Trouble in Sambadise; Issues with PBIS Active Directory and Samba
Continuing from the last post, with the original default configuration you could browse shares on the server, but with the updated configuration you can’t.
We have joined the server to Active Directory and there are likely no issues reported with running pbis status, so what could be wrong?
I had a look through some logs in /var/log/samba/, where there are logs for each machine that has tried to access a samba share. Open one of them and you’ll possibly see four errors occur (with the timestamp lines removed)
get_schannel_session_key: could not fetch trust account password for domain 'Troliver' cli_rpc_pipe_open_schannel: failed to get schannel session key from server domaincontroller.troliver.com for domain Troliver. connect_to_domain_password_server: unable to open the domain client session to machine domaincontroller.troliver.com. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. domain_client_validate: Domain password server not available.
This is crazy; it seems like there is something wrong with joining the domain – but we are already on the domain and can change users! Ah ha, but I haven’t yet run the Samba-Interop installer, which allows you to integrate PBIS authentication with Samba.
Following this guide, for version 8.x, I ran /opt/pbis/bin/samba-interop-install – but this failed!
Found smbd version 4.1.6-Ubuntu Unsupported smbd version 4.1.6-Ubuntu Error: ERROR_PRODUCT_VERSION
If anyone asks what the difference is when using Ubuntu over CentOS, one answer you might commonly find on Google is to do with how “up-to-date” Ubtuntu is, with new and updated packages all the time, compared to CentOS which may be lagging behind with older, more stable, releases. So at the time of writing, Ubuntu’s implementation of Samba – as installed by default – is at version 4.16 and PBIS is at 8.2.1.something. Both are the latest; yet they don’t work together when using the samba-interop-install to link PBIS with Samba, which only supports versions up to 3.5 it seems.
In fact, this seems to be a problem that has been around for a while. Its for PowerBroker to figure out and fix; but actually, they even only discuss version 3 in their installation guide. So we probably can’t use Samba 4 at all and there is no indication that that will change. In the meantime, you have to use an older version of Samba. But how?
[The hard way that I didn’t end up using] – Make Samba yourself
- For this, you’ll need to have installed gcc and make. You then have to remove Samba, which should also prompt you to remove libnss-winbind, libpam-winbind, samba and winbind. Use apt-get purge to get rid of the local repository files too.
- Next, you can find an appropriate version of Samba 3 to compile here (probably version 3.5 or below).
- Download it with wget (package address), use tar -xvzf to extract it, go to the source3 folder and run ./configure. This can take a while..
- Run make, more time again.
- Finally do make install
- If it all completes successfully, you can delete all of these files that you downloaded and extracted
- The installation process should have put Samba into /usr/local/ – which is where any newly compiled stuff goes by default
- After this, you need to do a few more things, but I found a much easier way to do it instead; see below.
[The easier way that I ended up using] – Install Samba from another repository
It looks like there is a way to get this working with an older version of Samba, build for Ubuntu 12. Thankfully, it worked fine – so referring to this link, the following had to be done:
- Edit /etc/apt/sources.list to include the line “deb http://ftp.sernet.de/pub/samba/3.5/debian squeeze main”. This will add the sernet server as a package repository.
- Attempt to perform apt-get update, which will initially fail since you need to have a key to authenticate with the sernet server
- As root (and you have to be, for this), write these two lines:
- gpg –export –armor F4428B1A | apt-key add –
- gpg –keyserver wwwkeys.pgp.net –recv-keys F4428B1A;
- You should now be able to perform an update successfully and install samba from this new repository with apt-get install sernet-samba.
- After this, all other commands should work the same as it would with the original distribution of Ubuntu; you don’t have to use sernet-samba for every samba command you write
Running the samba-interop-install should now work fine and, at least in my case, everything fell into place. Hopefully everything will work better now for other people too – but if anyone has any issues, comments or suggestions, please feel free to discuss them or to get in touch.
‹ Creating a Windows shared drive in Ubuntu 14.04 with Samba Trouble in Sambadise; How to remove .DS_Store and other system-created files in Samba ›
10 thoughts on “Trouble in Sambadise; Issues with PBIS Active Directory and Samba”
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
gpg –keyserver wwwkeys.pgp.net –recv-keys F4428B1A
gives these errors:
gpg: keyserver internal error
gpg: keyserver receive failed: keyserver error
Did you receive these errors too?
Main thing – you have to be running this as root (don’t just do sudo). It might take a while to receive the key afterwards..
And make sure that the gpg export command works first, too.
fixed it by changing it to:
gpg –keyserver hkp://wwwkeys.pgp.net:80 –recv-keys F4428B1A;
Ah is your firewall blocking the hkp port normally perhaps?
I wonder if it would work without the hkp:// part too..
No I tried it with :80 only and it didn’t work
if you get some errors try the folowing:
here are several ways to import the SerNet build key to guarantee authenticity:
Install a package:
wget http://ftp.sernet.de/pub/sernet-samba-keyring_1.3_all.deb
dpkg -i sernet-samba-keyring_1.3_all.deb
Import the key manually:
gpg –keyserver wwwkeys.pgp.net –recv-keys F4428B1A;
gpg –export –armor F4428B1A | apt-key add –
source:
http://www.samba.plus/samba-3/ubuntu/
When I trying to install sernet-samba i am recieve message:
root@backsrv:/opt/pbis# apt-get install sernet-samba
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
sernet-samba : Depends: sernet-samba-common (= 2:3.5.22-31) but it is not going to be installed
Depends: sernet-libwbclient0 but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
What I can do with this?
Thanks
Can you manually install those packages? Googling seems to show it to be a problem for some others too – could it be the repository order? What OS are you using, Ubuntu LTS 14.0.2?
Must uninstall Samba 4.1.x first
# apt-get purge libwbclient0 samba-common
The above command will also uninstall the following packages:
cifs-utils* libpam-smbpass* libsmbclient* libwbclient0* python-samba*
samba-common* samba-common-bin* samba-dsdb-modules* samba-libs*
samba-vfs-modules* smbclient*
then you will not get errors when you try to install:
# apt-get install sernet-samba
and finally optionally:
apt-get install sernet-smbclient sernet-cifs-mount