> Ok, so to summarize: > - sssd is providing user and groups from AD (via /etc/nsswitch.conf) > - realmd was used to join the machine to AD for the above > - local user authentication is done via pam_sss and using kerberos. Shell > users get a ticket upon login > - samba is not using winbind
that's right > I have a feeling samba is missing it's account with the AD server. The machine account on the AD server does exist. > I don't know if the sssd join works for samba's "security = ADS", I have never tested that. Up to 17.10 it is working using realm to join the client to the AD and smb is working too. > I always used net ads join. Is this how you configured the non-18.04 samba member servers? With just sssd, no "net ads join"? Yes, all our clients and servers are not joined to AD by "net ads join". These are all joined by realm and use sssd. > The crash also seems to indicate that the "secrets" bit of "secrets and > keytab" is returning a null pointer to the code, so maybe samba isn't finding > the secret. > Do you have a populated /etc/krb5.keytab? local /etc/krb5.keytab is generated by realm when AD machine account is created on the server. > Can you try these commands: > net ads testjoin -k Join to domain is not valid: NT code 0xfffffff6 I also get this message on 17.10, where smb is not crashing. > net ads status -k objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: m15015-vm-lin3 distinguishedName: CN=m15015-vm-lin3,OU=Linux-Clients,OU=Client Computer,OU=alle Computer,DC=mpi-dortmund,DC=mpg,DC=de instanceType: 4 whenCreated: 20180412075138.0Z whenChanged: 20180413071746.0Z uSNCreated: 99733897 uSNChanged: 99802204 name: m15015-vm-lin3 objectGUID: cc30fbce-545d-4dfb-b28c-e973059857a0 userAccountControl: 69632 codePage: 0 countryCode: 0 lastLogon: 131680786856152060 localPolicyFlags: 0 pwdLastSet: 131679930989191696 primaryGroupID: 515 objectSid: S-1-5-21-3772173984-4185860275-536710523-2741741 accountExpires: 9223372036854775807 logonCount: 148 sAMAccountName: m15015-vm-lin3$ sAMAccountType: 805306369 operatingSystem: Ubuntu operatingSystemVersion: 18.04 dNSHostName: m15015-vm-lin3 userPrincipalName: host/[email protected] servicePrincipalName: host/m15015-vm-lin3 servicePrincipalName: host/m15015-vm-lin3.client.mpi-dortmund.mpg.de objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=mpi-dortmund,DC=mpg,DC=de isCriticalSystemObject: FALSE dSCorePropagationData: 16010101000000.0Z lastLogonTimestamp: 131679931011068668 msDS-SupportedEncryptionTypes: 31 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1761737 Title: [bionic] samba PANIC, INTERNAL ERROR: Signal 11 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
