[Pkg-samba-maint] Bug#972223: samba: NT4-style domain member doesn't work without winbind, but even with it, doesn't work
Josip Rodin
joy at debbugs.entuzijast.net
Wed Oct 14 20:10:08 BST 2020
Package: samba
Version: 4.9.5+dfsg-5
Hi,
Got a very unpleasant surprise trying to create a buster samba file server
on top of existing NT4-style Samba domain set up using smbldap-tools - this
message in the log:
check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS
I googled that and found https://www.samba.org/samba/history/samba-4.8.0.html
saying:
Domain member setups require winbindd
-------------------------------------
Setups with "security = domain" or "security = ads" require a
running 'winbindd' now. The fallback that smbd directly contacts
domain controllers is gone.
This seems to conflict with the earlier stable setup where we can simply
have ldapsam on the Samba PDC and NSS/PAM LDAP support on the Samba domain
members, which already provides all the stuff that winbind is supposed to?
https://wiki.samba.org/index.php/Samba_%26_LDAP#Setting_up_PAM_and_NSS_to_use_LDAP
is still out there and doesn't mention winbind at all...?
Yet https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
seems to have been rewritten to include a lot of winbind information...
Does all that need to be implemented? What do we do with all that idmap
stuff, isn't that supposed to be inside LDAP (there is an entry there for
that already)?
Oh well, so I tried to simply install winbind on top of the existing setup,
which ostensibly worked:
% wbinfo --ping-dc
checking the NETLOGON for domain[IMAGO] dc connection to "KAIRO" succeeded
%
Yet anything more complex than that still doesn't actually work, users can't
log in, and wbinfo -u croaks, and the log (level 10) for that says:
[2020/10/14 18:34:03.473102, 6, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:912(new_connect
accepted socket 21
[2020/10/14 18:34:03.473361, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:763(process_req
process_request_send: process_request: request fn INTERFACE_VERSION
[2020/10/14 18:34:03.473417, 3, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:419(winbin
[20512]: request interface version (version = 30)
[2020/10/14 18:34:03.473547, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:846(process_req
process_request_written: [20512:unknown request]: delivered response to client
[2020/10/14 18:34:03.473659, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:763(process_req
process_request_send: process_request: request fn INTERFACE_VERSION
[2020/10/14 18:34:03.473701, 3, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:419(winbin
[20512]: request interface version (version = 30)
[2020/10/14 18:34:03.473788, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:846(process_req
process_request_written: [20512:unknown request]: delivered response to client
[2020/10/14 18:34:03.473882, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:763(process_req
process_request_send: process_request: request fn INFO
[2020/10/14 18:34:03.473923, 3, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:407(winbin
[20512]: request misc info
[2020/10/14 18:34:03.474012, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:846(process_req
process_request_written: [20512:unknown request]: delivered response to client
[2020/10/14 18:34:03.474102, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:763(process_req
process_request_send: process_request: request fn NETBIOS_NAME
[2020/10/14 18:34:03.474142, 3, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:440(winbin
[20512]: request netbios name
[2020/10/14 18:34:03.474234, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:846(process_req
process_request_written: [20512:unknown request]: delivered response to client
[2020/10/14 18:34:03.474322, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:763(process_req
process_request_send: process_request: request fn DOMAIN_NAME
[2020/10/14 18:34:03.474362, 3, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:429(winbin
[20512]: request domain name
[2020/10/14 18:34:03.474451, 10, pid=20431, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd.c:846(process_req
process_request_written: [20512:unknown request]: delivered response to client
[2020/10/14 18:34:03.910779, 0] ../lib/util/fault.c:79(fault_report)
===============================================================
[2020/10/14 18:34:03.910834, 0] ../lib/util/fault.c:80(fault_report)
INTERNAL ERROR: Signal 11 in pid 20431 (4.9.5-Debian)
Please read the Trouble-Shooting section of the Samba HOWTO
[2020/10/14 18:34:03.910862, 0] ../lib/util/fault.c:82(fault_report)
===============================================================
[2020/10/14 18:34:03.910879, 0] ../source3/lib/util.c:816(smb_panic_s3)
