Bug 6827 - 2009/10/15 22:57:44, 0] winbindd/winbindd.c:rw_callback(471) PANIC: assert failed at winbindd/winbindd.c(471): flags == EVENT_FD_READ
Summary: 2009/10/15 22:57:44, 0] winbindd/winbindd.c:rw_callback(471) PANIC: assert...
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.4
Hardware: x86 Linux
: P3 critical
Target Milestone: ---
Assignee: Michael Adam
QA Contact: Samba QA Contact
URL:
Keywords:
: 6830 6834 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-10-19 11:15 UTC by Prasanth Marrar
Modified: 2022-10-03 00:11 UTC (History)
1 user (show)

See Also:

Attachments
winbind logs (16.09 KB, application/octet-stream)
2009-10-20 03:28 UTC, Prasanth Marrar 		no flags Details
domain logs when samba is adding to the domain (13.93 KB, application/octet-stream)
2009-10-21 01:01 UTC, Prasanth Marrar 		prasanth.marrar: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Prasanth Marrar 2009-10-19 11:15:21 UTC 
Hi 

Hi Jerry,

              My name is Prasanth and I am working on project which is managed proxy service. We are using squid and squid Guard with samba and winbind 
              Winbind we are using for authentication purpose 


               Samba we download the source and compiled with --winbind option and we successfully added the server into the our domain controller (windows 2003) 
                But it will work for few minutes and after that it is falling 
                 If I try wbinfo –t and –p option it will work but when I start squid with winbind it is failing authentication

                I have attached the error logs with this email 

               Package details 

               Samba 3.2.4 
             krb5-libs-1.5-17
krb5-workstation-1.5-17
krb5-devel-1.5-17
pam_krb5-2.2.11-1
krb5-auth-dialog-0.7-1
krb5-server-1.5-17

openldap-2.3.27-5
nss_ldap-253-3
php-ldap-5.1.6-5.el5
openldap-clients-2.3.27-5
python-ldap-2.2.0-2.1
openldap-devel-2.3.27-5       

            squid-2.7.STABLE6-1.el5

    winbind log
-----------------------
[2009/10/16 18:49:44,  0] param/loadparm.c:lp_do_parameter(7204)
  Ignoring unknown parameter "idmap domains"
[2009/10/16 18:49:44,  0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2577)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2009/10/19 17:51:55,  0] winbindd/winbindd.c:main(1127)
  winbindd version 3.2.4 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/10/19 17:51:56,  0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2009/10/19 17:51:56,  0] winbindd/winbindd_util.c:init_domain_list(719)
  Could not fetch our SID - did we join?
[2009/10/19 17:51:56,  0] winbindd/winbindd.c:main(1269)
  unable to initialize domain list
[2009/10/19 18:27:15,  0] winbindd/winbindd.c:main(1127)
  winbindd version 3.2.4 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2008
[2009/10/19 18:27:15,  0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374)
  initialize_winbindd_cache: clearing cache and re-creating with version number 1
[2009/10/19 18:27:15,  0] winbindd/winbindd_util.c:init_domain_list(719)
  Could not fetch our SID - did we join?
[2009/10/19 18:27:15,  0] winbindd/winbindd.c:main(1269)
  unable to initialize domain list

Nmbd.log
------------
[2009/10/19 18:27:16,  0] nmbd/nmbd_namelistdb.c:standard_fail_register(307)
  standard_fail_register: Failed to register/refresh name IN-PROXY01<03> on subnet UNICAST_SUBNET
[2009/10/19 18:27:16,  0] nmbd/nmbd_nameregister.c:register_name_response(129)
  register_name_response: WINS server at IP 158.234.26.237 rejected our name registration of IN-PROXY01<00> IP 158.234.200.94 with error code 6.
[2009/10/19 18:27:16,  0] nmbd/nmbd_mynames.c:my_name_register_failed(35)
  my_name_register_failed: Failed to register my name IN-PROXY01<00> on subnet UNICAST_SUBNET.
[2009/10/19 18:27:16,  0] nmbd/nmbd_namelistdb.c:standard_fail_register(307)
  standard_fail_register: Failed to register/refresh name IN-PROXY01<00> on subnet UNICAST_SUBNET
[2009/10/19 19:43:04,  0] nmbd/nmbd.c:terminate(68)
  Got SIGTERM: going down...

