Hi Hi Jerry, My name is Prasanth and I am working on project which is managed proxy service. We are using squid and squid Guard with samba and winbind Winbind we are using for authentication purpose Samba we download the source and compiled with --winbind option and we successfully added the server into the our domain controller (windows 2003) But it will work for few minutes and after that it is falling If I try wbinfo –t and –p option it will work but when I start squid with winbind it is failing authentication I have attached the error logs with this email Package details Samba 3.2.4 krb5-libs-1.5-17 krb5-workstation-1.5-17 krb5-devel-1.5-17 pam_krb5-2.2.11-1 krb5-auth-dialog-0.7-1 krb5-server-1.5-17 openldap-2.3.27-5 nss_ldap-253-3 php-ldap-5.1.6-5.el5 openldap-clients-2.3.27-5 python-ldap-2.2.0-2.1 openldap-devel-2.3.27-5 squid-2.7.STABLE6-1.el5 winbind log ----------------------- [2009/10/16 18:49:44, 0] param/loadparm.c:lp_do_parameter(7204) Ignoring unknown parameter "idmap domains" [2009/10/16 18:49:44, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2577) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/10/19 17:51:55, 0] winbindd/winbindd.c:main(1127) winbindd version 3.2.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2009/10/19 17:51:56, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/10/19 17:51:56, 0] winbindd/winbindd_util.c:init_domain_list(719) Could not fetch our SID - did we join? [2009/10/19 17:51:56, 0] winbindd/winbindd.c:main(1269) unable to initialize domain list [2009/10/19 18:27:15, 0] winbindd/winbindd.c:main(1127) winbindd version 3.2.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2009/10/19 18:27:15, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/10/19 18:27:15, 0] winbindd/winbindd_util.c:init_domain_list(719) Could not fetch our SID - did we join? [2009/10/19 18:27:15, 0] winbindd/winbindd.c:main(1269) unable to initialize domain list Nmbd.log ------------ [2009/10/19 18:27:16, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(307) standard_fail_register: Failed to register/refresh name IN-PROXY01<03> on subnet UNICAST_SUBNET [2009/10/19 18:27:16, 0] nmbd/nmbd_nameregister.c:register_name_response(129) register_name_response: WINS server at IP 158.234.26.237 rejected our name registration of IN-PROXY01<00> IP 158.234.200.94 with error code 6. [2009/10/19 18:27:16, 0] nmbd/nmbd_mynames.c:my_name_register_failed(35) my_name_register_failed: Failed to register my name IN-PROXY01<00> on subnet UNICAST_SUBNET. [2009/10/19 18:27:16, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(307) standard_fail_register: Failed to register/refresh name IN-PROXY01<00> on subnet UNICAST_SUBNET [2009/10/19 19:43:04, 0] nmbd/nmbd.c:terminate(68) Got SIGTERM: going down... winbindidmap.log ---------------- 2009/10/15 22:58:09, 0] winbindd/winbindd_dual.c:async_request_timeout_handler(182) async_request_timeout_handler: child pid 5844 is not responding. Closing connection to it. [2009/10/15 22:58:09, 1] winbindd/winbindd_util.c:trustdom_recv(260) Could not receive trustdoms domain log [2009/10/13 23:45:28, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 4054 (3.2.4) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/10/13 23:45:28, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/10/13 23:45:28, 0] lib/fault.c:fault_report(44) =============================================================== [2009/10/13 23:45:28, 0] lib/util.c:smb_panic(1663) PANIC (pid 4054): internal error [2009/10/13 23:45:28, 0] lib/util.c:log_stack_trace(1767) BACKTRACE: 18 stack frames: #0 /usr/local/samba/sbin/winbindd(log_stack_trace+0x2d) [0x2bb34f] #1 /usr/local/samba/sbin/winbindd(smb_panic+0x84) [0x2bb491] #2 /usr/local/samba/sbin/winbindd [0x2a5a1a] #3 [0x110420] [root@in-proxy01 var]# tail -f log.wb-GROUPINFRA #10 winbindd(winbind_child_died+0x142) [0x65ae42] #11 winbindd [0x65b86c] #12 winbindd [0x65bc1d] #13 winbindd [0x65bdfe] #14 winbindd(run_events+0x11d) [0x6f46f2] #15 winbindd(main+0xe3a) [0x626d17] #16 /lib/libc.so.6(__libc_start_main+0xdc) [0x2ecdec] #17 winbindd [0x624601] [2009/10/15 23:52:29, 0] lib/fault.c:dump_core(201) dumping core in /usr/local/samba/var/cores/winbindd could you please provide the solution we are struck with this issue Thanks & Regards PRASANTH MARRAR UNIX IT Consultant
Firstly, ensure your build has Samba debug symbols loaded. Then add the line: panic action = "/bin/sleep 99999" to the [global] section of your smb.conf and repeat the crash. You'll find a sleep process with a winbindd parent. Attach to the winbindd processid using gdb and type "bt" to get a backtrace. Then post that output to this bug report please. Thanks, Jeremy.
Created attachment 4867 [details] winbind logs please see the logs with attachment and core files debug report below (gdb) core core.6271 (no debugging symbols found) Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `winbindd'. Program terminated with signal 6, Aborted. #0 0x00110410 in __kernel_vsyscall () (gdb) bt #0 0x00110410 in __kernel_vsyscall () #1 0x002ffc00 in ?? () #2 0x0040fff4 in ?? () #3 0xb7f288d0 in ?? () #4 0xbfa5c4d8 in ?? () #5 0x00301451 in ?? () #6 0x00000006 in ?? () #7 0xbfa5c44c in ?? () #8 0x00000000 in ?? ()
*** Bug 6830 has been marked as a duplicate of this bug. ***
*** Bug 6834 has been marked as a duplicate of this bug. ***
Created attachment 4875 [details] domain logs when samba is adding to the domain
Hi, I had the same problem with Winbind and samba 4.1.17 trying to authenticate ssh, cups... and was fixed changing the permissions of krb5.keytab to 644. I don't know why but Winbind cannot read that file even when the daemon is running as root. Maybe is not secure to allow all users to read the keytab file, but was the only way to make it work... Greetings!!
(In reply to Daniel Carrasco from comment #6) Finally my problem is that winbind is trying to read the kerberos file with the user default group "Domain Users" instead a local group or root. if you change the permissions to 640 and add the read permission to that domain group then it works. For example chmod 640 /etc/krb5.keytab setfacl -m g:domain_users:r /etc/krb5.keytab or maybe better to keep less people with read permissions. chmod 640 /etc/krb5.keytab setfacl -m g:domain_admins:r /etc/krb5.keytab Greetings!!
seems to be fixed. If you see a somilar issue with current Samba versions, please file a new bug for that.