[Pkg-samba-maint] Bug#465773: samba: segfault with domain logons & virtual server
Ben
bugreporter at vescentphotonics.com
Thu Feb 14 17:41:53 UTC 2008
Package: samba
Version: 3.0.24-6etch9
Severity: normal
I have one samba computer running as a both a PDC (Vescent) and as a simple
file sharing server (public) but using the virtual server configuration in
samaba (include smb-%L.conf). Whenever I connect to public from a
machine that uses domain logons, I get a segfault in samba. The samba
panic script e-mails me the following:
The Samba 'panic action' script, /usr/share/samba/panic-action,
was called for PID 582 (/usr/sbin/smbd).
This means there was a problem with the program, such as a segfault.
Below is a backtrace for this process generated with gdb, which shows
the state of the program at the time the error occurred. The Samba log
files may contain additional information about the problem.
If the problem persists, you are encouraged to first install the
samba-dbg package, which contains the debugging symbols for the Samba
binaries. Then submit the provided information as a bug report to
Debian. For information about the procedure for submitting bug reports,
please see http://www.debian.org/Bugs/Reporting or the reportbug(1)
manual page.
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1212971328 (LWP 582)]
0xb7c46eee in waitpid () from /lib/tls/libc.so.6
#0 0xb7c46eee in waitpid () from /lib/tls/libc.so.6
#1 0xb7bee699 in strtold_l () from /lib/tls/libc.so.6
#2 0xb7d7e56d in system () from /lib/tls/libpthread.so.0
#3 0x0822c51a in smb_panic (why=0x8321a7f "internal error") at
lib/util.c:1608
#4 0x0821a68a in sig_fault (sig=6) at lib/fault.c:47
#5 <signal handler called>
#6 0xb7be1947 in raise () from /lib/tls/libc.so.6
#7 0xb7be30c9 in abort () from /lib/tls/libc.so.6
#8 0x08231c26 in talloc_chunk_from_ptr (ptr=<value optimized out>)
at lib/talloc.c:119
#9 0x08232b9a in _talloc (context=0x847e328, size=136) at
lib/talloc.c:194
#10 0x08232dc9 in talloc_named_const (context=0x847e328, size=136,
name=0x83010dc "DOM_SID") at lib/talloc.c:425
#11 0x0822646c in add_sid_to_array (mem_ctx=0x6, sid=0x8323380,
sids=0x847e32c, num=0x847e328) at lib/util_sid.c:587
#12 0x0826b1a6 in create_local_nt_token (mem_ctx=0x0,
user_sid=0xbf9fd5a0,
is_guest=1, num_groupsids=13, groupsids=0x847df08) at
auth/auth_util.c:863
#13 0x0826c2a5 in create_token_from_username (mem_ctx=0x0,
username=0x836f938 "bluey", is_guest=1, uid=0x83898f0,
gid=0x83898f4,
found_username=0xbf9fdd64, token=0x8389914) at auth/auth_util.c:1235
#14 0x080edf9c in make_connection_snum (snum=4, vuser=0x0, password=
{data = 0x84419f0
"¦\231À³ºá£\226\025|<%,\r\206íÝéµ\206y1²v", length = 24, free =
0x8229c00 <free_data_blob>}, pdev=0xbf9fdea0 "", status=0xbf9fe71c)
at smbd/service.c:607
#15 0x080eeedf in make_connection (service_in=0xbf9fe610 "IPC$",
password=
{data = 0x84419f0 "¦\231À³ºá£\226\025|<%,\r\206íÝéµ\206y1²v",
length = 24, free = 0x8229c00 <free_data_blob>}, pdev=0xbf9fe510 "",
vuid=0,
status=0xbf9fe71c) at smbd/service.c:1127
#16 0x080b8e17 in reply_tcon_and_X (conn=0x0, inbuf=0xb779a0a2 "",
outbuf=0xb7779040 "", length=204, bufsize=131016) at
smbd/reply.c:670
#17 0x080ea674 in switch_message (type=117, inbuf=0xb779a0a2 "",
outbuf=0xb7779040 "", size=204, bufsize=131016) at
smbd/process.c:991
#18 0x080eb04e in chain_reply (inbuf=0xb779a008 "", outbuf=0xb7779008
"",
size=204, bufsize=131016) at smbd/process.c:1250
#19 0x080c10d7 in reply_sesssetup_and_X (conn=0x0,
inbuf=0xb779a008 "",
outbuf=0xb7779008 "", length=260, bufsize=131072) at
smbd/sesssetup.c:1168
#20 0x080ea674 in switch_message (type=115, inbuf=0xb779a008 "",
outbuf=0xb7779008 "", size=260, bufsize=131072) at
smbd/process.c:991
#21 0x080eb838 in smbd_process () at smbd/process.c:1018
#22 0x082c385f in main (argc=) at smbd/server.c:1024
This problem occurs when I connect from an Windows XP Professional box
that did a domain logon. Windows XP Pro boxes that do not use domain
logons do not have this problem.
