[Pkg-samba-maint] Bug#408981: samba: smbd 3.0.23a and later does
parse multiple backends in "passdb backend"
Modestas Vainius
geromanas at mailas.com
Mon Jan 29 18:46:47 CET 2007
Package: samba
Version: 3.0.23a-1
Severity: grave
Justification: possible breakage when upgrading from earlier versions, regression, unusable feature
Hi,
I upgraded a server from sarge to etch, but a new smbd refuses to work.
I tracked down that the problem had first appeared in 3.0.23a-1. 3.0.22-1,
which I have installed now, works fine as did smbd shipped with sarge.
I have
passdb backend = ldapsam:ldap://localhost, tdbsam
option in smb.conf. smbd 3.0.23 appears to "start", but it kind of hangs,
ONLY kill -9 can kill it. The following errors start appearing
in /var/log/samba/log.smbd:
smbd version 3.0.23d started.
Copyright Andrew Tridgell and the Samba Team 1992-2006
[2007/01/29 13:37:13, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:13, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 1 try!
[2007/01/29 13:37:14, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:14, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 2 try!
[2007/01/29 13:37:15, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:15, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 3 try!
[2007/01/29 13:37:16, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:16, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 4 try!
[2007/01/29 13:37:17, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:17, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 5 try!
[2007/01/29 13:37:18, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:18, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 6 try!
[2007/01/29 13:37:19, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:19, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 7 try!
[2007/01/29 13:37:20, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:20, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 8 try!
[2007/01/29 13:37:21, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:21, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 9 try!
[2007/01/29 13:37:22, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:22, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 10 try!
[2007/01/29 13:37:23, 0] lib/smbldap.c:smb_ldap_setup_conn(638)
ldap_initialize: Time limit exceeded
[2007/01/29 13:37:23, 1] lib/smbldap.c:another_ldap_try(1150)
Connection to LDAP server failed for the 11 try!
.... and so on forever... It keeps retrying....
It took me a while to determine what was wrong. Actually, the bug lies
in fact that I have two passdb backends specified as:
passdb backend = ldapsam:ldap://localhost, tdbsam
and smbd fails to parse this option properly, which is perfectly valid
as per official documentation (scoll to the end):
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html
So consider the following debuging output:
samba 3.0.23a and later:
-------------
# smbd -S -d10 -i | grep smb_ldap_setup_connection
smb_ldap_setup_connection: ldap://localhost, tdbsam
smb_ldap_setup_connection: ldap://localhost, tdbsam
smb_ldap_setup_connection: ldap://localhost, tdbsam
smb_ldap_setup_connection: ldap://localhost, tdbsam
.... and futher retries
--------------
samba 3.0.22 and earlier:
--------------
# smbd -S -d10 -i | grep smb_ldap_setup_connection
smb_ldap_setup_connection: ldap://localhost
--------------
So in the first case "ldap://localhost, tdbsam" gets passed to ldap_initialize()
as LDAP server URI which is obviously wrong. No wonder that function fails
(though error could more accurate than "Time limit exceeded"). Away
samba <= 3.0.22 does the right thing.
This bug is regression, it prevents me from specifying a fallback backend and
may break perfectly valid configs when upgrading from sarge to etch - hence
grave severity. I think it must be fixed for etch.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (1001, 'testing'), (500, 'testing-proposed-updates')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=lt_LT, LC_CTYPE=lt_LT (charmap=ISO-8859-13)
Versions of packages samba depends on:
ii debconf 1.5.11 Debian configuration management sy
ii libacl1 2.2.41-1 Access control list shared library
ii libattr1 2.4.32-1 Extended attribute shared library
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii libcupsy 1.2.7-2 Common UNIX Printing System(tm) -
ii libkrb53 1.4.4-6 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.2mdx1 OpenLDAP libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii logrotat 3.7.1-3 Log rotation utility
ii lsb-base 3.1-22 Linux Standard Base 3.1 init scrip
ii netbase 4.28 Basic TCP/IP networking system
ii samba-co 3.0.22-1 Samba common files used by both th
Versions of packages samba recommends:
ii smbldap-tools 0.9.2-3 Scripts to manage Unix and Samba a
-- debconf information:
samba/nmbd_from_inetd:
samba/log_files_moved:
samba/tdbsam: false
* samba/generate_smbpasswd: true
* samba/run_mode: daemons
More information about the Pkg-samba-maint
mailing list