Samba 3.4 on CentOS 5 - RPMs available - Resolve winbind issues with Windows Server 2008 R2

A friend of mine uses Samba and winbind on his CentOS Linux boxes for user and group information and Kerberos for authentication. He upgraded his domain controllers recently to Windows Server 2008 R2 and suddenly his winbind authentication broke.

After doing some research around the Net, it appears that this problem is a bug in earlier versions of Samba. CentOS currently uses Samba 3.0.33 (along with some/a lot of patches from Red Hat). From my research it appeared that new versions of Samba resolve this issue, however Red Hat always plays it safe and keeps the same basic version on Red Hat Enterprise Linux and back-ports security and bug fixes.

In order to get his winbind setup working I took the most recent Fedora 11 Samba source RPM packages and rebuilt them for RHEL5/CentOS 5. I use the same build system as the Fedora project to build these RPMs (Koji - http://fedoraproject.org/wiki/Koji), so they were built as the EPEL packages are built.

To build and install the packages there are some additional packages that you'll need. I believe that they are available in the Fedora Extra Packages for Enterprise Linux (http://fedoraproject.org/wiki/EPEL), but I've also included them in my downloads directory just in case.

You will have to manually install the packages because the new Samba packages breakout the winbind stuff so when you try to yum install them you will get conflicts.

REMEMBER: Always BACKUP your configs

Download the packages here:


http://itnervecenter.com/downloads/samba

Make sure to download only the packages for your architecture (i386, or x86_64). I've also provided the source RPMs in case you'd like to build the packages for yourself.

Here's how I installed the packages on my test box (I only needed samba, samba-common, and samba-winbind; you may need other packages):


. Shutdown Samba and winbind
. Install libtalloc and libtdb (either from my downloads, or via yum and EPEL)
. rpm -Uvh --force samba-common* samba-3.4* samba-winbind*
. Restart Samba and winbind

You may have to rejoin your Linux box to your domain with


net ads join -U [DOMAIN_ADMIN]

You can now test with:


wbinfo -t
wbinfo -u
wbinfo -a DOMAINUSER%DOMAINUSERSPASSWORD

If the last command works then you're all set. If not, double-check your Samba config file and your Kerberos config file.

Hope these help some peeps out there.

Later,
Flux.

It sure helped me out, thanks!

Jay

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.