Under the logs for the machine that I connect from, before the crash, I get
[2008/02/14 10:15:03, 0] passdb/secrets.c:fetch_ldap_pw(635)
fetch_ldap_pw: neither ldap secret retrieved!
I have setup the public virtual box to use either security=share or
security=user and have sometimes configured it with and without ldap
authentication, which I use on the PDC (vescent). I get the same
behavior in all cases. Attached is my samba configuration files.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18bl2
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages samba depends on:
ii deb 1.5.11etch1 Debian configuration management sy
ii lib 2.2.41-1 Access control list shared library
ii lib 2.4.32-1 Extended attribute shared library
ii lib 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 1.2.7-4etch2 Common UNIX Printing System(tm) -
ii lib 1.4.4-3 the GNU TLS library - runtime libr
ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries
ii lib 2.1.30-13.3 OpenLDAP libraries
ii lib 0.79-5 Pluggable Authentication Modules f
ii lib 0.79-5 Runtime support for the PAM librar
ii lib 0.79-5 Pluggable Authentication Modules l
ii lib 1.10-3 lib for parsing cmdline parameters
ii log 3.7.1-3 Log rotation utility
ii lsb 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii net 4.29 Basic TCP/IP networking system
ii pro 1:3.2.7-3 /proc file system utilities
ii sam 3.0.24-6etch9 Samba common files used by both th
ii zli 1:1.2.3-13 compression library - runtime
Versions of packages samba recommends:
ii smbldap-tools 0.9.2-3 Scripts to manage Unix and Samba a
-- debconf information:
samba/nmbd_from_inetd:
samba/log_files_moved:
samba/tdbsam: false
* samba/generate_smbpasswd: true
* samba/run_mode: daemons
-------------- next part --------------
;
; /etc/samba/smb.conf
;
; Sample configuration file for the Samba suite for Debian GNU/Linux
;
; Please see the manual page for smb.conf for detailed description of
; every parameter.
;
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
# printing = cups
# printcap name = cups
# load printers = yes
# map to guest = Never
# guest account = nobody
invalid users = root
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
unix password sync = false
max log size = 1000
obey pam restrictions = yes
encrypt passwords = true
unix charset = iso-8859-15
display charset = iso-8859-15
dos charset = 850
##Attempting Virtual Server
netbios name = vescent
netbios aliases = public
smb ports = 139
#login script = logon.bat
log level = 2
log file = /var/log/samba/log.%m
; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
syslog only = no
; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
syslog = 0;
os level = 251
; domain master = yes
; local master = no
### Changes to try to fix acl stuff
#preferred master = yes
#domain master = yes
#local master = yes
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = lmhosts host wins bcast
; This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
; Name mangling options
preserve case = yes
short preserve case = yes
max log size = 1000
obey pam restrictions = yes
; ISOLATIN1 with euro sign
unix charset = iso-8859-15
display charset = iso-8859-15
dos charset = 850
include = /etc/samba/smb-%L.conf
-------------- next part --------------
[global]
map to guest = Never
guest account = nobody
invalid users = root
printing = cups
printcap name = cups
load printers = yes
security = user
workgroup = Lab
server string = File Server
; This socket options really speed up Samba under Linux, according to my
; own tests.
; socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
; encrypt passwords = true
; passdb backend = smbpasswd guest
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=vescent-int
ldap machine suffix = ou=machines
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap admin dn = cn=admin,dc=vescent-int
ldap delete dn = no
domain logons = yes
enable privileges = yes
add machine script = /usr/sbin/smbldap-useradd -w "%u"
ldap password sync = yes
; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS server
; below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
wins support = yes
; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server = 172.16.0.10
# If we receive WINS server info from DHCP, override the options above.
# include = /etc/samba/dhcp.conf
; Please read BROWSING.txt and set the next four parameters according
; to your network setup. There is no valid default so they are commented
; out.
os level = 251
### Changes to try to fix acl stuff
preferred master = yes
domain master = yes
local master = yes
;logon path = \\vescent\profiles\%U
logon path = \\vescent\%U\profiles
logon drive = Y:
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = lmhosts host wins bcast
; This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
; Name mangling options
preserve case = yes
short preserve case = yes
; This boolean parameter controlls whether Samba attempts to sync. the Unix
; password with the SMB password when the encrypted SMB password in the
; /etc/samba/smbpasswd file is changed.
unix password sync = false
; For Unix password sync. to work on a Debian GNU/Linux system, the following
; parameters must be set (thanks to Augustin Luton
; <aluton at hybrigenics.fr> for sending the correct chat script for
; the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
; The following parameter is useful only if you have the linpopup package
; installed. The samba maintainer and the linpopup maintainer are
; working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
; The default maximum log file size is 5 MBytes. That's too big so this
; next parameter sets it to 1 MByte. Currently, Samba rotates log
; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
; A better solution would be to have Samba rotate the log file upon
; reception of a signal, but for now on, we have to live with this.
max log size = 1000
obey pam restrictions = yes
; Some defaults for winbind (make sure you're not using the ranges
; for something else.)
; winbind uid = 10000-20000
; winbind gid = 10000-20000
; template shell = /bin/bash
; ISOLATIN1 with euro sign
; unix charset = iso-8859-15
; display charset = iso-8859-15
; dos charset = 850
[homes]
comment = Home Directories
browseable = no
hide files = /Maildir/
; By default, the home directories are exported read only. Change next
; parameter to "no" if you want to be able to write to them.
read only = no
; File creation mask is set to 0700 for security reasons. If you want to
; create files with group=rw permissions, set next parameter to 0775.
create mask = 0600
; Directory creation mask is set to 0700 for security reasons. If you want to
; create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
;[print$]
; comment = Printer Drivers
; path = /var/lib/samba/printers
; browseable = yes
; guest ok = no
; read only = yes
; write list = knoppix
;[printers]
; printer admin = knoppix
; comment = All Printers
; browseable = no
; path = /tmp
; printable = yes
; public = no
; writable = no
; create mode = 0700
[printers]
comment = All Printers
directory = /tmp
browseable = yes
;guest ok = yes
;guest account = nobody
writable = yes
printable = yes
create mode = 0777
;[Tmp]
;comment = Temp space on Server
;path = /tmp
;writable = yes
;guest ok = yes
;guest account = nobody
;create mode = 0777
; A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
;
; The next two parameters show how to auto-mount a CD-ROM when the
; cdrom share is accesed. For this to work /etc/fstab must contain
; an entry like this:
;
; /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
;
; The CD-ROM gets unmounted automatically after the connection to the
;
; If you don't want to use auto-mounting/unmounting make sure the CD
; is mounted on /cdrom
;
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
[data]
browseable = yes
;path = /data1
;path=/Extra/data1
; path=/home/Vescent
path=/Vescent
public = yes
writeable = yes
guest ok = no
create mask = 0600
directory mask = 0700
hide files = /lost+found/
force group = root
; valid users = Administrator
invalid users = smbuser
;[Permission Testing]
; browseable = yes
; path=/home/NewData
; public = yes
; writeable = yes
; guest ok = no
; create mask = 0600
; directory mask = 0700
[downloads]
browseable = yes
path = /home/downloads/
public = yes
force group = vescent
writeable = yes
guest ok = yes
create mask = 0664
directory mask = 0775
[pdf]
browseable = yes
path = /home/%u/cups-pdf
public = no
writeable = yes
guest ok = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Net login
path = /home/samba/netlogon
write list = @admins
guest ok = Yes
[profiles]
path = /home/samba/profiles
comment = Profiles
writeable = yes
create mask = 0600
directory mask = 0700
browsable = no
valid users = @admins @users @vescent
;[Scripts]
;path = /etc/scripts
;comment = Scripts
;writeable = no
;browsable = yes
;guest ok = Yes
;public = yes
-------------- next part --------------
[global]
guest account = nobody
invalid users = root
load printers = no
security = share
workgroup = Lab
server string = Public File Server
; This socket options really speed up Samba under Linux, according to my
; own tests.
; socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
encrypt passwords = true
; passdb backend = smbpasswd guest
; passdb backend = plaintext
passdb backend = ldapsam:ldap://127.0.0.1
ldap suffix = dc=vescent-int
ldap machine suffix = ou=machines
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap admin dn = cn=admin,dc=vescent-int
ldap delete dn = no
domain logons = no
enable privileges = yes
;ldap password sync = yes
; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS server
; below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
wins support = no
; If this server is not the WINS server then specify who is it and uncomment
; next line.
wins server = vescent
# If we receive WINS server info from DHCP, override the options above.
# include = /etc/samba/dhcp.conf
; Please read BROWSING.txt and set the next four parameters according
; to your network setup. There is no valid default so they are commented
; out.
os level = 4
preferred master = no
domain master = no
local master = no
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = lmhosts host wins bcast
; This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
; Name mangling options
preserve case = yes
short preserve case = yes
; This boolean parameter controlls whether Samba attempts to sync. the Unix
; password with the SMB password when the encrypted SMB password in the
; /etc/samba/smbpasswd file is changed.
unix password sync = false
; For Unix password sync. to work on a Debian GNU/Linux system, the following
; parameters must be set (thanks to Augustin Luton
; <aluton at hybrigenics.fr> for sending the correct chat script for
; the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
; The following parameter is useful only if you have the linpopup package
; installed. The samba maintainer and the linpopup maintainer are
; working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
; The default maximum log file size is 5 MBytes. That's too big so this
; next parameter sets it to 1 MByte. Currently, Samba rotates log
; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
; A better solution would be to have Samba rotate the log file upon
; reception of a signal, but for now on, we have to live with this.
max log size = 1000
obey pam restrictions = yes
; Some defaults for winbind (make sure you're not using the ranges
; for something else.)
; winbind uid = 10000-20000
; winbind gid = 10000-20000
; template shell = /bin/bash
; ISOLATIN1 with euro sign
; unix charset = iso-8859-15
; display charset = iso-8859-15
; dos charset = 850
[downloads]
browseable = yes
path = /home/downloads/
public = yes
force group = vescent
writeable = yes
guest ok = yes
create mask = 0664
directory mask = 0775
[fprot]
browseable = yes
path = /root/fprot
public = yes
writeable = no
guest ok = yes
[Scripts]
path = /etc/scripts
comment = Scripts
writeable = no
browsable = yes
guest ok = Yes
public = yes
More information about the Pkg-samba-maint
mailing list