Created attachment 7056 [details] smb.conf I tried upgrading our EL5 samba PDC from 3.5.10 to 3.6.1 but smbd crashes with the following panic: [2011/11/02 15:49:32.811693, 1] param/loadparm.c:7992(lp_do_parameter) WARNING: The "idmap uid" option is deprecated [2011/11/02 15:49:32.811940, 1] param/loadparm.c:7992(lp_do_parameter) WARNING: The "idmap gid" option is deprecated [2011/11/02 15:49:34.183393, 0] lib/fault.c:47(fault_report) =============================================================== [2011/11/02 15:49:34.184173, 0] lib/fault.c:48(fault_report) INTERNAL ERROR: Signal 11 in pid 6788 (3.6.1) Please read the Trouble-Shooting section of the Samba3-HOWTO [2011/11/02 15:49:34.184625, 0] lib/fault.c:50(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2011/11/02 15:49:34.185078, 0] lib/fault.c:51(fault_report) =============================================================== [2011/11/02 15:49:34.185388, 0] lib/util.c:1117(smb_panic) PANIC (pid 6788): internal error [2011/11/02 15:49:34.190731, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 13 stack frames: #0 smbd(log_stack_trace+0x2d) [0x84531d] #1 smbd(smb_panic+0x31) [0x845421] #2 smbd [0x834076] #3 [0x12d420] #4 smbd(dom_sid_compare+0x4b) [0x877c0b] #5 smbd(add_sid_to_array_unique+0x46) [0x879c86] #6 smbd(create_token_from_username+0x51b) [0x8a73cb] #7 smbd(create_local_token+0x89) [0x8a4d19] #8 smbd(make_serverinfo_from_username+0x9b) [0x8a52cb] #9 smbd(init_system_info+0x8f) [0x8a53cf] #10 smbd(main+0x82b) [0xb06c4b] #11 /lib/libc.so.6(__libc_start_main+0xdc) [0xe9be9c] #12 smbd [0x4bb8c1] [2011/11/02 15:49:34.192642, 0] lib/fault.c:372(dump_core) dumping core in /var/log/samba/cores/smbd gdb session: (gdb) bt #0 0x0012d402 in __kernel_vsyscall () #1 0x00eaedf0 in raise () from /lib/libc.so.6 #2 0x00eb0701 in abort () from /lib/libc.so.6 #3 0x00833a0c in dump_core () at lib/fault.c:391 #4 0x00845437 in smb_panic (why=0xc5d38e "internal error") at lib/util.c:1133 #5 0x00834076 in fault_report (sig=11) at lib/fault.c:53 #6 sig_fault (sig=11) at lib/fault.c:76 #7 <signal handler called> #8 0x00877c0b in dom_sid_compare (sid1=0xbfdee670, sid2=0x8440010) at ../libcli/security/dom_sid.c:69 #9 0x00879c86 in add_sid_to_array_unique (mem_ctx=0x8418a98, sid=0xbfdee670, sids=0xbfdee664, num_sids=0xbfdee660) at ../libcli/security/util_sid.c:318 #10 0x008a73cb in create_token_from_username (mem_ctx=0x84193b0, username=0x8418c98 "root", is_guest=false, uid=0x84193b4, gid=0x84193b8, found_username=0x8419468, token=0x84193c4) at auth/token_util.c:776 #11 0x008a4d19 in create_local_token (server_info=0x84193b0) at auth/auth_util.c:460 #12 0x008a52cb in make_serverinfo_from_username (mem_ctx=0x0, username=0x8417b88 "root", is_guest=false, presult=0xda8634) at auth/auth_util.c:834 #13 0x008a53cf in make_new_session_info_system () at auth/auth_util.c:782 #14 init_system_info () at auth/auth_util.c:945 #15 0x00b06c4b in main (argc=Cannot access memory at address 0x0 ) at smbd/server.c:1220 (gdb) up 8 #8 0x00877c0b in dom_sid_compare (sid1=0xbfdee670, sid2=0x8440010) at ../libcli/security/dom_sid.c:69 69 if (sid1->num_auths != sid2->num_auths) (gdb) list 64 return -1; 65 if (!sid2) 66 return 1; 67 68 /* Compare most likely different rids, first: i.e start at end */ 69 if (sid1->num_auths != sid2->num_auths) 70 return sid1->num_auths - sid2->num_auths; 71 72 for (i = sid1->num_auths-1; i >= 0; --i) 73 if (sid1->sub_auths[i] != sid2->sub_auths[i]) (gdb) print sid1 $1 = (const struct dom_sid *) 0xbfdee670 (gdb) print sid2 $2 = (const struct dom_sid *) 0x8440010 (gdb) print *sid1 $3 = {sid_rev_num = 1 '\001', num_auths = 2 '\002', id_auth = "\000\000\000\000\000\026", sub_auths = {2, 0 <repeats 14 times>}} (gdb) print *sid2 Cannot access memory at address 0x8440010 (gdb) up #9 0x00879c86 in add_sid_to_array_unique (mem_ctx=0x8418a98, sid=0xbfdee670, sids=0xbfdee664, num_sids=0xbfdee660) at ../libcli/security/util_sid.c:318 318 if (dom_sid_compare(sid, &(*sids)[i]) == 0) (gdb) print i $4 = 2236 (gdb) list 313 struct dom_sid **sids, uint32_t *num_sids) 314 { 315 uint32_t i; 316 317 for (i=0; i<(*num_sids); i++) { 318 if (dom_sid_compare(sid, &(*sids)[i]) == 0) 319 return NT_STATUS_OK; 320 } 321 322 return