Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS
Hi, It has been a while since I have looked at any of this. However, I do know you don't want to run a kdc on your FreeBSD server. Windows is the KDC. You do need to tell FreeBSD what realm you are in , and what the Windows ADS servers are: You might wish to try the following in your /etc/krb5.conf file: # /etc/krb5.conf [libdefaults] default_realm= EXAMPLE.COM forwardable = true default_tgs_enctypes = rc4-hmac des-cbc-crc default_tkt_enctypes = rc4-hmac des-cbc-crc [appdefaults] default_realm = EXAMPLE.COM pam = { forwardable = true krb4_convert = false debug= false } [realms] EXAMPLE.COM = { kdc = ads1.example.com:88 kdc = ads2.example.com:88 admin_server = ads1.example.com:749 kpasswd_server = ads1.example.com:464 kpasswd_protocol = SET_CHANGE default_domain = example.com } [domain_realm] example.com = EXAMPLE.COM .example.com = EXAMPLE.COM [logging] default = FILE:/var/log/krb5lib.log Also, you might want to try this link: http://www.kurai.org/~gdunn/samba3-ad/fbsd_samba.html Eddie Alberto Moreno wrote: 2006/10/27, Guillermo Gutierrez [EMAIL PROTECTED]: Thank you for your response. I have not been successful in trying to do this. I have found a how-to doing this with winbind and ldap ut coud not get them to work. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of Alberto Moreno Sent: Thursday, October 26, 2006 11:51 PM To: samba@lists.samba.org Subject: Re: [Samba] Adding FreeBSD Samba Server to windows 2003 ADS 2006/3/29, Guillermo Gutierrez [EMAIL PROTECTED]: Hi, I am trying to add a FreeBSD 6.0 Samba Server to a windows 2003 ADS domain and utilize winbind/kerberos for authenticating domain users on it. I have already done this with a Gentoo Samba server (which after I realized how, turned out to be very easy) but it is a lot tougher to do with FreeBSD. Has anyone on the list had any experience with it. The samba in the FreeBSD ports is version 3.0.14a but I downloaded the source for 3.0.21cso that I can use the latest version. thanks, Guillermo Gutierrez Development Systems Engineer Market Scan Information Systems Inc. (818) 575-2000 x2427 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba HI Guillermo, im working on this, but i see that this post is from march, just want to know if you succed with this? Did have some tips about this situation? Is your system stable? May you show me your settings? I already installed samba on freebsd 6-1 from ports with ADS support, tomorrow i will try to add that machine to win2k3 AD domain, but my doubt is with the kerberos version that has freebsd by default, can we use that one..? We can enable krb5 from rc.conf, but we need all the optios there? # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable=NO # Run a kerberos 5 master server (or NO). kerberos5_server=/usr/libexec/kdc # path to kerberos 5 KDC kerberos5_server_flags= # Additional flags to the kerberos 5 server kadmind5_server_enable=NO # Run kadmind (or NO) kadmind5_server=/usr/libexec/kadmind # path to kerberos 5 admin daemon kpasswdd_server_enable=NO # Run kpasswdd (or NO) kpasswdd_server=/usr/libexec/kpasswdd # path to kerberos 5 passwd daemon Which options i need for this job..? Im really starting working with samba, but the kerberos stuff is some confused, thanks for your time!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.17/505 - Release Date: 10/27/2006 I read some docs about the same situation with winbind+ldap but went i try, no success, but let me try with Kerberos and see what happend, i will inform here in the list, see you man. LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sigbus fault ?
Hi Folks, I'm trying to run samba on Solaris 9. It works OK when I don't compile in kerberos and ldap, but when with those two compiled in, smbd seems to freeze (nmbd and winbindd are OK). After a bit of investigation I notice something strange in truss: ... /[EMAIL PROTECTED]: - libldap-2.3:ldap_free_urldesc(0x30dfe8, 0x32e048, 0x32dfb8, 0x3 /[EMAIL PROTECTED]: - liblber-2.3:ber_memfree_x(0x32dfd7, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:free(0x32dfd7, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:_free_unlocked(0x32dfd7, 0x0, 0x0, 0xfee3c000) /1: Incurred fault #5, FLTACCESS %pc = 0xFEDC7D80 /1: siginfo: SIGBUS BUS_ADRALN addr=0x0032DFCF ^^^ /1: Received signal #10, SIGBUS [caught] /1: siginfo: SIGBUS BUS_ADRALN addr=0x0032DFCF /[EMAIL PROTECTED]: - libc:sigaddset(0xffbfd594, 0xa, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:sigvalid(0xa, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:sigvalid() = 1 /[EMAIL PROTECTED]: - libc:sigaddset() = 0 /1: sigprocmask(SIG_SETMASK, 0xFFBFD594, 0x) = 0 /[EMAIL PROTECTED]: - libc:___errno(0x0, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:___errno() = 0xfee43664 /[EMAIL PROTECTED]: - libc:time(0x0, 0x0, 0x0, 0x0) ... And the same sort of thing in gdb: (gdb) run Starting program: /opt/Samba/samba-3.0.22-with-ADS/sbin/smbd Program received signal SIGSEGV, Segmentation fault. 0xfedc7d80 in _free_unlocked () from /usr/lib/libc.so.1 (gdb) bt #0 0xfedc7d80 in _free_unlocked () from /usr/lib/libc.so.1 #1 0xfedc7d38 in free () from /usr/lib/libc.so.1 #2 0xff32d848 in ldap_free_urldesc (ludp=0x30dfc0) at url.c:1481 #3 0xfebe6ed0 in __s_api_addRefInfo () from /usr/lib/libsldap.so.1 #4 0xfebea200 in proc_search_references () from /usr/lib/libsldap.so.1 #5 0xfebeac94 in search_state_machine () from /usr/lib/libsldap.so.1 #6 0xfebeb4bc in __ns_ldap_list () from /usr/lib/libsldap.so.1 #7 0xfec2ad10 in _nss_ldap_nocb_lookup () from /usr/lib/nss_ldap.so.1 #8 0xfec24868 in getbymember () from /usr/lib/nss_ldap.so.1 #9 0xfedce8f0 in nss_search () from /usr/lib/libc.so.1 #10 0xfee18d30 in _getgroupsbymember () from /usr/lib/libc.so.1 #11 0xfedc3264 in initgroups () from /usr/lib/libc.so.1 #12 0x001ab280 in getgrouplist_internals () #13 0x001ab528 in sys_getgrouplist () #14 0x001ab580 in getgroups_user () #15 0x001ab6cc in pdb_default_enum_group_memberships () #16 0x0018f22c in context_enum_group_memberships () #17 0x0019136c in pdb_enum_group_memberships () #18 0x00202d90 in get_user_groups () #19 0x0020317c in add_user_groups () #20 0x002034b8 in make_server_info_sam () #21 0x0020387c in make_new_server_info_guest () #22 0x00203a30 in init_guest_info () #23 0x0024e0b0 in main () Here is my smb.conf: [global] server string = IT151978 Solaris guest account = eirvine log level = 3 preferred master = No local master = No domain master = No [homes] comment = Home Directories valid users = %S read only = No browseable = No Here is what smbd is linked against: ldd sbin/smbd libthread.so.1 =/usr/lib/libthread.so.1 libldap-2.3.so.0 = /opt/OpenLDAP/openldap/lib/libldap-2.3.so.0 liblber-2.3.so.0 = /opt/OpenLDAP/openldap/lib/liblber-2.3.so.0 libgssapi_krb5.so.2 = /opt/Kerberos/krb5-1.4.3/lib/libgssapi_krb5.so. 2 libkrb5.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libkrb5.so.3 libk5crypto.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libk5crypto.so.3 libkrb5support.so.0 = /opt/Kerberos/krb5-1.4.3/lib/libkrb5support.so. 0 libcom_err.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libcom_err.so.3 libresolv.so.2 =/usr/lib/libresolv.so.2 libsocket.so.1 =/usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libpam.so.1 = /usr/lib/libpam.so.1 libsendfile.so.1 = /usr/lib/libsendfile.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libiconv.so.2 = /usr/local/lib/libiconv.so.2 libc.so.1 = /usr/lib/libc.so.1 libgen.so.1 = /usr/lib/libgen.so.1 libgcc_s.so.1 = /opt/sfw/gcc-3/lib/libgcc_s.so.1 libmp.so.2 =/usr/lib/libmp.so.2 libcmd.so.1 = /usr/lib/libcmd.so.1 /usr/platform/SUNW,Sun-Blade-100/lib/libc_psr.so.1 Any ideas of what to do next would be very much appreciated! Thanks Eddie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sigbus fault?
