Samba and Squid are running on the same system, allowing Squid to authenticate Internet accesses against a Windows PDC. Initially, only basic authentication was used and the system worked fine for a few weeks. At some stage NTLM authentication was enabled, and after about 3 hours winbindd crashed (see log message below). The domain that the system is part of contains about 2000 users and 100 groups, but at the moment only a few users are using it, so the system was not under significant load. The following is cut from log.winbindd (only entries around the crash moment were kept). [2004/04/21 17:26:18, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 478 bytes to socket 18: ERRNO = Connection reset by peer [2004/04/21 17:26:18, 0] libsmb/clientgen.c:cli_send_smb(155) Error writing 478 bytes to client. -1 (Connection reset by peer) [2004/04/21 17:26:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Write error: Connection reset by peer [2004/04/21 17:27:42, 0] lib/util_sock.c:write_socket_data(388) write_socket_data: write failure. Error = Connection reset by peer [2004/04/21 17:27:42, 0] lib/util_sock.c:write_socket(413) write_socket: Error writing 45 bytes to socket 20: ERRNO = Connection reset by peer [2004/04/21 17:27:42, 0] libsmb/clientgen.c:cli_send_smb(155) Error writing 45 bytes to client. -1 (Connection reset by peer) [2004/04/21 17:27:42, 0] lib/fault.c:fault_report(36) =============================================================== [2004/04/21 17:27:42, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 953 (3.0.2a) Please read the appendix Bugs of the Samba HOWTO collection [2004/04/21 17:27:42, 0] lib/fault.c:fault_report(39) =============================================================== [2004/04/21 17:27:42, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2004/04/21 17:27:42, 0] lib/util.c:smb_panic(1408) BACKTRACE: 10 stack frames: #0 winbindd(smb_panic+0x11c) [0x80c06dc] #1 winbindd [0x80aee12] #2 /lib/libc.so.6 [0x4015e4f8] #3 winbindd(winbindd_pam_auth_crap+0x711) [0x8079ae1] #4 winbindd(strftime+0x139b) [0x806d1a3] #5 winbindd(winbind_process_packet+0x21) [0x806d491] #6 winbindd(strftime+0x1f2d) [0x806dd35] #7 winbindd(main+0x3f2) [0x806e292] #8 /lib/libc.so.6(__libc_start_main+0xc7) [0x4014b917] #9 winbindd(ldap_msgfree+0x79) [0x806c9c1] [2004/04/21 17:38:57, 1] nsswitch/winbindd.c:main(843) winbindd version 3.0.2a started. Copyright The Samba Team 2000-2004 Following is a description of the setup. System: Linux RedHat 9 Samba: 3.0.2a (samba-3.0.2a-1_rh9.i386.rpm) Squid: 2.5 STABLE4 smb.conf (all of it): # Global parameters [global] workgroup = LOCALNET netbios name = Gateway server string = Samba password server = PDC2 security = domain winbind uid = 10000-30000 winbind gid = 10000-20000 winbind cache time = 300 winbind use default domain = yes ENCRYPT PASSWORDS = YES client use spnego = yes client signing = enabled The relevant parts of squid.conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param ntlm max_challenge_reuses 50 auth_param ntlm max_challenge_lifetime 5 minutes #auth_param basic program <uncomment and complete this line> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 5 minutes acl the_good_the_bad_and_the_ugly proxy_auth REQUIRED http_access allow the_good_the_bad_and_the_ugly http_access deny all
I think this is fixed in the latest 3.0 tree. Please retest 3.0.3rc2 once it is released and reopen this bug if that is not the case.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup