Following a recent upgrade, I'm getting NTLM Authentication issues on my Squid proxy server (has been running fine for the last 18 months): Am running: Ubuntu Server 14.04.1 LTS Winbind: 2:4.3.9+dfsg-0ubuntu0.14.04.1 Samba: 2:4.3.9+dfsg-0ubuntu0.14.04.1 Squid3: 3.3.8-1ubuntu6.6 Authenticating against Active Directory - has been working really well for the last 18 months, then stopped working about a week ago. Errors in cache.log: 2016/05/09 06:20:07| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/09 06:20:07| Starting new helpers 2016/05/09 06:20:07| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/09 06:20:07| ERROR: NTLM Authentication Helper '0x7f313ea68318' crashed!. 2016/05/09 06:20:07| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error' 2016/05/09 06:20:08| WARNING: ntlmauthenticator #1 exited Errors in syslog: May 9 06:20:09 optsquidproxy kernel: [228590.127125] ntlm_auth[8850]: segfault at 8 ip 00007f201ec729b0 sp 00007ffda249aae8 error 4 in libsamba-security.so.0[7f201ec67000+1b000] Squid is using pure NTLM authentication (taken from squid.conf): ### pure ntlm authentication auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMAIN auth_param ntlm children 10 auth_param ntlm keep_alive off
It seems to be affecting multiple users/sites: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1578576
https://bugzilla.samba.org/show_bug.cgi?id=10016#c28 and https://bugzilla.redhat.com/show_bug.cgi?id=1334356 seem to be the same.
Created attachment 12089 [details] Possible patch for master
Comment on attachment 12089 [details] Possible patch for master LGTM and tested!
Created attachment 12091 [details] Patch for v4-4-test
Created attachment 12092 [details] Patch for v4-3-test
Created attachment 12093 [details] Patch for v4-2-test
Karolin, please apply the patches to the relevant branches. Thanks!
Works for me but appears to be lacking a test case. Should it be rolled into the other tests added as part of bug #11849?
Just tried pulling the update from Marc Deslaurs' PPA (ppa:mdeslaur/testing) but still getting the same problem. After adding the PPA: sudo apt-get update sudo apt-get upgrade samba (which brought in all dependencies) Then rebooted the server for good measure :) The following error messages were from after the reboot, and I'm still getting issues when trying to authenticate via the squid proxy. samba: Installed: 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 Candidate: 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 Version table: *** 2:4.3.9+dfsg-0ubuntu0.14.04.2~ppa1 0 500 http://ppa.launchpad.net/mdeslaur/testing/ubuntu/ trusty/main amd64 Packages 100 /var/lib/dpkg/status 2:4.3.9+dfsg-0ubuntu0.14.04.1 0 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty-updates/main amd64 Packages 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty-security/main amd64 Packages 2:4.1.6+dfsg-1ubuntu2 0 500 http://optubunturepository.MYDOMAIN.net/ubuntu/ trusty/main amd64 Packages syslog: May 10 14:31:11 optsquidproxy kernel: [ 206.928248] ntlm_auth[2264]: segfault at 8 ip 00007f68e2aba9b0 sp 00007fff384ec2c8 error 4 in libsamba-security.so.0[7f68e2aaf000+1b000] cache.log: 2016/05/10 14:32:42| WARNING: ntlmauthenticator #1 exited 2016/05/10 14:32:42| Too few ntlmauthenticator processes are running (need 1/10) 2016/05/10 14:32:42| Starting new helpers 2016/05/10 14:32:42| helperOpenServers: Starting 1/10 'ntlm_auth' processes 2016/05/10 14:32:42| ERROR: NTLM Authentication Helper '0x7f8368efb268' crashed!. 2016/05/10 14:32:42| ERROR: NTLM Authentication validating user. Error returned 'BH Internal error'
Yes - I am using map to guest = bad user in my smb.conf Once I comment this out squid restarts without issues, and no segfaults :) I'm still using the patched version of Samba provided by Marc D via his testing PPA
(In reply to Andreas Schneider from comment #8) Pushed to autobuild-v4-[4|3|2]-test.
(In reply to Karolin Seeger from comment #12) Pushed to all branches. Closing out bug report. Thanks!
Comment on attachment 12091 [details] Patch for v4-4-test Patch looked good of course :)