Very basic samba4 joined to an AD domain test on LX/Ubuntu. (I should probably do this in a joyent domain now that it's meant to be working, but I wanted to try this.)
Minor issue. Seems the samba daemons use the following to start on boot: root@base3:~# grep -i 'start on' /etc/init/smbd.conf start on (local-filesystems and net-device-up) root@base3:~# grep -i 'start on' /etc/init/nmbd.conf start on (local-filesystems and net-device-up IFACE!=lo) root@base3:~# grep -i 'start on' /etc/init/winbind.conf start on (local-filesystems and net-device-up IFACE!=lo) [root@node7 /usbkey/vmcfg]# vmadm list UUID TYPE RAM STATE ALIAS ... f1dd6f86-b9a2-44e8-9c44-d976c2148999 LX 2048 stopped base3.corp.kpac.co.nz [root@node7 /usbkey/vmcfg]# vmadm start f1dd6f86-b9a2-44e8-9c44-d976c2148999 Successfully started VM f1dd6f86-b9a2-44e8-9c44-d976c2148999 [root@node7 /usbkey/vmcfg]# zlogin f1dd6f86-b9a2-44e8-9c44-d976c2148999 [Connected to zone 'f1dd6f86-b9a2-44e8-9c44-d976c2148999' pts/2] Last login: Thu Sep 3 12:31:30 UTC 2015 from zone:global on pts/2 Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0 x86_64) * Documentation: https://help.ubuntu.com/ __ . . _| |_ | .-. . . .-. :--. |- |_ _| ;| || |(.-' | | | |__| `--' `-' `;-| `-' ' ' `-' / ; Instance (Ubuntu 14.04 20150819) `-' https://docs.joyent.com/images/lx-brand-beta root@base3:~# ps awx PID TTY STAT TIME COMMAND 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background 48650 ? S 0:00 upstart-file-bridge --daemon 48750 ? S 0:00 sleep 60 1 ? S 0:00 init 48757 ? Ss 0:00 /bin/login -h zone:global -f 48779 ? R 0:00 ps awx 48752 ? Ss 0:00 /sbin/getty -8 38400 console 48670 ? Ss 0:00 cron 48768 ? S 0:00 -bash 48647 ? S< 0:00 /usr/sbin/ntpdate -s ntp.ubuntu.com 48676 ? Ss 0:00 /usr/sbin/sshd -D 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon 48415 ? Ssl 0:00 ipmgmtd 48636 ? S 0:00 lockfile-touch /var/lock/ntpdate-ifup 48497 ? S 0:00 upstart-udev-bridge --daemon 48619 ? Ssl 0:00 rsyslogd 48630 ? S 0:00 /bin/sh /etc/network/if-up.d/ntpdate root@base3:~# service winbind start && service smbd start && service nmbd start winbind start/running, process 48795 smbd start/running, process 48806 nmbd start/running, process 48820 root@base3:~# ps awx PID TTY STAT TIME COMMAND 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background 48650 ? S 0:00 upstart-file-bridge --daemon 48750 ? S 0:00 sleep 60 1 ? S 0:00 init 48757 ? Ss 0:00 /bin/login -h zone:global -f 48820 /var/log/samba/log.nmbd Ss 0:00 nmbd -D 48752 ? Ss 0:00 /sbin/getty -8 38400 console 48670 ? Ss 0:00 cron 48768 ? S 0:00 -bash 48795 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F 48822 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F 48824 /var/log/samba/log.smbd S 0:00 smbd -F 48676 ? Ss 0:00 /usr/sbin/sshd -D 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon 48415 ? Ssl 0:00 ipmgmtd 48823 /var/log/samba/log.winbindd-idmap S 0:00 /usr/sbin/winbindd -F 48806 /var/log/samba/log.smbd Ss 0:00 smbd -F 48826 ? R 0:00 ps awx 48814 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F 48497 ? S 0:00 upstart-udev-bridge --daemon 48619 ? Ssl 0:00 rsyslogd 48804 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F Switch to explicit 'start on' fixes the issue. I'm not sure what other packages have the above 'start on' arrangement. root@base3:~# grep 'start on' /etc/init/winbind.conf start on runlevel [2345] root@base3:~# grep 'start on' /etc/init/?mbd.conf /etc/init/nmbd.conf:start on (local-filesystems and net-device-up IFACE!=lo) /etc/init/smbd.conf:start on (local-filesystems and net-device-up) reboot and then. root@base3:~# ps awx PID TTY STAT TIME COMMAND 49771 ? Ssl 0:00 rsyslogd 49906 ? S 0:00 sleep 60 49948 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F 49926 ? S 0:00 -bash 1 ? S 0:00 init 49802 ? S 0:00 upstart-file-bridge --daemon 49573 ? Ssl 0:00 ipmgmtd 49855 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F 49649 ? S 0:00 upstart-udev-bridge --daemon 49947 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F 49949 ? R 0:00 ps awx 49824 ? Ss 0:00 cron 49920 ? Ss 0:00 /sbin/getty -8 38400 console 49655 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon 49848 ? S 0:00 /bin/sh /etc/init.d/ondemand background 49908 ? Ss 0:00 /bin/login -h zone:global -f 49828 ? Ss 0:00 /usr/sbin/sshd -D 49835 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F root@base3:~# /etc/init.d/winbind status * winbind is running root@base3:~# /etc/init.d/smbd status * smbd is not running === kinit/klist works. wbinfo -u, -g and -i seem to work. root@base3:~# wbinfo -u | grep nlee nlee Haven't pin this issue down yet: root@base3:~# touch /tmp/t root@base3:~# chown nlee /tmp/t root@base3:~# ls -l /tmp total 5 -rw------- 1 root root 2466 Sep 3 12:06 krb5cc_0 -rw-r--r-- 1 root root 0 Sep 3 12:32 t Few other logs: root@base3:~# date Thu Sep 3 12:33:39 UTC 2015 root@base3:~# tail /var/log/samba/log.smbd open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 failed with error = Protocol not available [2015/09/03 12:30:59.181653, 0] ../lib/util/pidfile.c:153(pidfile_unlink) Failed to delete pidfile /var/run/samba/smbd.pid. Error was No such file or directory [2015/09/03 12:32:26, 0] ../source3/smbd/server.c:1198(main) smbd version 4.1.6-Ubuntu started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/09/03 12:32:26.085415, 0] ../source3/smbd/server.c:1278(main) standard input is not a socket, assuming -D option [2015/09/03 12:32:26.528489, 0] ../source3/lib/util_sock.c:446(open_socket_in) open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 failed with error = Protocol not available root@base3:~# tail /var/log/samba/log.nmbd Got SIGTERM: going down... [2015/09/03 12:32:26, 0] ../source3/nmbd/nmbd.c:902(main) nmbd version 4.1.6-Ubuntu started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed with error = Protocol not available [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed with error = Protocol not available [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed with error = Protocol not available root@base3:~# tail /var/log/samba/log.winbindd Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/09/03 12:29:45.661287, 0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 [2015/09/03 12:30:59.165752, 0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=1) [2015/09/03 12:32:20, 0] ../source3/winbindd/winbindd.c:1453(main) winbindd version 4.1.6-Ubuntu started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2015/09/03 12:32:20.551640, 0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) initialize_winbindd_cache: clearing cache and re-creating with version number 2 apparmour is meant to cause some issues with samba, but it's not installed. root@base3:~# dpkg -l apparmour dpkg-query: no packages found matching apparmour root@base3:~# dpkg -l app\* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-=========================================-=========================-=========================-======================================================================================= un apparmor <none> <none> (no description available) un approx <none> <none> (no description available) I'll give this ago on base-64-lts 14.4.2 next. Nicholas apt-get install samba winbind samba libnss-winbind libpam-winbind krb5-config krb5-locales krb5-user root@base3:/etc/init# cat /etc/samba/smb.conf [global] realm = CORP.KPAC.CO.NZ workgroup = KPAC security = ADS dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab # idmap config *:backend = tdb # idmap config *:range = 5000-9999 idmap config KPAC:backend = rid idmap config KPAC:range = 10000-29999 idmap config KPAC:schema_mode = rfc2307 winbind nss info = rfc2307 winbind use default domain = Yes winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes winbind normalize names = Yes winbind separator = + store dos attributes = Yes vfs objects = acl_xattr map acl inherit = Yes # fix syslog printing = CUPS printcap name = /dev/null root@base3:~# cat /etc/krb5.conf # Be careful with CAPS they are significant! [libdefaults] default_realm = CORP.KPAC.CO.NZ ticket_lifetime = 24000 default_tgs_entypes = rc4-hmac des-cbc-md5 default_tkt__enctypes = rc4-hmac des-cbc-md5 permitted_enctypes = rc4-hmac des-cbc-md5 dns_lookup_realm = true dns_lookup_kdc = true dns_fallback = yes [realms] CORP.KPAC.CO.NZ = { kdc = twin.corp.kpac.co.nz default_domain = corp.kpac.co.nz } [domain_realm] # So are leading fullstops .corp.kpac.co.nz = CORP.KPAC.CO.NZ corp.kpac.co.nz = CORP.KPAC.CO.NZ [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log root@base3:~# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
