Hi,
I installed Zentyal 4.0 freshly 3 days ago. My primary goal was to route our internet traffic to 2 external connections with load balancing and failover. That works fine!
Now I would also like to use Squid as transparent proxy. Apparently I need the DC module as pre-requisite. But the samba module fails to load due to some kerberos problem:
2015/02/12 08:50:06 INFO> Samba.pm:1318 EBox::Samba::_postServiceHook - Writing DNS update list...
2015/02/12 08:50:07 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command set -e
rm -f '/var/lib/zentyal/conf/samba.keytab'
samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='
Administrator@MY-DOMAIN.LAN'
chown 'ebox:ebox' '/var/lib/zentyal/conf/samba.keytab'
chmod 400 '/var/lib/zentyal/conf/samba.keytab' failed.
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Kerberos: hdb_samba4_open: use of a master key incompatible with LDB
ERROR(runtime): uncaught exception - Unknown code hdb 3
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 103, in run
net.export_keytab(keytab=keytab, principal=principal)
Command output: .
Exit value: 255 at root command set -e
rm -f '/var/lib/zentyal/conf/samba.keytab'
samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='
Administrator@MY-DOMAIN.LAN'
chown 'ebox:ebox' '/var/lib/zentyal/conf/samba.keytab'
chmod 400 '/var/lib/zentyal/conf/samba.keytab' failed.
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Kerberos: hdb_samba4_open: use of a master key incompatible with LDB
ERROR(runtime): uncaught exception - Unknown code hdb 3
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 103, in run
net.export_keytab(keytab=keytab, principal=principal)
Command output: .
Exit value: 255 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/1NUoQGBWyU.cmd 2> /var/lib/zentyal/tmp/stderr', 'set -e^Jrm -f \'/var/lib/zentyal/conf/samba.keytab\'^Jsamba-tool domain exportkeytab \'/var/lib/zentyal/conf/samba.keytab\' --principal=\'Administrator@MY
-DOMAIN.LAN\'^Jchown \'ebox:ebox\' \'/var/lib/zentyal/conf/samba.keytab\'^Jchmod 400 \'/var/lib/zentyal/conf/samba.keytab\'', 65280, 'ARRAY(0x79d73c8)', 'ARRAY(0x2796070)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'rm -f \'/var/lib/zentyal/conf/samba.keytab\'', 'samba-tool domain exportkeytab \'/var/lib/zentyal/conf/samba.keytab\' --principal=\'
Administrator@MY-DOMAIN.LAN\'', 'chown \'ebox:ebox\' \'/var/lib/zentyal/conf/samba.keytab\'', 'chmod 400 \'/var/li
b/zentyal/conf/samba.keytab\'') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('rm -f \'/var/lib/zentyal/conf/samba.keytab\'', 'samba-tool domain exportkeytab \'/var/lib/zentyal/conf/samba.keytab\' --principal=\'
Administrator@MY-DOMAIN.LAN\'', 'chown \'ebox:ebox\' \'/var/lib/zentyal/conf/samba.keytab\'', 'chmod 400 \'/var/lib/zentyal/conf/samba.keytab\'') called at /usr/share/perl5/EBox/Samba/AuthKrbHelper.pm line 230
EBox::Samba::AuthKrbHelper::_extractKeytab('EBox::Samba::AuthKrbHelper=HASH(0x79d2b08)', 'Administrator', 'MY-DOMAIN.LAN', '/var/lib/zentyal/conf/samba.keytab') called at /usr/share/perl5/EBox/Samba/AuthKrbHelper.pm line 156
EBox::Samba::AuthKrbHelper::_getTicketUsingKeytab('EBox::Samba::AuthKrbHelper=HASH(0x79d2b08)', 'Administrator', 'MY-DOMAIN.LAN', '/var/lib/zentyal/conf/samba.keytab') called at /usr/share/perl5/EBox/Samba/AuthKrbHelper.pm line 115
EBox::Samba::AuthKrbHelper::new('EBox::Samba::AuthKrbHelper', 'RID', 500) called at /usr/share/perl5/EBox/Module/LDAP.pm line 172
EBox::Module::LDAP::_connectToSchemaMaster('EBox::Samba=HASH(0x5225688)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 275
