I have tried on two different systems and the results are the same. Basically I am running IPAv3 - on Centos6.5 - I think its version 3.0.0.37 I remove samba3 and install via yum, samba4 - which installs version 4.0.0rc4 I configure samba as a standalone setup with ipa as the backend - using ldapi (ipasam.so from my understanding) - but it happens even with ldap.so - from what I can work out is it has nothing to do with how I connect to the ldap server, as the problem only occurs depending on if I change a gid of a user in the IPA database. I create a user bob , which for example has a UID and GID of 85000045 , if I run pdbedit -L bob then the results are succesful, but if I change the GID of the user to anything other than what it was when I created the user - I get a bad talloc magic value error when I run pdbedit, then a panic, and smb restarts. I tested various combinations, and it seems I can change both the UID and GID to anything, and as long as they are the same as each other, pdbedit -L returns a success. But as soon as I change either the GID or UID so they differ from each other, I get the bad talloc error. Bad talloc magic value - unknown value PANIC (pid 13316): Bad talloc magic value - unknown value BACKTRACE: 10 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1a) [0x7ffaaebb1f8a] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x25) [0x7ffaaebb2055] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x1a1) [0x37f6e17801] #3 /usr/lib64/libtalloc.so.2(talloc_named_const+0x2b6) [0x37c8e04dd6] #4 /usr/lib64/samba/pdb/ipasam.so(+0xb41f) [0x7ffaa824f41f] #5 /usr/lib64/libpdb.so.0(pdb_getsampwnam+0x1d) [0x7ffaae97c1bd] #6 pdbedit() [0x403456] #7 pdbedit(main+0x7b8) [0x404c48] #8 /lib64/libc.so.6(__libc_start_main+0xfd) [0x37c6e1ed1d] #9 pdbedit() [0x402cc9] Can not dump core: corepath not set up I couldnt figure out how to get a core dump for pdbedit but I set the debug level and get this: INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = SUNRISE doing parameter realm = SUNRISE.LOCAL doing parameter passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket doing parameter dedicated keytab file = FILE:/etc/samba/samba.keytab doing parameter kerberos method = dedicated keytab doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 100000 doing parameter disable spoolss = Yes doing parameter domain logons = Yes doing parameter domain master = Yes doing parameter ldap group suffix = cn=groups,cn=accounts doing parameter ldap machine suffix = cn=computers,cn=accounts doing parameter ldap suffix = dc=sunrise,dc=local doing parameter ldap ssl = no doing parameter ldap user suffix = cn=users,cn=accounts doing parameter registry shares = Yes doing parameter create krb5 conf = No doing parameter rpc_daemon:lsasd = fork doing parameter rpc_daemon:epmd = fork doing parameter rpc_server:tcpip = yes doing parameter rpc_server:netlogon = external doing parameter rpc_server:samr = external doing parameter rpc_server:lsasd = external doing parameter rpc_server:lsass = external doing parameter rpc_server:lsarpc = external doing parameter rpc_server:epmapper = external doing parameter ldapsam:trusted = yes doing parameter idmap config * : backend = tdb pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="SVR" Attempting to find a passdb backend to match ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket (ipasam) No builtin backend found, trying to load plugin Probing module 'ipasam' Probing module 'ipasam': Trying to load from /usr/lib64/samba/pdb/ipasam.so Module 'ipasam' loaded Attempting to register passdb backend ipasam Successfully added passdb backend 'ipasam' Found pdb backend ipasam smbldap_search_ext: base => [], filter => [(objectclass=*)], scope => [0] The connection to the LDAP server was closed smb_ldap_setup_connection: ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket as "(null)" ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is successfully connected smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectclass=domainRelatedObject], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectclass=krbrealmcontainer], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectClass=ipaNTDomainAttrs], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [cn=Default SMB Group,cn=groups,cn=accounts,dc=sunrise,dc=local], filter => [objectClass=*], scope => [0] smbldap_open: already connected to the LDAP server check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F53554E524953452E4C4F43414C Allocated locked data 0x0x1f2caa0 Unlocking key 534543524554532F5349442F53554E524953452E4C4F43414C release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F53554E52495345 