> Ok, so to summarize:
> - sssd is providing user and groups from AD (via /etc/nsswitch.conf)
> - realmd was used to join the machine to AD for the above
> - local user authentication is done via pam_sss and using kerberos. Shell 
> users get a ticket upon login
> - samba is not using winbind

that's right

> I have a feeling samba is missing it's account with the AD server.

The machine account on the AD server does exist.

> I don't know if the sssd join works for samba's "security = ADS", I
have never tested that.

Up to 17.10 it is working using realm to join the client to the AD and
smb is working too.

> I always used net ads join. Is this how you configured the non-18.04
samba member servers? With just sssd, no "net ads join"?

Yes, all our clients and servers are not joined to AD by "net ads join".
These are all joined by realm and use sssd.


> The crash also seems to indicate that the "secrets" bit of "secrets and 
> keytab" is returning a null pointer to the code, so maybe samba isn't finding 
> the secret.
> Do you have a populated /etc/krb5.keytab?

local /etc/krb5.keytab is generated by realm when AD machine account is
created on the server.

> Can you try these commands:
> net ads testjoin -k

Join to domain is not valid: NT code 0xfffffff6

I also get this message on 17.10, where smb is not crashing.

> net ads status -k

objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: m15015-vm-lin3
distinguishedName: CN=m15015-vm-lin3,OU=Linux-Clients,OU=Client 
Computer,OU=alle Computer,DC=mpi-dortmund,DC=mpg,DC=de
instanceType: 4
whenCreated: 20180412075138.0Z
whenChanged: 20180413071746.0Z
uSNCreated: 99733897
uSNChanged: 99802204
name: m15015-vm-lin3
objectGUID: cc30fbce-545d-4dfb-b28c-e973059857a0
userAccountControl: 69632
codePage: 0
countryCode: 0
lastLogon: 131680786856152060
localPolicyFlags: 0
pwdLastSet: 131679930989191696
primaryGroupID: 515
objectSid: S-1-5-21-3772173984-4185860275-536710523-2741741
accountExpires: 9223372036854775807
logonCount: 148
sAMAccountName: m15015-vm-lin3$
sAMAccountType: 805306369
operatingSystem: Ubuntu
operatingSystemVersion: 18.04
dNSHostName: m15015-vm-lin3
userPrincipalName: host/m15015-vm-l...@mpi-dortmund.mpg.de
servicePrincipalName: host/m15015-vm-lin3
servicePrincipalName: host/m15015-vm-lin3.client.mpi-dortmund.mpg.de
objectCategory: 
CN=Computer,CN=Schema,CN=Configuration,DC=mpi-dortmund,DC=mpg,DC=de
isCriticalSystemObject: FALSE
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131679931011068668
msDS-SupportedEncryptionTypes: 31

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1761737

Title:
  [bionic] samba PANIC, INTERNAL ERROR: Signal 11

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to