EBox::Module::LDAP::_loadSchemasFiles('EBox::Samba=HASH(0x5225688)', 'ARRAY(0x5d714c0)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 267
EBox::Module::LDAP::_loadSchemas('EBox::Samba=HASH(0x5225688)') called at /usr/share/perl5/EBox/Module/LDAP.pm line 343
EBox::Module::LDAP::_performSetup('EBox::Samba=HASH(0x5225688)') called at /usr/share/perl5/EBox/Samba.pm line 897
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5225688)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5225688)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 656
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 655
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x40c2960)', 'progress', 'EBox::ProgressIndicator=HASH(0x40b95b0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x40e99d8)', 'progress', 'EBox::ProgressIndicator=HASH(0x40b95b0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2015/02/12 08:50:07 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command set -e
rm -f '/var/lib/zentyal/conf/samba.keytab'
samba-tool domain exportkeytab '/var/lib/zentyal/conf/samba.keytab' --principal='
Administrator@MY-DOMAIN.LAN'
chown 'ebox:ebox' '/var/lib/zentyal/conf/samba.keytab'
chmod 400 '/var/lib/zentyal/conf/samba.keytab' failed.
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Kerberos: hdb_samba4_open: use of a master key incompatible with LDB
ERROR(runtime): uncaught exception - Unknown code hdb 3
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 103, in run
net.export_keytab(keytab=keytab, principal=principal)
Command output: .
Exit value: 255
2015/02/12 08:50:07 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: squid
2015/02/12 08:50:08 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command set -e
samba-tool domain exportkeytab '/etc/squid3/HTTP.keytab' --principal 'zentyal-squid-clinternet'
samba-tool domain exportkeytab '/etc/squid3/HTTP.keytab' --principal 'HTTP/clinternet.my-domain.lan'
samba-tool domain exportkeytab '/etc/squid3/HTTP.keytab' --principal 'HTTP/clinternet.my-domain.lan@MY-DOMAIN.LAN'
chown 'root':'proxy' '/etc/squid3/HTTP.keytab'
chmod '440' '/etc/squid3/HTTP.keytab' failed.
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Kerberos: hdb_samba4_open: use of a master key incompatible with LDB
Did anyone had this problem as well or knows how to fix it? I tried to search for the problem but I can only find unrelated stuff.
As I do not need a DC it would also be an option to disable it. As said, I am only interested in the Squid Transparent Proxy which fails to load as a follow up error of the DC problem. If there is a simple way to work-around the problem, that would be an option too.
Thanks,
Hendrik
Packages:
ii zentyal 4.0 all Zentyal - Core metapackage
ii zentyal-common 4.0.1 all Zentyal - Common Library
ii zentyal-core 4.0.5 all Zentyal - Core
ii zentyal-dhcp 4.0 all Zentyal - DHCP Server
ii zentyal-dns 4.0.2 all Zentyal - DNS Server
ii zentyal-firewall 4.0 all Zentyal - Firewall
ii zentyal-network 4.0 all Zentyal - Network Configuration
ii zentyal-ntp 4.0.1 all Zentyal - NTP Service
ii zentyal-objects 4.0 all Zentyal - Network Objects
ii zentyal-samba 4.0.7 all Zentyal - Domain Controller and File Sharing
ii zentyal-services 4.0 all Zentyal - Network Services
ii zentyal-software 4.0 all Zentyal - Software Management
ii zentyal-squid 4.0.1 all Zentyal - HTTP Proxy
Topic: Problem setting up Domain Controller - Zentyal 4.0 (latest) (Read 2419 times)