Allocated locked data 0x0x1f2ccf0 Unlocking key 534543524554532F5349442F53554E52495345 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F535652 Allocated locked data 0x0x1f2b610 Unlocking key 534543524554532F5349442F535652 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket has a valid init smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [(&(objectClass=ipaNTUserAttrs)(uid=smbtester))], scope => [2] smbldap_open: already connected to the LDAP server init_sam_from_ldap: Entry found for user: smbtester pdb_set_username: setting username smbtester, was element 11 -> now SET pdb_set_domain: setting domain sunrise.local, was element 13 -> now DEFAULT pdb_set_nt_username: setting nt username smbtester, was element 14 -> now SET pdb_set_user_sid_from_string: setting user sid S-1-5-21-1426264427-42649849-2141215060-101504 pdb_set_user_sid: setting user sid S-1-5-21-1426264427-42649849-2141215060-101504 element 17 -> now SET Bad talloc magic value - unknown value PANIC (pid 14028): Bad talloc magic value - unknown value BACKTRACE: 10 stack frames: #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f1d4b23ef8a] #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x25) [0x7f1d4b23f055] #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x1a1) [0x37f6e17801] #3 /usr/lib64/libtalloc.so.2(talloc_named_const+0x2b6) [0x37c8e04dd6] #4 /usr/lib64/samba/pdb/ipasam.so(+0xb41f) [0x7f1d448dc41f] #5 /usr/lib64/libpdb.so.0(pdb_getsampwnam+0x1d) [0x7f1d4b0091bd] #6 pdbedit() [0x403456] #7 pdbedit(main+0x7b8) [0x404c48] #8 /lib64/libc.so.6(__libc_start_main+0xfd) [0x37c6e1ed1d] #9 pdbedit() [0x402cc9] Can not dump core: corepath not set up [root@svr log]# if I run it against a user that has the same UID and GID I get this: [root@svr log]# pdbedit -d 100 -L smbuser INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 100 tdb: 100 printdrivers: 100 lanman: 100 smb: 100 rpc_parse: 100 rpc_srv: 100 rpc_cli: 100 passdb: 100 sam: 100 auth: 100 winbind: 100 vfs: 100 idmap: 100 quota: 100 acls: 100 locking: 100 msdfs: 100 dmapi: 100 registry: 100 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = SUNRISE doing parameter realm = SUNRISE.LOCAL doing parameter passdb backend = ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket doing parameter dedicated keytab file = FILE:/etc/samba/samba.keytab doing parameter kerberos method = dedicated keytab doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 100000 doing parameter disable spoolss = Yes doing parameter domain logons = Yes doing parameter domain master = Yes doing parameter ldap group suffix = cn=groups,cn=accounts doing parameter ldap machine suffix = cn=computers,cn=accounts doing parameter ldap suffix = dc=sunrise,dc=local doing parameter ldap ssl = no doing parameter ldap user suffix = cn=users,cn=accounts doing parameter registry shares = Yes doing parameter create krb5 conf = No doing parameter rpc_daemon:lsasd = fork doing parameter rpc_daemon:epmd = fork doing parameter rpc_server:tcpip = yes doing parameter rpc_server:netlogon = external doing parameter rpc_server:samr = external doing parameter rpc_server:lsasd = external doing parameter rpc_server:lsass = external doing parameter rpc_server:lsarpc = external doing parameter rpc_server:epmapper = external doing parameter ldapsam:trusted = yes doing parameter idmap config * : backend = tdb pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="SVR" Attempting to find a passdb backend to match ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket (ipasam) No builtin backend found, trying to load plugin Probing module 'ipasam' Probing module 'ipasam': Trying to load from /usr/lib64/samba/pdb/ipasam.so Module 'ipasam' loaded Attempting to register passdb backend ipasam Successfully added passdb backend 'ipasam' Found pdb backend ipasam smbldap_search_ext: base => [], filter => [(objectclass=*)], scope => [0] The connection to the LDAP server was closed smb_ldap_setup_connection: ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket smbldap_open_connection: connection opened ldap_connect_system: Binding to ldap server ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket as "(null)" ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results The LDAP server is successfully connected smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectclass=domainRelatedObject], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectclass=krbrealmcontainer], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [objectClass=ipaNTDomainAttrs], scope => [2] smbldap_open: already connected to the LDAP server smbldap_search_ext: base => [cn=Default SMB