When using pgsql passdb against and SSL-enabled postgres database and a NT4 SP 6
as a workstation, the following consistently happens:
-Samba stablishes an SSL connection to the database.
-Everything works fine.
-The workstation is rebooted.
-Then nobody can log into the workstation until Samba processes are restarted.
Samba log reads:
[2005/02/15 10:24:00, 0] passdb/pdb_pgsql.c:pgsqlsam_select_by_field(246)
Error executing SELECT
FROM "user" WHERE username = 'WORKSTATIONNAMEHERE$', server closed the
This probably means the server terminated abnormally
before or while processing the request.
Postgres log reads:
 LOG: SSL error: decryption failed or bad record mac
 LOG: pq_recvbuf: recv() failed: Connection reset by peer
The PDC is a RH AS 3.0, with rh-postgresql-devel-7.3.6-7 and
rh-postgresql-libs-7.3.6-7. DB server is Postgres 7.3.9.
Haven't had the chance yet to try it with other clients.
I would have reported it to postgres, but it happens consistently after
rebooting the workstation, so may be it is related to the connection handling
for that case in the pgsql backend.
If you need more info, please let me know.
Is this also happening when you're not using SSL?
I don't have much ideas as to why this is happening - though I guess it is
related to the fact that a smbd process dies off. Is the connection to the
database initiated before any of the clients connects? That might mean the
database connection is inherited from the "root" smbd when a new process is
fork()-ed off and the connection is inherited.
(In reply to comment #1)
> Is this also happening when you're not using SSL?
When not using SSL, everything works OK.
> related to the fact that a smbd process dies off. Is the connection to the
> database initiated before any of the clients connects? That might mean the
Yes, when Samba start, it initiates a connection to the DB and sits idle on it.
> database connection is inherited from the "root" smbd when a new process is
> fork()-ed off and the connection is inherited.
May be it's worth bringing it up on the PG mailing list?
Yes, I'd probably be a good idea to ask about this on the postgresql list. There
is no SSL-specific code in the PostGreSQL backend.
The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have
been a bit neglected during the last few releases of Samba 3 as they
haven't been actively maintained. I was the original author and
maintainer, but I no longer work on Samba 3 and I no longer use any of
the modules in production. I was hoping I could nonetheless keep the code
working for those that still use it, but this turned out to be harder then I
I'll remove these modules unless somebody steps up as a maintainer. If
there's anyone willing to take over maintainance of either one of
these modules, please let me know. Otherwise, I'll put the modules up
on my samba.org homepage as a separate tarball for those interested
(including some of the patches that have been published).
Changing the way to handle connections fixed it.