List Info

Thread: Samba related bugs
Samba related bugs
user name
 2006-06-13 08:04:46 
Bugs item #1471252, was opened at 2006-04-16 12:46
Message generated for change (Comment added) made by xedo
You can respond by visiting: 
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1471252
&group_id=132104

Please note that this message will contain a full copy of
the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Proxy
Group: None
Status: Open
>Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Raphael Lechner (xedo)
Summary: Samba related bugs

Initial Comment:
1. In my case KDC cannot be found due to

/var/efw/proxy/krb5.conf.tpl
...
[libdefaults]
...
 dns_lookup_kdc = false

Why false??? Why I cannot specify DNS name of PDC which KDC
is equal to (provided the name is in /etc/hosts)? IMHO you
should at least check in the GUI if the PDC is acceptable. 

2. You update Samba/Kerberos settings ONLY when
AD_GROUP_SELECTIONS is active. So if I change the windows
domain (no groups), it's simply don't go to Samba/Kerberos
config files and ntlm_auth helper does not work. 

/usr/local/bin/restartsquid.py
def write_smb_auth_config():
... 
    if proxy_conf['AUTH_METHOD'] == 'ntlm' and
proxy_conf['AD_GROUP_SELECTIONS'] == 'on':

3. winbindd dies if not joined to ADS:

/var/log/samba/winbindd.log
[2006/04/16 11:31:03, 1] nsswitch/winbindd.c:main(935)
  winbindd version 3.0.20b-2.1.endian2 started.
  Copyright The Samba Team 2000-2004
[2006/04/16 11:31:03, 0] lib/util.c:smb_panic2(1570)
  PANIC: Could not fetch our SID - did we join?

[2006/04/16 11:31:03, 0] lib/util.c:smb_panic2(1578)
  BACKTRACE: 6 stack frames:
   #0 winbindd(smb_panic2+0x8c) [0xcd711c]
   #1 winbindd(smb_panic+0x1a) [0xcd734a]
   #2 winbindd(init_domain_list+0x166) [0xc68e96]
   #3 winbindd(main+0x4ca) [0xc6189a]
   #4 /lib/tls/i586/libc.so.6(__libc_start_main+0xba)
[0x160dce]
   #5 winbindd [0xc5ffa1]

OK, it's not your problem (thank to Samba team), but still
it dies silently so it's not obvious why the while thing
does not work.

------------------------------------------------------------
----------

>Comment By: Raphael Lechner (xedo)
Date: 2006-06-13 10:04

Message:
Logged In: YES 
user_id=202863

In the next release i have integrated a check if the PDC is
acceptable.

The default_realm for Kerberos is case sensitive.I think
this is the real problem why samba could not fetch the SID.

now the GUI saves the default_realm always uppercase and
this should prevent this problem.

The Samba/Kerberos are only needed with Advanced Groups
andtherefore only updated if Advanced Groups are activated.


thank you 

------------------------------------------------------------
----------

Comment By: dbely (dbely)
Date: 2006-04-16 12:50

Message:
Logged In: YES 
user_id=1503086

Probably I forgot to login so posted this as nobody

------------------------------------------------------------
----------

You can respond by visiting: 
https://sourcefo
rge.net/tracker/?func=detail&atid=725139&aid=1471252
&group_id=132104


_______________________________________________
Efw-devel mailing list
Efw-devellists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-devel
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )