[Pkg-samba-maint] Bug#862580: Bug #862580: Winbind crashes on ssh login of a domain user.
Christian Meyer
c2h5oh at web.de
Mon Jul 3 21:13:12 UTC 2017
Hello Louis,
its now some time after your last reply, I had some trouble with my
network, set up all clients with fresh stretch and fixed some other
things.
>>> 1) $ cat /etc/hosts
>>>> 127.0.0.1 localhost
>>>172.16.0.209 sambawb.work.company sambawb
I added this line.
> Lock the ip's by mac adres in the dhcp pool.
Yes, it's locked.
>> Jun 10 23:23:22 COMPUTERXY pam-script[9459]:
>> can not stat /usr/share/libpam-script/pam_script_acct
> Ok, for this, you could test also without that script
> since it errors also
I removed pam-script and since then login with domain users seems to
work more reliable.
A deeper look showed me that earlier I told pam-script to 'service
winbind restart' on every logon because of earlier problems. Obviously
this (often) restart caused winbind to crash.
On the other hand it explains, why 'just loggin in as a local user'
'fixed' winbind login.
> Test also with,
> getent passwd username
> getent passwd "Group Name"
> id username
> wbinfo -u
> wbinfo -g
I wrote a cronjob for this and it's running after every failed login. I
will report when it finds something interesting, till now it doesn't.
> That starts here: ( DC's first )
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Provisioning_a_Samba_Active_Directory
I'm using Windows 2008R2 DC, not Samba.
>> When 'getent passwd' (or 'getent passwd domainuser') shows
>> 'domainuser'
>> then I can log in as domainuser, too.
> ^^^^^so if you user has an UID you can login, if not not,
> thats totaly correct.
...
> You missing UID's on some users, or you have a mismatch in the
> backend setups.
So what's the cause for this? Okay, when winbind has crashed, it can not
find the UID, but usually this should be winbinds job to find UIDs.
For now I belive that winbind crashed because of often restarting, but
cronjob is paying attention for anormalies now. Our company is on
vacation right now, we are closed and I can not test in real situations.
I will report back when I know more.
So thank you for your help, perhaps someone could update debian wiki
https://wiki.debian.org/AuthenticatingLinuxWithActiveDirectory
with your guide to help others, too.
Thanks a lot,
Christian
More information about the Pkg-samba-maint
mailing list