Haven't quite figured out what causes this, but it happens alot.. Here is the output from log.wb-ORCORP: [2008/09/09 11:44:54, 3] winbindd/winbindd_rpc.c:msrpc_name_to_sid(299) name_to_sid [rpc] ORCORP\mvoth for domain ORCORP [2008/09/09 11:44:54, 3] winbindd/winbindd_user.c:winbindd_dual_userinfo(139) [ 6057]: lookupsid S-1-5-21-3359403674-27046192-2187186990-1163 [2008/09/09 11:44:54, 3] winbindd/winbindd_ads.c:query_user(426) ads: query_user [2008/09/09 11:44:54, 2] lib/module.c:do_smb_load_module(64) Module '/usr/lib/samba/nss_info/rfc2307.so' loaded [2008/09/09 11:44:54, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "10.0.0.6, ads0.ads.orcorp.ca" [2008/09/09 11:44:54, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.0.0.6 [2008/09/09 11:44:54, 3] libsmb/namequery.c:get_dc_list(1909) get_dc_list: preferred server list: "10.0.0.6, ads0.ads.orcorp.ca" [2008/09/09 11:44:54, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 10.0.0.6 [2008/09/09 11:44:54, 3] libads/ldap.c:ads_connect(480) Connected to LDAP server ads0.ads.orcorp.ca [2008/09/09 11:44:54, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/09/09 11:44:54, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/09/09 11:44:54, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/09/09 11:44:54, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/09/09 11:44:54, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name = ads0$@ADS.ORCORP.CA [2008/09/09 11:44:54, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:winbind_ccache] expiration Tue, 09 Sep 2008 21:44:58 PDT [2008/09/09 11:44:54, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2008/09/09 11:44:54, 0] lib/fault.c:fault_report(40) =============================================================== [2008/09/09 11:44:54, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 7716 (3.2.3) Please read the Trouble-Shooting section of the Samba3-HOWTO [2008/09/09 11:44:54, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2008/09/09 11:44:54, 0] lib/fault.c:fault_report(44) =============================================================== [2008/09/09 11:44:54, 0] lib/util.c:smb_panic(1663) PANIC (pid 7716): internal error [2008/09/09 11:44:54, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 18 stack frames: #0 /usr/sbin/winbindd(log_stack_trace+0x2d) [0x800f483e] #1 /usr/sbin/winbindd(smb_panic+0x84) [0x800f4980] #2 /usr/sbin/winbindd [0x800e1faa] #3 [0xffffe420] #4 /usr/lib/samba/nss_info/rfc2307.so [0xb77958f9] #5 /usr/sbin/winbindd(nss_get_info+0x193) [0x80257f70] #6 /usr/sbin/winbindd(nss_get_info_cached+0x210) [0x8005f0ec] #7 /usr/sbin/winbindd [0x8007ae3a] #8 /usr/sbin/winbindd [0x80060eba] #9 /usr/sbin/winbindd(winbindd_dual_userinfo+0x183) [0x80050858] #10 /usr/sbin/winbindd [0x8007fafe] #11 /usr/sbin/winbindd(async_request+0x1b9) [0x800810e1] #12 /usr/sbin/winbindd(async_domain_request+0x57) [0x80081292] #13 /usr/sbin/winbindd [0x800583db] #14 /usr/sbin/winbindd(rescan_trusted_domains+0x49) [0x800587d3] #15 /usr/sbin/winbindd(main+0xe4f) [0x8004db6c] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0) [0xb7c1a050] #17 /usr/sbin/winbindd [0x8004b451] [2008/09/09 11:44:54, 0] lib/util.c:smb_panic(1668) smb_panic(): calling panic action [/usr/share/samba/panic-action 7716] [2008/09/09 11:44:54, 0] lib/util.c:smb_panic(1676) smb_panic(): action returned status 0 [2008/09/09 11:44:54, 0] lib/fault.c:dump_core(201) dumping core in /var/log/samba/cores/winbindd gdb says: (gdb) bt #0 0xffffe410 in __kernel_vsyscall () #1 0xb7c31875 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7c33201 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x800e1ac7 in dump_core () from /opt/samba/samba-3.2.3/source/bin/winbindd #4 0x800f4abf in smb_panic () from /opt/samba/samba-3.2.3/source/bin/winbindd #5 0x800e1faa in sig_fault () from /opt/samba/samba-3.2.3/source/bin/winbindd #6 <signal handler called> #7 0x80231604 in ads_pull_string () from /opt/samba/samba-3.2.3/source/bin/winbindd #8 0xb76538f9 in nss_ad_get_info () from /usr/lib/samba/nss_info/rfc2307.so #9 0x80257f70 in nss_get_info () from /opt/samba/samba-3.2.3/source/bin/winbindd #10 0x8005f0ec in nss_get_info_cached () from /opt/samba/samba-3.2.3/source/bin/winbindd #11 0x8007ae3a in query_user () from /opt/samba/samba-3.2.3/source/bin/winbindd #12 0x80060eba in query_user () from /opt/samba/samba-3.2.3/source/bin/winbindd #13 0x80050858 in winbindd_dual_userinfo () from /opt/samba/samba-3.2.3/source/bin/winbindd #14 0x8007fafe in schedule_async_request () from /opt/samba/samba-3.2.3/source/bin/winbindd #15 0x800810e1 in async_request () from /opt/samba/samba-3.2.3/source/bin/winbindd #16 0x80058165 in init_child_connection () from /opt/samba/samba-3.2.3/source/bin/winbindd #17 0x80081374 in async_domain_request () from /opt/samba/samba-3.2.3/source/bin/winbindd #18 0x800583db in add_trusted_domains () from /opt/samba/samba-3.2.3/source/bin/winbindd #19 0x800587d3 in rescan_trusted_domains () from /opt/samba/samba-3.2.3/source/bin/winbindd #20 0x8004db6c in main () from /opt/samba/samba-3.2.3/source/bin/winbindd Fussing to get symbols.. And gdb says this: (gdb) frame 8 #8 0xb76538f9 in nss_ad_get_info (e=0x803a1138, sid=0xbfdfdd68, ctx=0x80342d08, ads=0x0, msg=0x0, homedir=0xbfdfdcd4, shell=0xbfdfdcd8, gecos=0xbfdfdcd0, gid=0xbfdfdcdc) at winbindd/idmap_ad.c:768 768 *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); (gdb) p homedir $1 = (char **) 0xbfdfdcd4 (gdb) p *homedir $2 = 0x0 (gdb) p ads $3 = (ADS_STRUCT *) 0x0 (gdb) p ctx $4 = (TALLOC_CTX *) 0x80342d08 (gdb) p msg $5 = (LDAPMessage *) 0x0 (gdb) p ad_schema->posix_homedir_attr $6 = 0x803a6440 "unixHomeDirectory" Looks like ads being 0 is the fatal thing here since ads_pull_string immediately does ads->ldap.id This seems to happen sometimes with a 'wbinfo -i mvoth' command, but also things like gdm causes it. smb.conf has: [global] workgroup = ORCORP realm = ADS.ORCORP.CA os level = 0 log level = 3 security = ads password server = ads0.ads.orcorp.ca use kerberos keytab = true idmap domains = ORCORP idmap config ORCORP:backend = ad idmap config ORCORP:readonly = yes idmap config ORCORP:default = yes idmap config ORCORP:range = 1000-11000 idmap config ORCORP:schema_mode = rfc2307 idmap alloc backend = tdb idmap alloc config:range = 300000000 - 310000000 winbind nss info = rfc2307 winbind use default domain = yes winbind offline logon = yes winbind refresh tickets = yes winbind normalize names = yes encrypt passwords = true dns proxy = no log file = /var/log/samba/log.%m panic action = /usr/share/samba/panic-action %d obey pam restrictions = yes guest account = nobody invalid users = root unix charset = "UTF8" name resolve order = lmhosts host wins bcast Machine is ubuntu gutsy, built from source using the ibex packaging of 3.2.2
Created attachment 3548 [details] use the new created ad connection Can you try this patch, please ?
Does the patch fix your issue?
Karolin, I have been unable to try the patch yet, the laptop that had this problem has left the building.. I'll let you know when I'm able to try it again.
Have you thrown it out of the window?? :-) That patch is not not needed any more, Jerry Carter has checked in a similar fix into the 3-2/3-3-test branch, so it will be part of the next releases.
Just shipped across the country to the intended user.. I had hoped to use winbind to have an offline caching 'roaming' NSS setup for it, but I was not able to get it to work reliably. I'll try again on a later release. I'm quite excited about this entire winbind configuration using idmap backend = ad/etc, it seems to be by far the best solution I've seen for NSS/PAM against AD..
Glad to hear that :) Please re-open, if this is still a bug for you then. Thanks for the report.