006 ./share/examples/krb5
41049    1 -rw-r--r--  1 root      system         786 Sep 12  2006 ./share/examples/krb5/krb5.conf
133199   15 -rwxr-xr-x  1 root      system       14361 Sep 12  2006 ./sbin/krb5-send-pr
133200  448 -rwxr-xr-x  1 root      system      458107 Sep 12  2006 ./sbin/krb524d
133201  824 -rwxr-xr-x  1 root      system      843759 Sep 12  2006 ./sbin/krb5kdc
133212  528 -rwxr-xr-x  1 root      system      536951 Sep 12  2006 ./sbin/login.krb5
133248    1 -rw-r--r--  1 root      system         706 Nov 18 10:08 ./etc/krb5.conf
133249    1 -rw-r--r--  1 root      system         706 Nov 13 16:06 ./etc/krb5.conf.orig
133251    1 -rw-r--r--  1 root      system         829 Nov 17 17:13 ./etc/krb5.conf.modified
135233    8 -rw-r--r--  1 root      system        7642 Sep 11  2006 ./include/openssl/krb5_asn.h
41059   10 -rw-r--r--  1 root      system       10027 Sep 12  2006 ./include/gssapi/gssapi_krb5.h
41061   25 -rw-r--r--  1 root      system       25421 Sep 12  2006 ./include/kerberosIV/krb.h
41064   16 -rw-r--r--  1 root      system       16140 Sep 12  2006 ./include/kerberosIV/krb_err.h
135248  100 -rw-r--r--  1 root      system       98426 Sep 12  2006 ./include/krb5.h
196729    1 drwxr-xr-x  2 root      system         512 Nov 13 13:37 ./var/kerberos/krb5kdc
135281    1 drwxr-xr-x  2 root      system         512 Nov 18 10:09 ./samba/3.0.28/var/locks/smb_krb5


6) In addition, when winbind is running, samba/3.0.28/bin/wbinfo -g works fine, but wbinfo -u and wbinfo -a fail. After this, winbind dumps a core file and I get following message in winbind.log file.

[2008/11/17 16:02:47, 2] lib/dmallocmsg.c:register_dmalloc_msgs(75)
:$
[2008/11/18 16:58:19, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2008/11/18 16:58:19, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2008/11/18 16:58:19, 0] lib/util.c:smb_panic(1633)
  PANIC (pid 618616): internal error
[2008/11/18 16:58:19, 0] lib/util.c:log_stack_trace(1787)
  unable to produce a stack trace on this platform
[2008/11/18 16:58:19, 0] lib/fault.c:dump_core(181)
  dumping core in /opt/pware/samba/3.0.28/var/cores/winbindd
0
rajram
Asked:
rajram
1 Solution
 
Henrik JohanssonSystems engineerCommented:
> [libdefaults]
> default_realm = 172.16.0.75  <<=== This is the password server in smb.conf

The above should be MYDOMAIN.NET and not server-IP
Not sure if it matters, but you've used IP instead of FQDN in realms-section and maybe nead to remove the additional port information.

[domain_realm]
.kerberos.server=MYDOMAIN.NET
.mydomain.net=MYDOMAIN.NET

Also see this guides:
http://wiki.samba.org/index.php/Samba_&_Active_Directory
http://www.enterprisenetworkingplanet.com/netos/article.php/3487081
0
 
rajramAuthor Commented:
I tried both suggestions seperately and it did not work. I will go thru the docs tonight and get some more information. These docs look great references. I will keep you posted. Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now