[Samba] Winbindd has still bottlenecks when used with interdomain trusts.

Harald Strack harry at code.de
Fri Mar 2 00:14:02 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jerry & Volker,

thank you for your tips!

First I want to explain you my initial problem on Detail, so that you
see what calls are causing timeouts when they appear in a huge amount.

The following log output from is from winbindd (3.0.24), on a trusting
PDC, debug level 4, for the command (RZ is the trusted domain, running
samba 3.0.24):


smbclient -U "RZ\strack" -L hkspdc


[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 13
[ 2169]: pam auth crap domain: RZ user: strack
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7015
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7015
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
[    0]: ping
child daemon request 26
ldap_allocate_id: Failed to allocate new gidNumber.  ldap_modify() failed.
[    0]: ping
child daemon request 26
ldap_allocate_id: Failed to allocate new gidNumber.  ldap_modify() failed.
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7007
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7007
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7007
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7011
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7011
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7011
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 13
[ 2169]: pam auth crap domain: RZ user: strack
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7015
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7015
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
[    0]: ping
child daemon request 26
ldap_allocate_id: Failed to allocate new gidNumber.  ldap_modify() failed.
[    0]: ping
child daemon request 26
ldap_allocate_id: Failed to allocate new gidNumber.  ldap_modify() failed.
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7007
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7007
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7007
[    0]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7011
child daemon request 19
[ 2169]: lookupsid S-1-5-21-1038270140-2076475976-1641107025-7011
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7011


As you see, there are 12 (!!!) "child daemon requests" for one
authentification of a user that
belongs to 3 groups! Now imagine what happens on only 10 parallel
logons, one logon causes 4 authentifications
(user,profile,share1,share2): 120*4 calls, all serialized...
That takes so long, that some requests run into timeouts (Ok, there is
some caching...). Of course, the users (or the workstations themselfes)
are trying immediately to logon again and we run into a
lock of the whole system.

That's why I was thinking about multible workers, to have more "child
daemons", that can process these requests. Or am I wrong?

I see the "ldap_modify() failed" ... I think that's concerned to uid
allocation. Since the idmapping is rewritten in 3.0.25, I dunno care.


>
>
>>> My guess is that your are hit by us not yet having a negative cache
for idmapping. With 3.0.25 the id mapping has been rewritten, and it
does include a negative cache. Maybe you could try the
>>> just released pre1 (not yet production!).
>

Ok, I tried this, the new implementation seems to be very promising,
even though it still might work serialized. Of course I do not
understand the new configuration options exactly but I tried to
fiddle with them. Just to be clear, I only replaced the samba version on
the trusting domain, where winbindd is in charge.

1 When I use my 3.0.24 configuration file, I get a core dump. I think
there is any null pointer not checked. Log is attached (crash.log). You
may have a look at the failed assertion before the core
dump, that came from stderr. More a problem with backward compatibility.

2 My second (more reasonable) try was with the new idmap configuration.
But I could not test it, since I do not know, how to set the password for

 idmap config RZ: ldap_user_dn = ...

smbpasswd -w does not work for this parameter. How do I set the password?

By the way, how do I setup TLS with this config? Does the parameter

 ldap ssl                        = start_tls

affect the new idmap connection?

We will see. I also attached a log of this try (noauth.log).

It would be great if you gave me a tip what are the appropriate
configuration options in my case for the new idmap backend.

I am quite curious and optimistic on this issue!

best regards

Harald

PS

Please tell me if I should not post so much data at the list.
 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFF52xJczpSApoeLSQRAtnUAKC1Onpm524jYK5+nlMjvjqSGKqjzgCgttI3
e95VMT17vpylRObfZMQXFwQ=
=xOX5
-----END PGP SIGNATURE-----

