Bug 9362 - winbindd permission errors on opensuse 12.2
winbindd permission errors on opensuse 12.2
Status: NEW
Product: Samba 3.6
Classification: Unclassified
Component: Winbind
3.6.9
x86 Linux
: P5 normal
: ---
Assigned To: Lars Müller
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-11-06 14:46 UTC by Craig Hapanovich
Modified: 2012-11-14 10:31 UTC (History)
1 user (show)

See Also:


Attachments
samba config file (1.65 KB, application/octet-stream)
2012-11-06 14:46 UTC, Craig Hapanovich
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Craig Hapanovich 2012-11-06 14:46:02 UTC
Created attachment 8160 [details]
samba config file

Samba was running fine on opensuse 12.1. After upgrading to opensuse 12.2 we starting getting numerous errors in /var/log/messages:

nbindd_cm.c:810(cm_prepare_connection)
Nov  5 12:26:01 bb winbindd[21210]:   cm_prepare_connection: mutex grab failed f
or Metro.ad.milwaukee.gov
Nov  5 12:26:01 bb winbindd[21210]: [2012/11/05 12:26:01.670655,  0] libads/kerb
eros.c:909(create_local_private_krb5_conf_for_domain)
Nov  5 12:26:01 bb winbindd[21210]:   create_local_private_krb5_conf_for_domain:
 smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.xikETp. Errno Permissi
on denied
Nov  5 12:26:01 bb winbindd[21210]: [2012/11/05 12:26:01.675825,  0] libads/kerb
eros.c:909(create_local_private_krb5_conf_for_domain)
Nov  5 12:26:01 bb winbindd[21210]:   create_local_private_krb5_conf_for_domain:
 smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.bpZ73c. Errno Permissi
on denied

wbinfo also returned errors:

checking the trust secret for domain AD via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

I tried running winbindd with debugging and noticed more permission errors:

 Unable to open new log file '/var/log/samba/log.winbindd-dc-connect': Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.N6zjtV. Errno Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.ESwQTT. Errno Permission denied
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.1FJaUz. Errno Permission denied
  tdb(/var/lib/samba/mutex.tdb): tdb_open_ex: could not open file /var/lib/samba/mutex.tdb: Permission denied
  Could not open mutex.tdb: Permission denied

The samba version was 3.6.7. I installed 3.6.9 but got the same errors. However, the linux system is still joined to the active directory domain and I can still log into the system with an active directory userid and password.

bb:/ # net ads testjoin
Join is OK

I am attaching the smb.conf file.
Comment 1 Ismael 2012-11-14 10:17:17 UTC
Hi Craig Hapanovich 

This is not bug

In Yast > Security and Users > AppArmor Configuration > Settings > Launch > Configure

usr.sbin.nmbd > Toggle Mode
usr.sbin.smbd > Toggle Mode

Done