[Bug 429064] New: LDAP client and Samba Server
https://bugzilla.novell.com/show_bug.cgi?id=429064 Summary: LDAP client and Samba Server Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: rsantos@ruisantos.com QAContact: qa@suse.de Found By: --- I've been using LDAP login authentication since openSUSE 10.2. Since my latest install of openSUSE 11.0, I cannot have both LDAP authentication and Samba Server. Samba just will not bind itself to the necessary ports. eg: ~# netstat -anp | grep smb gives no LISTEN on port 139 or 445. If I change /etc/nsswitch.conf from group: files ldap to group: files then smb bind itself to the required port (139/445) I have tried with samba's openSUSE original version 3.2.0, openSUSE Upgrades Version 3.2.4 and buildservices openSUSE 3.0.32 version. Can you please track this issue. I'm available to provide any kind of test results/something... openSUSE 11.0 x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c1
--- Comment #1 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=429064
User jmcdonough@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c2
James McDonough
https://bugzilla.novell.com/show_bug.cgi?id=429064
User jmcdonough@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c3
--- Comment #3 from James McDonough
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c4
--- Comment #4 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c5
--- Comment #5 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c6
--- Comment #6 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c7
--- Comment #7 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c8
--- Comment #8 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
James McDonough
https://bugzilla.novell.com/show_bug.cgi?id=429064
User jmcdonough@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c9
James McDonough
https://bugzilla.novell.com/show_bug.cgi?id=429064
User jmcdonough@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c10
James McDonough
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c11
--- Comment #11 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c12
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c13
--- Comment #13 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c14
--- Comment #14 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c15
--- Comment #15 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c16
Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c17
Ralf Haferkamp
Here is the /etc/nsswitch.conf file Thanks.
About your statement on the "guest account" parameter: If you read my comments 1 (one) and 4 (four), I also state that but, that same configuration worked on openSUSE 10.3. I read you comments. Still smbd seems to ignore the "guest account" setting in a share section. @samba-maintainers: Please correct me if I am wrong.
And I only get this problem when "guest account" is placed on a share section. Does the problem also occur if you have no "guest account" setting at all? Neither in [global] nor in [share]?
Additionally to get some more debuglogging could you please stop nscd, add "debug -1" to /etc/ldap.conf and recreate and reattach the smbd log files from comment #4. That should add some debug logging output of nss_ldap to the logs. Maybe that way we can figure out what happens. (Re-adjusting the severity to normal for now.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c18
--- Comment #18 from Rui Santos
I read you comments. Still smbd seems to ignore the "guest account" setting in a share section. @samba-maintainers: Please correct me if I am wrong.
I believe you are right... It seems comment #1 was misleading...
And I only get this problem when "guest account" is placed on a share section. Does the problem also occur if you have no "guest account" setting at all? Neither in [global] nor in [share]?
Yes, it does. If no "guest account" parameter is defined, it defaults to "nobody", witch is NOT an ldap user. I've also tested it with that specific user: guest account = nobody -> Samba will not start guest account = rsantos -> Samba will start
Additionally to get some more debuglogging could you please stop nscd, add "debug -1" to /etc/ldap.conf and recreate and reattach the smbd log files from comment #4. That should add some debug logging output of nss_ldap to the logs. Maybe that way we can figure out what happens.
Of couse. Will attach them in a few moments... I assume you will not need the strace ones, right ? If so, please ask. Also, with the "debug -1" option there is a lot of information send to stdout. I redirected it to a file called smbd.stdout.log
(Re-adjusting the severity to normal for now.)
Seems Ok.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c19
--- Comment #19 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c20
--- Comment #20 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c21
Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c22
Ralf Haferkamp
Yes, it does. If no "guest account" parameter is defined, it defaults to "nobody", witch is NOT an ldap user. Funny enough you seem to have a user "nobody" in you LDAP server. In the ldap log you attached I see that there is an entry:
uid=nobody,ou=Users,dc=ldap,dc=grupopie,dc=com with the posixAccount attribute. You should delete that entry. It can create all sorts of confusion and errors having to users with the same name. Additionally it seems that nss_ldap stucks shortly after reading that user. Could you please executed the following command, paste the output here and tell if it successfully returns or if it also locks up? ldapsearch -ZZ -x -h auth.grupopie.com -b dc=ldap,dc=grupopie,dc=com (&(objectclass=posixAccount)(uid=nobody)) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c23
--- Comment #23 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c24
--- Comment #24 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c25
--- Comment #25 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c26
--- Comment #26 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c27
--- Comment #27 from Rui Santos
With the knowledge that you have even two "nobody" users in your LDAP database. I am able to reproduce the problem now. nss_ldap seems to hang in the getpwnam() call in that case. At least when paged_results are used (which is the default for nss_ldap).
Well... no comments... Those test "things" should have been deleted long ago.
Possible workarounds: 1. Clean up your LDAP server so that it have duplicate users anymore. As written in comment#22 having multiple users with the same name is broken and causes trouble. (You should at least remove the two "nobody" users from your LDAP server.
I have used solution 1 (one).
2. Switch off paged results in nss_ldap by adding "nss_paged_results no" to your /etc/ldap.conf until we have fixed root-cause of this problem.
Thanks for all your help. If you need any other tests... something... please do ask... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c28
--- Comment #28 from Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rsantos@ruisantos.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c29
--- Comment #29 from Rui Santos
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c32
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=429064
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=429064#c33
Ralf Haferkamp
participants (1)
-
bugzilla_noreply@novell.com