Bug 2090 - libnss_winbind.so kills openssh session on Solaris2.6
Summary: libnss_winbind.so kills openssh session on Solaris2.6
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.9
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-26 02:54 UTC by sasajima
Modified: 2005-09-29 09:06 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description sasajima 2004-11-26 02:54:21 UTC
I have used winbindd, libnss_winbind.so and openssh.
Before with 3.0.7, openssh runs well with winbind.
But openssh doesn't run with winbind which is included in 3.0.9.
"Timeout before authentication" errors always kill my SSH sessions.
My SSH sessions are killed 2 minutes later after logon.
These errors get lost after I remove "winbind" from nsswitch.conf.

In addition, winbind causes bad effect on other programs ( such as
cron).

Cause:
  On solaris 2.6, threading shared libraries ( libraries having link
  with libthread.so ) treating signals 
  can not link with non-threading programs ( programs having no link
  with libthread.so ) treating signals.

  With 3.0.7, libnss_winbind.so has no link with libthread.so.
  However, with 3.0.9, libnss_winbind.so has link libthread.so.

  libnss_winbind.so doesn't have to link with libthread.so.
Comment 1 sasajima 2004-11-26 07:15:25 UTC
/var/log/authlog wrote by openssh:

    Nov 25 16:27:30 myhost sshd[20935]: Connection from 10.171.207.98 port 58166
    Nov 25 16:27:30 myhost sshd[20935]: Failed none for sasajima from
10.171.207.98 port 58166 ssh2
    Nov 25 16:27:30 myhost sshd[20935]: userauth_hostbased mismatch: client
sends yourhost, but we resolve 10.171.207.98 to yourhost.yourdomain.co.jp
    Nov 25 16:27:31 myhost sshd[20935]: userauth_hostbased mismatch: client
sends yourhost, but we resolve 10.171.207.98 to yourhost.yourdomain.co.jp
    Nov 25 16:27:31 myhost sshd[20935]: Accepted hostbased for sasajima from
10.171.207.98 port 58166 ssh2
    Nov 25 16:29:30 myhost sshd[20935]: fatal: Timeout before authentication for
10.171.207.98

Compile options:

    $ ./configure --prefix=/usr/local/exp \
                  --sysconfdir=/etc/exp --localstatedir=/var/exp \
                  --with-privatedir=/etc/exp \
                  --with-configdir=/etc/exp \
                  --with-libiconv=/usr/local/exp \
                  --with-piddir=/var/exp/run \
                  --with-logfilebase=/var/exp/log --with-pam \
                  --with-winbind

Link info:

   % ldd samba-3.0.9/source/nsswitch/libnss_winbind.so
        libiconv.so.2 =>         /usr/local/exp/lib/libiconv.so.2
        libthread.so.1 =>        /usr/lib/libthread.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1

   % ldd samba-3.0.7/source/nsswitch/libnss_winbind.so
        libiconv.so.2 =>         /usr/local/exp/lib/libiconv.so.2
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1
Comment 2 Guido Leenders 2005-03-13 14:07:44 UTC
Installed 3.0.11 on a Solaris 2.6 box.
Integrated with PAM as described in the manual.
Integration with PAM works fine. Can log on as a NT account with NT password.
However, after a few minutes the telnet/ftp/other session is killed by a SIGHUP
(as shown by truss).
Also, when the login is done using a UNIX account defined in /etc/passwd, the
session is killed a few minutes after the login has succeeded.
Samba shares work fine.
When the integration into the login procedure is removed, the system stays
stable: no more sessions are killed. Samba shares keep working fine.

For now, I've arranged the server of ctr to exclude PAM authentication against
Windows 2003 AD. Is no problem.

Funny is that the killing of the process takes place a few minutes (approx. 3)
after the login succeeded. This happens even when practically all server side
processes have been stopped. Although I was unable to determine what the exact
process is that kills the sessions, it must be running as root. Maybe a child of
login?

Linkinfo includes thread.

Note that inclusion into /etc/nsswitch.conf has no impact on the killing of
sessions.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-09-29 09:06:59 UTC
please retest against 3.0.20a (the current SAMBA_3_0_RELEASE branch) which will
publically be availebl next week.