add_sid_to_array(mem_ctx, sid, sids, num_sids); (gdb) print *num_sids $7 = 138514344 (gdb) up #10 0x008a73cb in create_token_from_username (mem_ctx=0x84193b0, username=0x8418c98 "root", is_guest=false, uid=0x84193b4, gid=0x84193b8, found_username=0x8419468, token=0x84193c4) at auth/token_util.c:776 776 result = add_sid_to_array_unique(tmp_ctx, &unix_group_sid, (gdb) list 771 if ( lp_idmap_gid(&low, &high) && (gids[i] >= low) && (gids[i] <= high) ) 772 continue; 773 774 gid_to_unix_groups_sid(gids[i], &unix_group_sid); 775 776 result = add_sid_to_array_unique(tmp_ctx, &unix_group_sid, 777 &group_sids, &num_group_sids); 778 if (!NT_STATUS_IS_OK(result)) { 779 goto done; 780 } (gdb) print num_group_sids $8 = 138514344 (gdb) print unix_group_sid $11 = {sid_rev_num = 1 '\001', num_auths = 2 '\002', id_auth = "\000\000\000\000\000\026", sub_auths = {2, 0 <repeats 14 times>}} That seems like a few too many group_sids. Hmm, I think I'll try commenting out the idmap entries.
Commenting out the idmap lines did not help.
(gdb) print high $18 = 138514344 (gdb) print low $19 = 16630080
Still present in 3.6.2
Created attachment 7299 [details] core dump I think I have the same problem. I have attached a core dump. I had to go back to Samba 3.5 to have a working environment.
Can someone on the CC list send a full debug level 10 log leading to this happening? Please set "max log size = 0" to get us the full logs. Thanks.
Created attachment 7310 [details] samba logs Here are the samba logs from startup to crash
Created attachment 7331 [details] Patch for 3.6 Can you try the attached patch please? The underlying problem is that you have ldapsam:trusted=yes but no group mapping for root in your database. This patch makes smbd hopefully abort more gracefully and not crash.
(In reply to comment #7) > The underlying problem is that you have > ldapsam:trusted=yes but no group mapping for root in your database. If this is the problem I do not understand your sentence. I have a root account in LDAP. UID=0. GID=0. It is also a member of the "Domain Admins" group. What else am I missing?
(In reply to comment #8) > (In reply to comment #7) > > The underlying problem is that you have > > ldapsam:trusted=yes but no group mapping for root in your database. > > If this is the problem I do not understand your sentence. I have a root account > in LDAP. UID=0. GID=0. It is also a member of the "Domain Admins" group. What > else am I missing? You need a sambaGroupMapping entry attached to the posixGroup with gidNumber 0.
(In reply to comment #9) > You need a sambaGroupMapping entry attached to the posixGroup with gidNumber 0. Thank you. Adding the entry did stop the crash and Samba 3.6 seems to be working properly. I have studied the Samba man pages and did not find this requirement documented. Should it?
Well, it's a requirement of ldapsam:trusted=yes, which I think is more properly documented somewhere on the wiki. Regarding the patch: Can you verify that without that sambaGroupMapping entry smbd does not segfault anymore, but more gracefully shuts down? Thanks
Hmm, I'm not finding a lot in the docs/wiki that directly address this issue. I think it may have come up for me because I've moved away from using "root" as the domain admin login in favor of a "winadmin" user. With the patch I get the following on startup (with log level 1): [2012/02/20 10:05:42.504228, 1] auth/server_info.c:452(samu_to_SamInfo3) Failed to get groups from sam account. [2012/02/20 10:05:42.504608, 1] smbd/server.c:1229(main) ERROR: failed to setup system user info: NT_STATUS_INTERNAL_DB_CORRUPTION. Not sure how much more useful that is. I ended up adding the following to ldap: dn: cn=root,ou=Groups,dc=nwra,dc=com sambaSID: S-1-5-21-2426356435-4251213716-997332971-1001 sambaGroupType: 2 gidNumber: 0 objectClass: top objectClass: groupOfUniqueNames objectClass: posixGroup objectClass: sambaGroupMapping cn: root which allowed it to start up.
and can you please also verify, that the patch that Volker created for you stops your crashes?
sorry, overread that first part in your previous comment... :-)
Comment on attachment 7331 [details] Patch for 3.6 looks good
Karo, can you get this to 3.6, please ?
Pushed to v3-6-test. Closing out bug report. Thanks!