Group,cn=groups,cn=accounts,dc=sunrise,dc=local], filter => [objectClass=*], scope => [0] smbldap_open: already connected to the LDAP server check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F53554E524953452E4C4F43414C Allocated locked data 0x0xff8aa0 Unlocking key 534543524554532F5349442F53554E524953452E4C4F43414C release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F53554E52495345 Allocated locked data 0x0xff8cf0 Unlocking key 534543524554532F5349442F53554E52495345 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> check lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none> Locking key 534543524554532F5349442F535652 Allocated locked data 0x0xff7610 Unlocking key 534543524554532F5349442F535652 release lock order 1 for /var/lib/samba/private/secrets.tdb lock order: 1:<none> 2:<none> 3:<none> pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-SUNRISE-LOCAL.socket has a valid init smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [(&(objectClass=ipaNTUserAttrs)(uid=smbuser))], scope => [2] smbldap_open: already connected to the LDAP server init_sam_from_ldap: Entry found for user: smbuser pdb_set_username: setting username smbuser, was element 11 -> now SET pdb_set_domain: setting domain sunrise.local, was element 13 -> now DEFAULT pdb_set_nt_username: setting nt username smbuser, was element 14 -> now SET pdb_set_user_sid_from_string: setting user sid S-1-5-21-1426264427-42649849-2141215060-1075 pdb_set_user_sid: setting user sid S-1-5-21-1426264427-42649849-2141215060-1075 element 17 -> now SET pdb_set_full_name: setting full name smb user, was element 12 -> now SET attribute ipaNTHomeDirectoryDrive does not exist attribute ipaNTHomeDirectory does not exist attribute ipaNTLogonScript does not exist attribute ipaNTProfilePath does not exist element 19 -> now SET element 33 -> now SET element 20 -> now SET account_policy_get: name: maximum password age, val: -1 Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/gencache_notrans.tdb gid_to_sid: winbind failed to find a sid for gid 834800075 smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [(&(gidNumber=834800075)(objectClass=ipaNTGroupAttrs))], scope => [2] smbldap_open: already connected to the LDAP server ERROR: Got 0 entries for gid 834800075, expected one LEGACY: gid 834800075 -> sid S-1-22-2-834800075 smbldap_search_ext: base => [dc=sunrise,dc=local], filter => [(&(gidNumber=834800075)(objectClass=ipaNTGroupAttrs))], scope => [2] smbldap_open: already connected to the LDAP server ERROR: Got 0 entries for gid 834800075, expected one Forcing Primary Group to 'Domain Users' for smbuser element 3: DEFAULT element 1: DEFAULT element 4: DEFAULT element 2: DEFAULT account_policy_get: name: password history, val: 0 tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 0) -> 209 tdb_pack_va(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 209) -> 209 tdb_unpack(dddddddBBBBBBBBBBBBddBBBdwdBwwd, 209) -> 209 element 5 -> now SET element 6 -> now SET element 7 -> now SET element 8 -> now SET element 9 -> now SET element 20 -> now SET pdb_set_username: setting username smbuser, was element 11 -> now SET pdb_set_domain: setting domain sunrise.local, was element 13 -> now SET pdb_set_nt_username: setting nt username smbuser, was element 14 -> now SET pdb_set_full_name: setting full name smb user, was element 12 -> now SET Home server: svr pdb_set_homedir: setting home dir \\svr\smbuser, was element 1 -> now DEFAULT pdb_set_dir_drive: setting dir drive , was NULL element 3 -> now DEFAULT pdb_set_logon_script: setting logon script , was element 4 -> now DEFAULT Home server: svr pdb_set_profile_path: setting profile path \\svr\smbuser\profile, was element 2 -> now DEFAULT element 21 -> now SET element 23 -> now SET pdb_set_workstations: setting workstations , was element 22 -> now SET element 24 -> now SET element 33 -> now SET account_policy_get: name: password history, val: 0 element 34 -> now SET pdb_set_user_sid: setting user sid S-1-5-21-1426264427-42649849-2141215060-1075 element 17 -> now SET pdb_set_user_sid_from_rid: setting user sid S-1-5-21-1426264427-42649849-2141215060-1075 from rid 1075 element 15 -> now SET element 27 -> now SET element 28 -> now SET element 31 -> now SET element 19 -> now SET element 16 -> now SET element 25 -> now SET pdb_set_group_sid: setting group sid S-1-5-21-1426264427-42649849-2141215060-513 element 18 -> now SET Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! smbuser:834800075:smb user [root@svr log]#
Please try a supported version of Samba, not a release candidate. The "rc4" denotes a pre-release version. Please re-open this bug if you can reproduce with 4.0.22 or 4.1.12.
