[Bug 566119] New: Winbind crashed after joining Samba domain, login as domain user and type "id" in konsole
http://bugzilla.novell.com/show_bug.cgi?id=566119 http://bugzilla.novell.com/show_bug.cgi?id=566119#c0 Summary: Winbind crashed after joining Samba domain, login as domain user and type "id" in konsole Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Samba AssignedTo: samba-maintainers@SuSE.de ReportedBy: vladimir.psenicka@gmail.com QAContact: samba-maintainers@SuSE.de Found By: --- Blocker: --- Created an attachment (id=333490) --> (http://bugzilla.novell.com/attachment.cgi?id=333490) Winbind log User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.7 (KHTML, like Gecko) Chrome/4.0.273.0 Safari/532.7 I have setup new opensuse 11.2 install to join to Samba domain. After reboot and login with domain username a pass, a new directory is created and everything works fine. But when I open konsole and type "wbinfo -u" works but after I type "id" "wbinfo -u" doesn't work. I attach log.winbindd Reproducible: Always Steps to Reproduce: 1. joining to domain 2. login as domain user 3. type "id" in konsole Actual Results: /etc/init.d/winbind status -> dead Expected Results: Winbind doesn't crash Before winbind crashed, I can list domain users by wbinfo -u, but wbinfo -g doesn't list domain groups... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c1
Lars Müller
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c2
--- Comment #2 from Lars Müller
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c3
--- Comment #3 from Vladimir Psenicka
The easiest way to use the network:samba:STABLE repository is available by installing the samba-repo-network_samba_STABLE package from http://download.opensuse.org/repositories/network:/samba:/misc/openSUSE_11.2...
This package installs /etc/zypp/repos.d/network_samba_STABLE.repo and all you need to do afterwards is
zypper dup --from network_samba_STABLE
to get all Samba pieces upgraded to the version available from the openSUSE Build Service network:samba:STABLE repository.
Winbind from samba 3.4.3 crashed also. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c4
Vladimir Psenicka
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c
James McDonough
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c5
James McDonough
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c6
--- Comment #6 from Vladimir Psenicka
I found the reason for the crash. Now I have one question about the data. Can you tell me more about the group PAVOUK? Lookup of group membership on this has given a NULL return, and we're handling this incorrectly. I'd just like to know if this group has any members, or perhaps no members explicitly in the group but only implied by the user's primary group membership.
I'm working on a patch, but I'd like to make sure that we've found the case which caused the crash.
PAVOUK is not group but domain name (samba as PDC)... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c7
--- Comment #7 from James McDonough
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c8
Vladimir Psenicka
I've checked in the patch. Please retry the above network:samba:STABLE repo packages. They should be finished building very soon.
I have upgraded samba packages from network:samba:STABLE repo and I can not ssh login as domain user. I see this in messages log: Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): [pamh: 0x7f242dca1e70] ENTER: pam_sm_authenticate (flags: 0x0001) Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): getting password (0x00000211) Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): pam_get_item returned a password Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): Verify user 'PAVOUK\psenicka' Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): enabling cached login flag Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_INVALID_HANDLE, Error message was: Invalid handle Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): internal module error (retval = PAM_SYSTEM_ERR(4), user = 'PAVOUK\psenicka') Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): [pamh: 0x7f242dca1e70] LEAVE: pam_sm_authenticate returning 4 (PAM_SYSTEM_ERR) Dec 31 16:40:58 psenicka sshd[4708]: error: PAM: System error for PAVOUK\\psenicka from 10.8.0.74 PAM problem? But when I login as root and type id "PAVOUK\psenicka" it works fine a I see my groups which I belong to from PDC... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c9
Vladimir Psenicka
(In reply to comment #7)
I've checked in the patch. Please retry the above network:samba:STABLE repo packages. They should be finished building very soon.
I have upgraded samba packages from network:samba:STABLE repo and I can not ssh login as domain user.
I see this in messages log:
Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): [pamh: 0x7f242dca1e70] ENTER: pam_sm_authenticate (flags: 0x0001) Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): getting password (0x00000211) Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): pam_get_item returned a password Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): Verify user 'PAVOUK\psenicka' Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): enabling cached login flag Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_SYSTEM_ERR (4), NTSTATUS: NT_STATUS_INVALID_HANDLE, Error message was: Invalid handle Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): internal module error (retval = PAM_SYSTEM_ERR(4), user = 'PAVOUK\psenicka') Dec 31 16:40:58 psenicka sshd[4711]: pam_winbind(sshd:auth): [pamh: 0x7f242dca1e70] LEAVE: pam_sm_authenticate returning 4 (PAM_SYSTEM_ERR) Dec 31 16:40:58 psenicka sshd[4708]: error: PAM: System error for PAVOUK\\psenicka from 10.8.0.74
PAM problem?
But when I login as root and type id "PAVOUK\psenicka" it works fine a I see my groups which I belong to from PDC...
After restarting samba and winbind, everything works fine. I can ssh login as domain user. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c10
James McDonough
http://bugzilla.novell.com/show_bug.cgi?id=566119
http://bugzilla.novell.com/show_bug.cgi?id=566119#c11
--- Comment #11 from Vladimir Psenicka
Fixed in 3.4.3. I will check with the 11.2 maintenance team about inclusion there.
It will be nice to have this patch in official 11.2 samba/winbind packages. Thanks for you help. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com