[Pkg-samba-maint] Bug#671523: Winbind periodically looses the ability to make username lookups

Kevin Elliott kevin_elliott at ci.juneau.ak.us
Fri May 4 19:48:15 UTC 2012 

Package: winbind
Version: 2:3.5.6~dfsg-3squeeze7

Winbind periodically looses the ability to correctly resolve UID/GIDs to SIDs. During this state the winbind process is still running and successfully responds to a 'wbinfo -p'. Restarting the winbind process "fixes" the problem. I cannot find a condition in which I can reliably reproduce the error, although it happens at least once in a 24 hour period.

Here's an example of a me failing to connect to a Samba fileshare from a Windows XP SP3 client:

[2012/05/04 08:29:45.519572, 10] smbd/sesssetup.c:382(reply_spnego_kerberos)
  Mapped to [CBJ_NT] (using PAC)
[2012/05/04 08:29:45.519616,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user CBJ_NT+kevin_elliott
[2012/05/04 08:29:45.519638,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is cbj_nt+kevin_elliott
[2012/05/04 08:29:45.534506,  5] lib/username.c:85(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as given is CBJ_NT+kevin_elliott
[2012/05/04 08:29:45.534949,  5] lib/username.c:95(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as uppercase is CBJ_NT+KEVIN_ELLIOTT
[2012/05/04 08:29:45.535341,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in cbj_nt+kevin_elliott
[2012/05/04 08:29:45.535386,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [CBJ_NT+kevin_elliott]!
[2012/05/04 08:29:45.535417,  5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user kevin_elliott
[2012/05/04 08:29:45.535438,  5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is kevin_elliott
[2012/05/04 08:29:45.535799,  5] lib/username.c:95(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as uppercase is KEVIN_ELLIOTT
[2012/05/04 08:29:45.536191,  5] lib/username.c:104(Get_Pwnam_internals)
  Checking combinations of 0 uppercase letters in kevin_elliott
[2012/05/04 08:29:45.536235,  5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals didn't find user [kevin_elliott]!
[2012/05/04 08:29:45.536449,  1] smbd/sesssetup.c:454(reply_spnego_kerberos)
  Username CBJ_NT+kevin_elliott is invalid on this system
[2012/05/04 08:29:45.536521,  3] smbd/error.c:80(error_packet_set)
  error packet at smbd/sesssetup.c(459) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE


Performing a 'wbinfo -i Kevin_Elliott' returns the message: "Could not get info for user kevin_elliot".

If I immediately restart the winbind process I get the correct information returned: "kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false"


Here's the smb.conf:
--------------------

[global]
        workgroup = CBJ_NT
        realm = CBJ.LOCAL
        netbios aliases = CITY-LIZA-L90, CITY-LIZA
        server string = External FTP Server
        interfaces = 199.58.55.87/22, lo
        bind interfaces only = Yes
        security = ADS
        obey pam restrictions = Yes
        password server = 199.58.55.25, 199.58.55.50
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        client NTLMv2 auth = Yes
        log level = 10
        log file = /var/log/samba/log.%m
        max log size = 2500
        printcap name = cups
        os level = 5
        local master = No
        domain master = No
        wins server = 199.58.55.25
        ldap ssl = no
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 10000-79999
        idmap gid = 10000-79999
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config LIBRARY:range = 65535-79999
        idmap config LIBRARY:base_rid = 0
        idmap config LIBRARY:backend = rid
        idmap config CBJ_NT:range = 10000-65533
        idmap config CBJ_NT:base_rid = 0
        idmap config CBJ_NT:backend = rid
        admin users = @CBJ_NT+mis-sysop, CBJ_NT+adm_zuelow, CBJ_NT+adm_miller
        veto files = /.*/

[ftp]
        comment = FTP directory
        path = /var/ftp/pub/
        valid users = "@CBJ_NT+domain users"
        read only = No
        create mask = 0775
        directory mask = 0775
        hide unreadable = Yes


What other information can I gather to help determine where this bug (or misconfiguration) lies?


-- 
Kevin Elliott
 
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905

More information about the Pkg-samba-maint mailing list