The Samba-Bugzilla – Bug 10264
Unrecoverable winbind failure: "key length too large"
Last modified: 2013-12-24 12:26:21 UTC
The AD server did ... something and winbind (4.0.9 as packaged by Fedora 19) failed:
Nov 11 10:43:47 ajross-mobl2 winbindd: [2013/11/11 10:43:47.637385, 0, pid=15677, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4069(cache_traverse_validate_fn)
Nov 11 10:43:47 ajross-mobl2 winbindd: cache_traverse_validate_fn: key length too large: (1174) > (1024)
Nov 11 10:43:47 ajross-mobl2 winbindd:
This would occur on every restart, and authentication would not
complete. As far as I can tell, the kerberos environment was working
correctly and klist showed active tickets; it was just a winbind
Since the message seemed to indicate it was just validating a cache, I
found some "/var/lib/samba/winbind_cache.tdp*" files, deleted them,
and restarted the service. Winbind came right up and operated fine
It seems to me like a cache validation glitch should be a recoverable
situation and not a permanent failure.
Can you share that particular winbind_cache.tdb file - maybe offline ? So we can work on a fix.
Ok, got the cache file. Fix to follow.
Created attachment 9413 [details]
patch for master
Comment on attachment 9413 [details]
patch for master
patch pushed to autobuild with review
Karolin, please cherrypick 944e9fbc20f125b52e047484dca1792d75561ed9 to 4-1
and 4-0 as well, please. Thanks!
Hm, why is Andy the only one of my users to see this? Under what circumstances would it trigger? Should I be building an updated Fedora package with this patch for our internal repo, before everyone else comes knocking at my door...?
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
David can you open a (very brief) bug about this in fedora land, so we can provide you a fix there too ?
(In reply to comment #8)
> Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Pushed to v4-1-test and v4-0-test.
Closing out bug report.