PANIC (pid 20431): internal error
[2020/10/14 18:34:03.911609, 0] ../lib/util/fault.c:261(log_stack_trace)
BACKTRACE: 21 stack frames:
#0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x32) [0x7f8c321a08d2]
#1 /lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f8c317da1c0]
#2 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f8c321a09df]
#3 /lib/x86_64-linux-gnu/libsamba-util.so.0(+0x24c16) [0x7f8c321a0c16]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7f8c324ad730]
#5 /usr/lib/x86_64-linux-gnu/samba/libsamba3-util.so.0(strlower_m+0x11) [0x7f8c317345a1]
#6 /usr/sbin/winbindd(fill_domain_username_talloc+0x36) [0x55cb77d4e486]
#7 /usr/sbin/winbindd(+0x68b4e) [0x55cb77d86b4e]
#8 /lib/x86_64-linux-gnu/libdcerpc-binding.so.0(+0x16431) [0x7f8c32214431]
#9 /usr/sbin/winbindd(+0x5970d) [0x55cb77d7770d]
#10 /usr/sbin/winbindd(+0x571ac) [0x55cb77d751ac]
#11 /usr/sbin/winbindd(+0x552dd) [0x55cb77d732dd]
#12 /usr/sbin/winbindd(+0x81867) [0x55cb77d9f867]
#13 /usr/sbin/winbindd(+0x810e6) [0x55cb77d9f0e6]
#14 /lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x7f) [0x7f8c3156b03f]
#15 /lib/x86_64-linux-gnu/libtevent.so.0(+0xd05f) [0x7f8c3157105f]
#16 /lib/x86_64-linux-gnu/libtevent.so.0(+0xb2d7) [0x7f8c3156f2d7]
#17 /lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84) [0x7f8c3156a7e4]
#18 /usr/sbin/winbindd(main+0xdc4) [0x55cb77d45c44]
#19 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7f8c313c709b]
#20 /usr/sbin/winbindd(_start+0x2a) [0x55cb77d461fa]
[2020/10/14 18:34:03.911728, 0] ../source3/lib/util.c:828(smb_panic_s3)
smb_panic(): calling panic action [/usr/share/samba/panic-action 20431]
[2020/10/14 18:34:03.917452, 0] ../source3/lib/util.c:836(smb_panic_s3)
smb_panic(): action returned status 0
[2020/10/14 18:34:03.917529, 0] ../source3/lib/dumpcore.c:315(dump_core)
dumping core in /var/log/samba/cores/winbindd
gdb, with winbind-dbgsym installed, says:
(gdb) bt
#0 0x00007f8c313da7bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007f8c313c5535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007f8c317ed9e3 in dump_core () from /lib/x86_64-linux-gnu/libsmbconf.so.0
#3 0x00007f8c317da22b in smb_panic_s3 () from /lib/x86_64-linux-gnu/libsmbconf.so.0
#4 0x00007f8c321a09df in smb_panic () from /lib/x86_64-linux-gnu/libsamba-util.so.0
#5 0x00007f8c321a0c16 in ?? () from /lib/x86_64-linux-gnu/libsamba-util.so.0
#6 <signal handler called>
#7 0x00007f8c317345a1 in strlower_m () from /usr/lib/x86_64-linux-gnu/samba/libsamba3-util.so.0
#8 0x000055cb77d4e486 in fill_domain_username_talloc (mem_ctx=mem_ctx at entry=0x55cb7888ccc0, domain=0x55cb78869d00 "IMAGO",
user=<optimized out>, can_assume=can_assume at entry=true) at ../source3/winbindd/winbindd_util.c:1668
#9 0x000055cb77d86b4e in wb_query_user_list_done (subreq=<optimized out>) at ../source3/winbindd/wb_query_user_list.c:110
#10 0x00007f8c32214431 in ?? () from /lib/x86_64-linux-gnu/libdcerpc-binding.so.0
#11 0x000055cb77d7770d in wbint_bh_raw_call_domain_done (subreq=<optimized out>) at ../source3/winbindd/winbindd_dual_ndr.c:204
#12 0x000055cb77d751ac in wb_domain_request_done (subreq=<optimized out>) at ../source3/winbindd/winbindd_dual.c:708
#13 0x000055cb77d732dd in wb_child_request_done (subreq=0x55cb78891160) at ../source3/winbindd/winbindd_dual.c:273
#14 0x000055cb77d9f867 in wb_simple_trans_read_done (subreq=<optimized out>) at ../nsswitch/wb_reqtrans.c:432
#15 0x000055cb77d9f0e6 in wb_resp_read_done (subreq=<optimized out>) at ../nsswitch/wb_reqtrans.c:275
#16 0x00007f8c3156b03f in tevent_common_invoke_fd_handler () from /lib/x86_64-linux-gnu/libtevent.so.0
#17 0x00007f8c3157105f in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
#18 0x00007f8c3156f2d7 in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
#19 0x00007f8c3156a7e4 in _tevent_loop_once () from /lib/x86_64-linux-gnu/libtevent.so.0
#20 0x000055cb77d45c44 in main (argc=<optimized out>, argv=<optimized out>) at ../source3/winbindd/winbindd.c:1904
Everything is fetched correctly, but then it tries to lowercase something
and then it breaks?! I'm guessing something in the existing LDAP data is
confusing it, but it won't tell me what, so how am I supposed to debug this?
Is there a specification somewhere that I could use to cross-check the data
manually? I couldn't find it...
I scoured various online Samba guides for information these kinds of cases,
to no avail. One place recommended setting up an 'authuser' using wbinfo,
then I found that had been moved to the net command, so I set up domain root
with it, but it made no difference.
For this installation, this is a grave bug (it makes the package in question
unusable), but I'll try not to harp on that...
Please help. TIA.
--
Josip Rodin
More information about the Pkg-samba-maint
mailing list