When using pgsql passdb against and SSL-enabled postgres database and a NT4 SP 6 as a workstation, the following consistently happens: -Samba stablishes an SSL connection to the database. -Everything works fine. -The workstation is rebooted. -Then nobody can log into the workstation until Samba processes are restarted. Samba log reads: [2005/02/15 10:24:00, 0] passdb/pdb_pgsql.c:pgsqlsam_select_by_field(246) Error executing SELECT logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_drive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dial,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,logon_divs,hours_len,bad_password_count,logon_count,unknown_6 FROM "user" WHERE username = 'WORKSTATIONNAMEHERE$', server closed the connection unexpectedly This probably means the server terminated abnormally before or while processing the request. Postgres log reads: [24129] LOG: SSL error: decryption failed or bad record mac [24129] LOG: pq_recvbuf: recv() failed: Connection reset by peer The PDC is a RH AS 3.0, with rh-postgresql-devel-7.3.6-7 and rh-postgresql-libs-7.3.6-7. DB server is Postgres 7.3.9. Haven't had the chance yet to try it with other clients. I would have reported it to postgres, but it happens consistently after rebooting the workstation, so may be it is related to the connection handling for that case in the pgsql backend. If you need more info, please let me know. Thanks!
Is this also happening when you're not using SSL? I don't have much ideas as to why this is happening - though I guess it is related to the fact that a smbd process dies off. Is the connection to the database initiated before any of the clients connects? That might mean the database connection is inherited from the "root" smbd when a new process is fork()-ed off and the connection is inherited.
(In reply to comment #1) > Is this also happening when you're not using SSL? When not using SSL, everything works OK. > related to the fact that a smbd process dies off. Is the connection to the > database initiated before any of the clients connects? That might mean the Yes, when Samba start, it initiates a connection to the DB and sits idle on it. > database connection is inherited from the "root" smbd when a new process is > fork()-ed off and the connection is inherited. May be it's worth bringing it up on the PG mailing list?
Yes, I'd probably be a good idea to ask about this on the postgresql list. There is no SSL-specific code in the PostGreSQL backend.
The experimental pdb modules (pdb_mysql, pdb_pgsql and pdb_xml) have been a bit neglected during the last few releases of Samba 3 as they haven't been actively maintained. I was the original author and maintainer, but I no longer work on Samba 3 and I no longer use any of the modules in production. I was hoping I could nonetheless keep the code working for those that still use it, but this turned out to be harder then I expected. I'll remove these modules unless somebody steps up as a maintainer. If there's anyone willing to take over maintainance of either one of these modules, please let me know. Otherwise, I'll put the modules up on my samba.org homepage as a separate tarball for those interested (including some of the patches that have been published).
Changing the way to handle connections fixed it.