Bug 2025 - winbindd crashes on startup after joining server to windows 2003 ad domain
Summary: winbindd crashes on startup after joining server to windows 2003 ad domain
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.8
Hardware: All Linux
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-11 16:39 UTC by Erik Sørnes
Modified: 2005-08-24 10:19 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Sørnes 2004-11-11 16:39:49 UTC
winbindd crashes on startup after joining server to windows 2003 ad domain with 
"net ads join"


suse linux 9.1 kernel 2.6.4-52-default
heimdal-0.6.1rc3-51


smb.conf: 

[global]
        security=ADS
        realm=HJEMME.HOME
        encrypt passwords=yes
        password server=hjemme.home
        winbind cache time = 3
        winbind separator = +
        workgroup = NETBIOS 
        auth methods = winbind
        #obey pam restrictions = yes
        #winbind use default domain = yes
        interfaces = 127.0.0.1 eth0 eth1
        #bind interfaces only = true
        printing = cups
        idmap uid = 10000-40000
        idmap gid = 10000-40000
        printcap name = cups 
        printer admin = @ntadmin, root, administrator
        map to guest = Bad User

[groups]
        comment = All groups
        path = /home/groups
        writeable = Yes
        inherit permissions = Yes

krb5.conf:

[libdefaults]
        default_realm = HJEMME.HOME 
        clockskew = 300

[realms]
        HJEMME.HOME = {
                kdc = hjemme.home
                admin_server = hjemme.home
                kpasswd_server = hjemme.home 
        }
        OTHER.REALM = {
                kdc = OTHER.COMPUTER
        }

[domain_realm]
        .HJEMME.HOME = HJEMME.HOME 

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/kdc.log
        kadmind = FILE:/var/log/kadmind.log

[appdefaults]
        pam = {
                ticket_lifetime = 1d
                renew_lifetime = 1d
                forwardable = true
                proxiable = false
                retain_after_close = false
                minimum_uid = 0
                debug = false
        }

winbind -F -i -d 3  
(end of dump:)add_trusted_domain: NETBIOS is an NT4  domain
Added domain NETBIOS HJEMME.HOME S-0-0
Connected to LDAP server 192.168.2.100
got ldap server name dotnet3@HJEMME.HOME, using bind path: dc=HJEMME,dc=HOME
IPC$ connections done anonymously
Connecting to host=DOTNET3
Connecting to 192.168.2.100 at port 445
Doing spnego session setup (blob length=108)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=dotnet3$@HJEMME.HOME
Doing kerberos session setup
Ticket in ccache[MEMORY:cliconnect] expiration fre, 12 nov 2004 09:36:18 GMT
lsa_io_sec_qos: length c does not match size 8
ads: alternate_name
Connected to LDAP server 192.168.2.100
got ldap server name dotnet3@HJEMME.HOME, using bind path: dc=HJEMME,dc=HOME
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
ads_sasl_spnego_bind: got server principal name =dotnet3$@HJEMME.HOME
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
===============================================================
INTERNAL ERROR: Signal 11 in pid 28398 (3.0.8)
Please read the appendix Bugs of the Samba HOWTO collection
===============================================================
PANIC: internal error
BACKTRACE: 18 stack frames:
 #0 ../sbin/winbindd(smb_panic2+0x18c) [0x80bd903]
 #1 ../sbin/winbindd(smb_panic+0x10) [0x80bd775]
 #2 ../sbin/winbindd [0x80ad642]
 #3 ../sbin/winbindd [0x80ad697]
 #4 [0xffffe420]
 #5 /usr/lib/libkrb5.so.17 [0x400b3d12]
 #6 ../sbin/winbindd(kerberos_kinit_password+0x7a) [0x8150d58]
 #7 ../sbin/winbindd(ads_kinit_password+0x55) [0x8150eca]
 #8 ../sbin/winbindd [0x8149a68]
 #9 ../sbin/winbindd(ads_sasl_bind+0xfe) [0x814a00d]
 #10 ../sbin/winbindd(ads_connect+0x21c) [0x8144ca7]
 #11 ../sbin/winbindd [0x8080ecd]
 #12 ../sbin/winbindd [0x808326a]
 #13 ../sbin/winbindd [0x80790b4]
 #14 ../sbin/winbindd(init_domain_list+0x86) [0x8074d9d]

also tried exactly same thing on SLES 9.0 <-> w2k3 ad-domain. Same result.

after degrading to samba 3.0.7 it works well.
Comment 1 Guenther Deschner 2004-11-11 16:52:46 UTC
This is a known issue. SuSE ships a heimdal-version that contains a bug that got
just not triggered in 3.0.7 (AFAIK, SuSE will publish a heimdal update rather
soon now. Lars, correct me if I'm wrong).

You could either rebuild with a heimdal version >0.6.1rc3 or use the sernet rpms
that use their own static-linked-heimdal version that does not have this problem.
Comment 2 Lars Müller 2004-11-12 04:59:01 UTC
There will be an update for heimdal on SuSE Linux 9.1.  But this might take some
time to get published.

Erik: As a current workaround I've added fixed heimdal packages to the
ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/ tree.  Same
packages are at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/
Comment 3 Erik Sørnes 2004-11-13 04:49:30 UTC
 Tried heimdal-package on
ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/
and heimdal 0.6.1/0.6.2/0.6.3.
All four of them fixed this bug and and they also fixed bug id 2026 on my two
linux-machines.
Comment 4 Erik Sørnes 2004-11-13 05:40:11 UTC
my last comment contains an error. Sorry

heimdal 0.6.1/0.6.2/0.6.3 corrected the problem on my linux machines.

however, the package on
ftp://ftp.SuSE.com/pub/projects/samba/3.0/{i386,x86_64}/9.1/

, heimdal-0.6.1rc3-55.9

did not.


Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:19:33 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.