> Ok, so to summarize:
> - sssd is providing user and groups from AD (via /etc/nsswitch.conf)
> - realmd was used to join the machine to AD for the above
> - local user authentication is done via pam_sss and using kerberos. Shell
> users get a ticket upon login
> - samba is not using winbind
> I have a feeling samba is missing it's account with the AD server.
The machine account on the AD server does exist.
> I don't know if the sssd join works for samba's "security = ADS", I
have never tested that.
Up to 17.10 it is working using realm to join the client to the AD and
smb is working too.
> I always used net ads join. Is this how you configured the non-18.04
samba member servers? With just sssd, no "net ads join"?
Yes, all our clients and servers are not joined to AD by "net ads join".
These are all joined by realm and use sssd.
> The crash also seems to indicate that the "secrets" bit of "secrets and
> keytab" is returning a null pointer to the code, so maybe samba isn't finding
> the secret.
> Do you have a populated /etc/krb5.keytab?
local /etc/krb5.keytab is generated by realm when AD machine account is
created on the server.
> Can you try these commands:
> net ads testjoin -k
Join to domain is not valid: NT code 0xfffffff6
I also get this message on 17.10, where smb is not crashing.
> net ads status -k
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
[bionic] samba PANIC, INTERNAL ERROR: Signal 11
To manage notifications about this bug go to:
ubuntu-bugs mailing list