Hello, I'm using samba 3.0.4, compiled with Kerberos 1.3.1-7 and CUPS, in an W2k3 ADS environment and Kerberos and the Winbind daemon are used for authentication. While checking a winbindd.log file I saw the following PANIC internal error: winbindd.log ========= [2004/07/21 12:15:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 12:15:00, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/07/21 12:15:03, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/07/21 12:16:29, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 12:25:03, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [cut] [2004/07/21 22:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 22:05:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 22:15:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 22:15:01, 0] lib/fault.c:fault_report(36) =============================================================== [2004/07/21 22:15:01, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 1317 (3.0.4) Please read the appendix Bugs of the Samba HOWTO collection [2004/07/21 22:15:01, 0] lib/fault.c:fault_report(39) =============================================================== [2004/07/21 22:15:01, 0] lib/util.c:smb_panic2(1398) PANIC: internal error [2004/07/21 22:15:01, 0] lib/util.c:smb_panic2(1406) BACKTRACE: 24 stack frames: #0 winbindd(smb_panic2+0x128) [0x80c8d58] #1 winbindd(smb_panic+0x19) [0x80c8c29] #2 winbindd [0x80b6da2] #3 /lib/tls/libc.so.6 [0x420275c8] #4 winbindd [0x80e9624] #5 winbindd [0x80e98f0] #6 winbindd(cli_krb5_get_ticket+0x1da) [0x80e9cfa] #7 winbindd(spnego_gen_negTokenTarg+0x41) [0x80ea991] #8 winbindd [0x816c61f] #9 winbindd [0x816c909] #10 winbindd(ads_sasl_bind+0x132) [0x816d022] #11 winbindd(ads_connect+0x1ac) [0x816798c] #12 winbindd(ads_do_search_retry+0xd5) [0x816fc25] #13 winbindd(ads_search_retry+0x3f) [0x816fecf] #14 winbindd [0x8084ec8] #15 winbindd [0x807960c] #16 winbindd [0x8070ffe] #17 winbindd(winbindd_getgrgid+0x365) [0x8071ef5] #18 winbindd(strftime+0x13f3) [0x806e0d3] #19 winbindd(winbind_process_packet+0x21) [0x806e3c1] #20 winbindd(do_dual_daemon+0x14d) [0x8086a8d] #21 winbindd(main+0x468) [0x806f238] #22 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015574] #23 winbindd(chroot+0x31) [0x806d8f1] [2004/07/21 22:19:03, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/07/21 22:25:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/21 22:35:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist It seems that winbind crashed at the moment that a new kerberos ticket is needed. At 12:15h a new kerberos ticket was applied and exactly 10 hours later (at 22:15h) a new ticket must be applied and at that moment winbind crashed obviously. After the PANIC message in winbindd.log everything seemed to work properly and the samba server worked properly until today (7 days later) because it freezed the RHL9 server... I tried to reboot the RHL9 server, but it hanged while stopping the samba deamons... After a reboot Samba worked fine however. Sometimes I see subjoined messages in the winbindd.log file, it seems that sometimes winbind can't connect to the ADS server (the ADS server is on a remote location and the connection is established via a 128 kb/s leased line). [2004/07/19 21:35:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/19 21:45:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/19 21:46:24, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/07/19 21:46:24, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 262 bytes to socket 16: ERRNO = Connection reset by peer [2004/07/19 21:46:24, 0] libsmb/clientgen.c:cli_send_smb(155) Error writing 262 bytes to client. -1 (Connection reset by peer) [2004/07/19 21:46:24, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Write error: Connection reset by peer [2004/07/19 21:46:47, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2004/07/19 21:46:58, 1] libsmb/cliconnect.c:cli_start_connection(1408) failed negprot [2004/07/19 21:47:06, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:445 [2004/07/19 21:47:15, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:139 [2004/07/19 21:47:15, 1] libsmb/cliconnect.c:cli_connect(1297) Error connecting to 10.2.20.240 (Operation already in progress) [2004/07/19 21:47:15, 1] libsmb/cliconnect.c:cli_start_connection(1377) cli_full_connection: failed to connect to NHADM01<20> (10.2.20.240) [2004/07/19 21:47:15, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'prisma-fo1$' does not exist [2004/07/19 21:47:15, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'prisma-fo1$' does not exist [2004/07/19 21:47:15, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'prisma-fo1$' does not exist [2004/07/19 21:47:15, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(159) user 'PRISMA-FO1$' does not exist [2004/07/19 21:55:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/07/19 22:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist My smb.conf is like this (only global section): [global] workgroup = XXXX realm = XXXX.COM server string = %h server (Samba %v) security = ADS password server = nhadm01.XXX.com, nhadm03.XXX.com, * passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 200 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u domain master = No dns proxy = No idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /data/hom/%U template shell = /bin/bash printer admin = root, '@XXXX.COM\Domain Admins', @XXXX.COM\DEP_ADMIN_GERMANY oplocks = No level2 oplocks = No My krb5.conf file is like this: [libdefaults] dns_fallback = true -- Regards, Alex de Vaal.
(In reply to comment #0) Another Samba server (with the same packages) crashed while getting a new kerberos ticket (at 22:14 a new kerberos ticket was received, at 8:14, which is 10 hours later, winbind crashed getting the new Kerberos ticket. This site never had communication problems and this server ran OK for 43 days. Subjoined the winbindd.log of that site. [2004/08/03 12:13:08, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/08/03 22:14:45, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/08/04 08:14:50, 0] lib/fault.c:fault_report(36) =============================================================== [2004/08/04 08:14:50, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 1348 (3.0.4) Please read the appendix Bugs of the Samba HOWTO collection [2004/08/04 08:14:50, 0] lib/fault.c:fault_report(39) =============================================================== [2004/08/04 08:14:50, 0] lib/util.c:smb_panic2(1398) PANIC: internal error [2004/08/04 08:14:50, 0] lib/util.c:smb_panic2(1406) BACKTRACE: 23 stack frames: #0 winbindd(smb_panic2+0x128) [0x80c8d58] #1 winbindd(smb_panic+0x19) [0x80c8c29] #2 winbindd [0x80b6da2] #3 /lib/tls/libc.so.6 [0x420275c8] #4 winbindd [0x80e9624] #5 winbindd [0x80e98f0] #6 winbindd(cli_krb5_get_ticket+0x1da) [0x80e9cfa] #7 winbindd(spnego_gen_negTokenTarg+0x41) [0x80ea991] #8 winbindd [0x816c61f] #9 winbindd [0x816c909] #10 winbindd(ads_sasl_bind+0x132) [0x816d022] #11 winbindd(ads_connect+0x1ac) [0x816798c] #12 winbindd(ads_do_search_retry+0xd5) [0x816fc25] #13 winbindd(ads_search_retry+0x3f) [0x816fecf] #14 winbindd [0x8083f31] #15 winbindd [0x8079001] #16 winbindd(winbindd_getpwuid+0x274) [0x806fe14] #17 winbindd(strftime+0x13f3) [0x806e0d3] #18 winbindd(winbind_process_packet+0x21) [0x806e3c1] #19 winbindd(do_dual_daemon+0x14d) [0x8086a8d] #20 winbindd(main+0x468) [0x806f238] #21 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015574] #22 winbindd(chroot+0x31) [0x806d8f1]
I think this is fixed in 3.0.6rc2. Please test (or wait until 3.0.6 is released) and repoen if not the case. Ther kerberos code has gotten a lot of work recently.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.