9362 – winbindd permission errors on opensuse 12.2

Bug 9362 - winbindd permission errors on opensuse 12.2

Summary: winbindd permission errors on opensuse 12.2

Status:	RESOLVED INVALID

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	3.6.9
Hardware:	x86 Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	Lars Müller
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-11-06 14:46 UTC by Craig Hapanovich
Modified:	2019-07-12 17:43 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
samba config file (1.65 KB, application/octet-stream) 2012-11-06 14:46 UTC, Craig Hapanovich	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Craig Hapanovich 2012-11-06 14:46:02 UTC

Created attachment 8160 [details]
samba config file

Samba was running fine on opensuse 12.1. After upgrading to opensuse 12.2 we starting getting numerous errors in /var/log/messages:

nbindd_cm.c:810(cm_prepare_connection)
Nov  5 12:26:01 bb winbindd[21210]:   cm_prepare_connection: mutex grab failed f
or Metro.ad.milwaukee.gov
Nov  5 12:26:01 bb winbindd[21210]: [2012/11/05 12:26:01.670655,  0] libads/kerb
eros.c:909(create_local_private_krb5_conf_for_domain)
Nov  5 12:26:01 bb winbindd[21210]:   create_local_private_krb5_conf_for_domain:
 smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.xikETp. Errno Permissi
on denied
Nov  5 12:26:01 bb winbindd[21210]: [2012/11/05 12:26:01.675825,  0] libads/kerb
eros.c:909(create_local_private_krb5_conf_for_domain)
Nov  5 12:26:01 bb winbindd[21210]:   create_local_private_krb5_conf_for_domain:
 smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.bpZ73c. Errno Permissi
on denied

wbinfo also returned errors:

checking the trust secret for domain AD via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

I tried running winbindd with debugging and noticed more permission errors:

 Unable to open new log file '/var/log/samba/log.winbindd-dc-connect': Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.N6zjtV. Errno Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.ESwQTT. Errno Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.1FJaUz. Errno Permission denied
  tdb(/var/lib/samba/mutex.tdb): tdb_open_ex: could not open file /var/lib/samba/mutex.tdb: Permission denied
  Could not open mutex.tdb: Permission denied

The samba version was 3.6.7. I installed 3.6.9 but got the same errors. However, the linux system is still joined to the active directory domain and I can still log into the system with an active directory userid and password.

bb:/ # net ads testjoin
Join is OK

I am attaching the smb.conf file.

Comment 1 Ismael 2012-11-14 10:17:17 UTC

Hi Craig Hapanovich 

This is not bug

In Yast > Security and Users > AppArmor Configuration > Settings > Launch > Configure

usr.sbin.nmbd > Toggle Mode
usr.sbin.smbd > Toggle Mode

Done

Comment 2 Rowland Penny 2019-07-12 17:43:59 UTC

This is not a Samba bug
wrong OS configuration
EOL version of Samba