Hi Folks, I'm trying to run samba on Solaris 9. It works OK when I don't compile in kerberos and ldap, but when with those two compiled in, smbd seems to freeze (nmbd and winbindd are OK). After a bit of investigation I notice something strange in truss: ... /[EMAIL PROTECTED]: - libldap-2.3:ldap_free_urldesc(0x30dfe8, 0x32e048, 0x32dfb8, 0x3 /[EMAIL PROTECTED]: - liblber-2.3:ber_memfree_x(0x32dfd7, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:free(0x32dfd7, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:_free_unlocked(0x32dfd7, 0x0, 0x0, 0xfee3c000) /1: Incurred fault #5, FLTACCESS %pc = 0xFEDC7D80 /1: siginfo: SIGBUS BUS_ADRALN addr=0x0032DFCF ^^^ /1: Received signal #10, SIGBUS [caught] /1: siginfo: SIGBUS BUS_ADRALN addr=0x0032DFCF /[EMAIL PROTECTED]: - libc:sigaddset(0xffbfd594, 0xa, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:sigvalid(0xa, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:sigvalid() = 1 /[EMAIL PROTECTED]: - libc:sigaddset() = 0 /1: sigprocmask(SIG_SETMASK, 0xFFBFD594, 0x) = 0 /[EMAIL PROTECTED]: - libc:___errno(0x0, 0x0, 0x0, 0x0) /[EMAIL PROTECTED]: - libc:___errno() = 0xfee43664 /[EMAIL PROTECTED]: - libc:time(0x0, 0x0, 0x0, 0x0) ... And the same sort of thing in gdb: (gdb) run Starting program: /opt/Samba/samba-3.0.22-with-ADS/sbin/smbd Program received signal SIGSEGV, Segmentation fault. 0xfedc7d80 in _free_unlocked () from /usr/lib/libc.so.1 (gdb) bt #0 0xfedc7d80 in _free_unlocked () from /usr/lib/libc.so.1 #1 0xfedc7d38 in free () from /usr/lib/libc.so.1 #2 0xff32d848 in ldap_free_urldesc (ludp=0x30dfc0) at url.c:1481 #3 0xfebe6ed0 in __s_api_addRefInfo () from /usr/lib/libsldap.so.1 #4 0xfebea200 in proc_search_references () from /usr/lib/libsldap.so.1 #5 0xfebeac94 in search_state_machine () from /usr/lib/libsldap.so.1 #6 0xfebeb4bc in __ns_ldap_list () from /usr/lib/libsldap.so.1 #7 0xfec2ad10 in _nss_ldap_nocb_lookup () from /usr/lib/nss_ldap.so.1 #8 0xfec24868 in getbymember () from /usr/lib/nss_ldap.so.1 #9 0xfedce8f0 in nss_search () from /usr/lib/libc.so.1 #10 0xfee18d30 in _getgroupsbymember () from /usr/lib/libc.so.1 #11 0xfedc3264 in initgroups () from /usr/lib/libc.so.1 #12 0x001ab280 in getgrouplist_internals () #13 0x001ab528 in sys_getgrouplist () #14 0x001ab580 in getgroups_user () #15 0x001ab6cc in pdb_default_enum_group_memberships () #16 0x0018f22c in context_enum_group_memberships () #17 0x0019136c in pdb_enum_group_memberships () #18 0x00202d90 in get_user_groups () #19 0x0020317c in add_user_groups () #20 0x002034b8 in make_server_info_sam () #21 0x0020387c in make_new_server_info_guest () #22 0x00203a30 in init_guest_info () #23 0x0024e0b0 in main () Here is my smb.conf (I've removed the ads and kerberos stuff, but it was broken in the same way when it was included): [global] server string = IT151978 Solaris guest account = eirvine log level = 3 preferred master = No local master = No domain master = No [homes] comment = Home Directories valid users = %S read only = No browseable = No Here is what smbd is linked against: ldd sbin/smbd libthread.so.1 =/usr/lib/libthread.so.1 libldap-2.3.so.0 = /opt/OpenLDAP/openldap/lib/libldap-2.3.so.0 liblber-2.3.so.0 = /opt/OpenLDAP/openldap/lib/liblber-2.3.so.0 libgssapi_krb5.so.2 = /opt/Kerberos/krb5-1.4.3/lib/libgssapi_krb5.so. 2 libkrb5.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libkrb5.so.3 libk5crypto.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libk5crypto.so.3 libkrb5support.so.0 = /opt/Kerberos/krb5-1.4.3/lib/libkrb5support.so. 0 libcom_err.so.3 = /opt/Kerberos/krb5-1.4.3/lib/libcom_err.so.3 libresolv.so.2 =/usr/lib/libresolv.so.2 libsocket.so.1 =/usr/lib/libsocket.so.1 libnsl.so.1 = /usr/lib/libnsl.so.1 libpam.so.1 = /usr/lib/libpam.so.1 libsendfile.so.1 = /usr/lib/libsendfile.so.1 libdl.so.1 =/usr/lib/libdl.so.1 libiconv.so.2 = /usr/local/lib/libiconv.so.2 libc.so.1 = /usr/lib/libc.so.1 libgen.so.1 = /usr/lib/libgen.so.1 libgcc_s.so.1 = /opt/sfw/gcc-3/lib/libgcc_s.so.1 libmp.so.2 =/usr/lib/libmp.so.2 libcmd.so.1 = /usr/lib/libcmd.so.1 /usr/platform/SUNW,Sun-Blade-100/lib/libc_psr.so.1 Any ideas of what to do next would be very much appreciated! Thanks Eddie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.4 with FreeBSD
Hi, I've had this working before and I thought I'd go and check out what is wrong. It seems the samba configure script is borken. Even when you tell it to link against kerberos in another directory (for me it was /opt/MIT-Kerberos) it ignores you and just looks in the default place. You can tell which libraries samba is linked to with the ldd command. ie: ldd /usr/local/sbin/smbd running the ldconfig command to put /opt/MIT-Kerberos/lib ahead of /usr/lib didn't help. I've got it to work - finally - by installing mit kerberos over the top of hiemdal kerberos. But it sure wasn't pretty, and is definitely not a long term solution. Eddie I'm having the exact same problem Skif. It has to do with a conflict between Heimdal Kerberos (installed by default for ssh etcetera) and MIT Kerberos. If you don't install krb5, then samba-devel port will install with ads, but it will error out when joining ads. If you don't need to use ads then get rid of krb5 and remake samba-devel, and it should work. TMS III Skif wrote: samba, I compile kerberos5 [EMAIL PROTECTED] : cd /usr/ports/security/krb5/ [EMAIL PROTECTED] : make make install make clean rehash -- This port of MIT Kerberos 5 includes remote login daemons (telnetd and klogind). These daemons default to using the system login program (/usr/bin/login). Please see the file /usr/local/share/doc/krb5/README.FreeBSD for more information. -- === Compressing manual pages for krb5-1.3.3 /sbin/ldconfig -m /usr/local/lib === Registering installation for krb5-1.3.3 ... This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/ftp (USES POSSIBLY INSECURE FUNCTIONS: mktemp) /usr/local/bin/rcp /usr/local/bin/rlogin /usr/local/bin/rsh /usr/local/lib/libgssrpc.so.3 /usr/local/lib/libkrb5.so.3 (USES POSSIBLY INSECURE FUNCTIONS: mktemp) /usr/local/sbin/ftpd /usr/local/sbin/gss-server /usr/local/sbin/kadmind /usr/local/sbin/klogind /usr/local/sbin/kpropd /usr/local/sbin/krb5kdc /usr/local/sbin/kshd /usr/local/sbin/sim_server /usr/local/sbin/sserver /usr/local/sbin/telnetd /usr/local/sbin/uuserver /usr/local/sbin/v5passwdd If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://web.mit.edu/kerberos/www/ [EMAIL PROTECTED] : My next step [EMAIL PROTECTED] :cd /usr/ports/net/samba3.0.4/ [EMAIL PROTECTED] :make make install === --- === Run 'make config' to (re)configure the port === --- === Extracting for samba-3.0.4,1 Checksum OK for samba-3.0.4.tar.gz. === Patching for samba-3.0.4,1 === Applying FreeBSD patches for samba-3.0.4,1 === samba-3.0.4,1 depends on shared library: popt.0 - found === samba-3.0.4,1 depends on shared library: ldap.2 - found ... checking for AP_OPTS_USE_SUBKEY... yes checking for the krb5_princ_component macro... no checking for key in krb5_keytab_entry... yes checking for keyblock in krb5_keytab_entry... no configure: error: libkrb5 is needed for Active Directory support === Script configure failed unexpectedly. Please report the problem to [EMAIL PROTECTED] [maintainer] and attach the /usr/ports/net/samba3.0.4/work/samba-3.0.4/source/config.log including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system (e.g. an `ls /var/db/pkg`). *** Error code 1 Stop in /usr/ports/net/samba3.0.4. [EMAIL PROTECTED] : [EMAIL PROTECTED] :ls /var/db/pkg | grep krb krb5-1.3.3 [EMAIL PROTECTED] : [EMAIL PROTECTED] :uname -a FreeBSD romanof2.owe 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Mon Feb 23 20:45:55 GMT 2004 Makefile: CONFIGURE_ARGS+=--exec-prefix=${PREFIX} \ --localstatedir=${VARDIR} \ --with-configdir=${SAMBA_CONFDIR} \ --with-libdir=${SAMBA_LIBDIR}/samba \ --with-swatdir=${SAMBA_SWATDIR} \ --with-piddir=${SAMBA_RUNDIR} \ --with-lockdir=${SAMBA_LOCKDIR} \ --with-privatedir=${SAMBA_PRIVATE} \ --with-logfilebase=${SAMBA_LOGDIR} \ --with-manpages-langs=en CONFIGURE_ARGS+=--with-libiconv=${LOCALBASE} CONFIGURE_ARGS+=--with-pam --with-readline --with-sendfile-support \ --with-winbind --without-libsmbclient --without-python
Re: [Samba] MIT Kerberos with Solaris
Hi Andy, I compiled and installed MIT Kerberos into a different location (say /opt/MIT-Kerberos). I then pointed the samba configure program to that Kerberos, and everything went smoothly. I think I also had to symlink the krb5.keytab and krb5.conf files so that both versions of Kerberos were looking at the same keytab and conf. Eddie ww m-pubsyssamba wrote: As Samba 3.x does not work with the Kerberos included with Solaris (it has no headers) I have to remove it and replace it with MIT kerberos. Does anyone know if Solaris kerberised services will still work normally (without modification) such as kerberised NFS? I briefly tested this and couldn't het it to work, but if someone has a definative answer it might save me a lot of trouble, thanks in advance, Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba