[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11

Andreas Hasenack andreas at canonical.com
Tue Apr 17 13:31:47 UTC 2018


The smb.conf(5) manpage does state that for "security = ads" or "server
role = member server" to work, the machine must have been joined to the
domain via "net ads join". This is what creates the necessary secrets in
the local secrets tdb database.

My hypothesis is that there was a change in 4.7.x and that when the
secrets are not found, it crashes. Definitely a bug, but we might be in
an unsupported configuration. I have yet to hear from upstream in their

Here is what we could try:

a) Samba as a standalone server, but using kerberos for authentication. The users will exist "locally" via sssd, and samba will be just like any other kerberized service authenticating the users via the kdc. For that it will need an appropriate service key in /etc/krb5.keytab. I think realm (the tool) only extracts host/* keys, not cifs/* keys, and samba might want cifs/* ones.
Note that the realm tool does not change smb.conf as far as I can see, that's why you still had "security = user" or "server role = stanalone server" in your smb.conf before. That might be a hint.

Also, we have to be careful in this configuration to use the same
username format. SSSD by default likes "username at REALM.COM", and samba
might expect just "username", or "username at WORKGROUP". That kind of

b) Samba as a normal member server. For this you would have to use "net
ads join". I'm not sure if this would require winbind, probably not.

I can try both scenarios in a clean VM, but I'm a bit out of time and
can't commit to it just yet. If we can't address this for the release,
then an SRU is in order.

I also just tried 4.7.7 quickly and can still reproduce the crash with
the minimal smb.conf I showed in the upstream bug at

You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to samba in Ubuntu.

  [bionic] samba PANIC, INTERNAL ERROR: Signal 11

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list