winbindidmap.log
----------------
2009/10/15 22:58:09,  0] winbindd/winbindd_dual.c:async_request_timeout_handler(182)
  async_request_timeout_handler: child pid 5844 is not responding. Closing connection to it.
[2009/10/15 22:58:09,  1] winbindd/winbindd_util.c:trustdom_recv(260)
  Could not receive trustdoms

domain log 

[2009/10/13 23:45:28,  0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 4054 (3.2.4)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/10/13 23:45:28,  0] lib/fault.c:fault_report(43)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/10/13 23:45:28,  0] lib/fault.c:fault_report(44)
  ===============================================================
[2009/10/13 23:45:28,  0] lib/util.c:smb_panic(1663)
  PANIC (pid 4054): internal error
[2009/10/13 23:45:28,  0] lib/util.c:log_stack_trace(1767)
  BACKTRACE: 18 stack frames:
   #0 /usr/local/samba/sbin/winbindd(log_stack_trace+0x2d) [0x2bb34f]
   #1 /usr/local/samba/sbin/winbindd(smb_panic+0x84) [0x2bb491]
   #2 /usr/local/samba/sbin/winbindd [0x2a5a1a]
   #3 [0x110420]
[root@in-proxy01 var]# tail -f log.wb-GROUPINFRA
   #10 winbindd(winbind_child_died+0x142) [0x65ae42]
   #11 winbindd [0x65b86c]
   #12 winbindd [0x65bc1d]
   #13 winbindd [0x65bdfe]
   #14 winbindd(run_events+0x11d) [0x6f46f2]
   #15 winbindd(main+0xe3a) [0x626d17]
   #16 /lib/libc.so.6(__libc_start_main+0xdc) [0x2ecdec]
   #17 winbindd [0x624601]
[2009/10/15 23:52:29,  0] lib/fault.c:dump_core(201)
  dumping core in /usr/local/samba/var/cores/winbindd

could you please provide the solution we are struck with this issue 


          
                

Thanks & Regards
     PRASANTH MARRAR
    UNIX  IT Consultant
Comment 1 Jeremy Allison 2009-10-19 18:56:30 UTC 
Firstly, ensure your build has Samba debug symbols loaded. Then add the line:

panic action = "/bin/sleep 99999"

to the [global] section of your smb.conf and repeat the crash. You'll find a sleep process with a winbindd parent. Attach to the winbindd processid using gdb and type "bt" to get a backtrace. Then post that output to this bug report please.

Thanks,

Jeremy.
Comment 2 Prasanth Marrar 2009-10-20 03:28:08 UTC 
Created attachment 4867 [details]
winbind logs

please see the logs with attachment and core files debug report below

(gdb) core core.6271
(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `winbindd'.
Program terminated with signal 6, Aborted.
#0  0x00110410 in __kernel_vsyscall ()
(gdb) bt
#0  0x00110410 in __kernel_vsyscall ()
#1  0x002ffc00 in ?? ()
#2  0x0040fff4 in ?? ()
#3  0xb7f288d0 in ?? ()
#4  0xbfa5c4d8 in ?? ()
#5  0x00301451 in ?? ()
#6  0x00000006 in ?? ()
#7  0xbfa5c44c in ?? ()
#8  0x00000000 in ?? ()
Comment 3 Andrew Bartlett 2009-10-21 00:59:22 UTC 
*** Bug 6830 has been marked as a duplicate of this bug. ***
Comment 4 Andrew Bartlett 2009-10-21 01:00:03 UTC 
*** Bug 6834 has been marked as a duplicate of this bug. ***
Comment 5 Prasanth Marrar 2009-10-21 01:01:07 UTC 
Created attachment 4875 [details]
domain logs when samba is adding to the domain
Comment 6 Daniel Carrasco 2015-05-12 15:01:58 UTC 
Hi, I had the same problem with Winbind and samba 4.1.17 trying to authenticate ssh, cups... and was fixed changing the permissions of krb5.keytab to 644. I don't know why but Winbind cannot read that file even when the daemon is running as root.

Maybe is not secure to allow all users to read the keytab file, but was the only way to make it work...

Greetings!!
Comment 7 Daniel Carrasco 2015-05-13 11:40:53 UTC 
(In reply to Daniel Carrasco from comment #6)

Finally my problem is that winbind is trying to read the kerberos file with the user default group "Domain Users" instead a local group or root.
if you change the permissions to 640 and add the read permission to that domain group then it works. For example

chmod 640 /etc/krb5.keytab
setfacl -m g:domain_users:r /etc/krb5.keytab

or maybe better to keep less people with read permissions.

chmod 640 /etc/krb5.keytab
setfacl -m g:domain_admins:r /etc/krb5.keytab

Greetings!!
Comment 8 Björn Jacke 2022-10-03 00:11:49 UTC 
seems to be fixed. If you see a somilar issue with current Samba versions, please file a new bug for that.