Dear Volker How do I go about using a non release candidate if 4.0.0rc4 is what gets installed via yum? I have tried updating via yum which returns no update, so I tried building from source - but I cant get it to install over 4.0.0rc4 - it keeps showing me 4.0.0rc4 when I type smbstatus - after running the ./configure, make and make install commands. It does seem to install without issue - but in /usr/local/samba I think - which doesnt seem to be where 4.0.0rc4. I cant find any documentation on upgrading / replacing the current version I have in Centos6.5 to a more recent one? Any help is greatly appreciated On 2014/10/06 08:10 AM, samba-bugs@samba.org wrote: > https://bugzilla.samba.org/show_bug.cgi?id=10855 > > Volker Lendecke <vl@samba.org> changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > Status|NEW |RESOLVED > Resolution| |WONTFIX > > --- Comment #1 from Volker Lendecke <vl@samba.org> 2014-10-06 06:10:20 UTC --- > Please try a supported version of Samba, not a release candidate. The "rc4" > denotes a pre-release version. Please re-open this bug if you can reproduce > with 4.0.22 or 4.1.12. >
(In reply to comment #2) > How do I go about using a non release candidate if 4.0.0rc4 is what gets > installed via yum? I have tried updating via yum which returns no > update, so I tried building from source - but I cant get it to install > over 4.0.0rc4 - it keeps showing me 4.0.0rc4 when I type smbstatus - > after running the ./configure, make and make install commands. It does > seem to install without issue - but in /usr/local/samba I think - which > doesnt seem to be where 4.0.0rc4. > > I cant find any documentation on upgrading / replacing the current > version I have in Centos6.5 to a more recent one? You might want to upgrade to Centos 7. They have a more recent version packaged. If that is not possible, you might want to get a support contract with RedHat to get you a RHEL6.5 that might cause less trouble for you and then have RedHat provide you with more recent packages. Apart from that you might be able to get support from someone via https://www.samba.org/samba/support/. Volker
Thanks I am considering the upgrade to 7 - but probably only at the end of the year. In the mean time I found rpms for 4.0.6 which I tried, but I have to remove IPA-SERVER first, which I didnt want to do so I tried on a test system, and I can install samba4.0.6 after some fiddling - had to remove all samba4 .00 rc4 -67, which removed IPA-SERVER and its dependancies, and also IPA-TRUST-AD, but I cant install samba4-client -4.0.6 because it conflicts with tdb-tools. I found a newer tdbtools online, but it still conflicts - so I removed all of 4.0.6 and re-intalled the package version, then re-installed IPA to see if the system can recover - but IPA is totally broken it seems. So I cant risk this on my main systems. I am experimenting with how one recovers IPA - but thats irrelevant for this. I can build a new system - install samba 4.0.6 ahead of time, then IPA - but can you possibly provide any advice on the tdb-tools issue with samba4-client 4.0.6 ? or can you provide any advice on the installation of 4.1 from source - as I followed the online documentation at the samba web site, but all it says is the typical configure, make, make install commands with reference to a source folder (but thats for samba3 it seems) - but it gives no clear help / instructions? You suggest RHEL subscription? I dont understand, I thought all packages for CENTOS 6 and RHEL 6 are the same? I went to https://www.samba.org/samba/support but I cant see a forum that I can follow or submit a post for help? Kind Regards Basil On 2014/10/06 09:00 AM, samba-bugs@samba.org wrote: > https://bugzilla.samba.org/show_bug.cgi?id=10855 > > --- Comment #3 from Volker Lendecke <vl@samba.org> 2014-10-06 07:00:29 UTC --- > (In reply to comment #2) > >> How do I go about using a non release candidate if 4.0.0rc4 is what gets >> installed via yum? I have tried updating via yum which returns no >> update, so I tried building from source - but I cant get it to install >> over 4.0.0rc4 - it keeps showing me 4.0.0rc4 when I type smbstatus - >> after running the ./configure, make and make install commands. It does >> seem to install without issue - but in /usr/local/samba I think - which >> doesnt seem to be where 4.0.0rc4. >> >> I cant find any documentation on upgrading / replacing the current >> version I have in Centos6.5 to a more recent one? > You might want to upgrade to Centos 7. They have a more recent version > packaged. If that is not possible, you might want to get a support contract > with RedHat to get you a RHEL6.5 that might cause less trouble for you and then > have RedHat provide you with more recent packages. Apart from that you might be > able to get support from someone via https://www.samba.org/samba/support/. > > Volker >
(In reply to comment #4) > You suggest RHEL subscription? I dont understand, I thought all packages > for CENTOS 6 and RHEL 6 are the same? As far as I know they are the same except for trademarks. If I am wrong, then you might contact the CentOS organization for paid support, sorry for my confusion. Volker