[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11

Wed, 18 Apr 2018 14:14:06 -0700 

After a lot of experimentation, I got my samba server, with "security =
ads" but no winbind and no "net ads join" command, to authenticate an AD
user using kerberos.

What nailed it was to use setspn on the windows side to add
cifs/<hostname> to the computer account, like this (for a "bionic-sssd"
computer account):

setspn -S cifs/bionic-sssd bionic-sssd

After that, this worked:
testuser1@lowtech.internal@bionic-sssd:~$ smbclient //bionic-sssd/myshare -k
WARNING: The "syslog" option is deprecated
Try "help" to get a list of possible commands.
smb: \> dir
  .                                   D        0  Wed Apr 18 20:29:20 2018
  ..                                  D        0  Wed Apr 18 20:50:25 2018
  hello.txt                           N       13  Wed Apr 18 20:29:20 2018

                7950756 blocks of size 1024. 6300604 blocks available
smb: \> testuser1@lowtech.internal@bionic-sssd:~$ klist
Ticket cache: FILE:/tmp/krb5cc_45001119_1zpGGU
Default principal: testuser1@LOWTECH.INTERNAL

Valid starting     Expires            Service principal
04/18/18 20:51:05  04/19/18 06:51:05  krbtgt/LOWTECH.INTERNAL@LOWTECH.INTERNAL
        renew until 04/19/18 20:51:05
04/18/18 20:51:49  04/19/18 06:51:05  cifs/bionic-sssd@LOWTECH.INTERNAL

testuser1@lowtech.internal@bionic-sssd:~$ id
uid=45001119(testuser1@lowtech.internal) gid=45000513(domain 
users@lowtech.internal) groups=45000513(domain users@lowtech.internal)

testuser1@lowtech.internal@bionic-sssd:~$ grep testuser /etc/passwd
testuser1@lowtech.internal@bionic-sssd:~$ 

My smb.conf has:
[global]
    workgroup = LOWTECH
    realm = LOWTECH.INTERNAL
    kerberos method = system keytab
    server role = member server
    security = ads 
...

Ah, and I didn't have to use the updated packages from my ppa, because I
set "kerberos method = system keytab", so it wasn't trying "secrets"
which is where the crash happens.


At some point I also installed libwbclient-sssd, during the experimentation. I 
can't say if it was essential now.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1761737

Title:
  [bionic] samba PANIC, INTERNAL ERROR: Signal 11

To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to