-------------- next part --------------
/opt/rz/samba/sbin/winbindd -i -d 4 > samba/logs/crash.log 2>&1
winbindd version 3.0.25pre1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter name resolve order = wins lmhosts bcast host
doing parameter workgroup = HKS
doing parameter log level = 2
doing parameter log file = /var/log/samba/samba.log
doing parameter max log size = 0
doing parameter deadtime = 5
doing parameter smb ports = 445 139
doing parameter add machine script = /root/bin/addmachine "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter logon path = \\HKSPDC1\profiles\%u
doing parameter domain logons = Yes
doing parameter os level = 255
doing parameter preferred master = Yes
doing parameter domain master = Yes
doing parameter wins support = Yes
doing parameter winbind cache time = 3000
doing parameter winbind enum groups = no
doing parameter winbind enum users = no
doing parameter idmap uid = 1-50000
WARNING: The "idmap uid" option is deprecated
doing parameter idmap uid = 1000-25000
WARNING: The "idmap uid" option is deprecated
doing parameter idmap gid = 1-20000
WARNING: The "idmap gid" option is deprecated
doing parameter winbind trusted domains only = yes
doing parameter winbind use default domain = no
doing parameter winbind enum users = no
doing parameter winbind enum groups = no
doing parameter remote browse sync = 129.187.244.178
doing parameter passdb backend = smbpasswd
doing parameter force unknown acl user = yes
doing parameter interfaces = eth0
doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=32768 SO_KEEPALIVE
doing parameter idmap backend = ldap:"ldap://129.187.244.99:389 ldap://10.27.120.100"
WARNING: The "idmap backend" option is deprecated
doing parameter ldap suffix = dc=fhm,dc=edu
doing parameter ldap machine suffix = ou=computers
doing parameter ldap user suffix = ou=people
doing parameter ldap group suffix = ou=group
doing parameter ldap admin dn = "uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
doing parameter ldap ssl = start_tls
doing parameter ldap timeout = 3
doing parameter logon script = logon.bat
doing parameter time server = yes
doing parameter add user script = /root/bin/useradd "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[netlogon]"
doing parameter comment = netlogon on %L (Samba %v)
doing parameter path = /n/home/netlogon/%a
doing parameter browseable = No
doing parameter read only = Yes
doing parameter root preexec = /root/bin/netlogon-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/netlogon-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[profiles]"
doing parameter comment = profiles on %L (Samba %v)
doing parameter path = /n/home/profiles/%a
doing parameter writeable = yes
doing parameter browseable = no
doing parameter browseable = yes
doing parameter create mode = 0600
doing parameter directory mode = 0700
doing parameter root preexec = /root/bin/profiles-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/profiles-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[homes]"
doing parameter comment = Heimatverzeichnis von %U auf %L (Samba %v)
doing parameter path = /n/home/%G/%U
doing parameter writeable = yes
doing parameter browsable = no
doing parameter create mode = 0644
doing parameter directory mode = 755
doing parameter root preexec = /root/bin/homes-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/homes-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[transfer]"
doing parameter comment = Transfer-Laufwerk auf %L (Samba %v)
doing parameter path = /n/home/transfer
doing parameter writeable = yes
doing parameter create mode = 0666
doing parameter create mode = 0644
doing parameter create mode = 0664
doing parameter directory mode = 755
doing parameter browseable = yes
doing parameter browsable = no
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/
doing parameter create mode = 0744
doing parameter map archive = yes
Processing section "[catdoc]"
doing parameter comment = "Catia Documentation and Settings" auf %L (Samba %v)
doing parameter path = /n/catiadocu
doing parameter volume = Catia Documentation and Settings
doing parameter writeable = yes
Processing section "[ati]"
doing parameter comment = Acronis True Image auf %L (Samba %v)
doing parameter path = /n/AcronisTrueImage
doing parameter volume = Acronis True Image
doing parameter writeable = yes
doing parameter browseable = yes
Processing section "[sperl]"
doing parameter comment = sperl auf %L (Samba %v)
doing parameter path = /n/home/fb03/sperl
doing parameter writeable = yes
doing parameter create mode = 0666
doing parameter create mode = 0644
doing parameter create mode = 0660
doing parameter directory mode = 770
doing parameter browseable = yes
Processing section "[pruetransfer]"
doing parameter comment = Transferlaufwerk fuer die Pruefungsaufgaben auf %L (Samba %v)
doing parameter path = /n/home/pruetransfer
doing parameter writeable = yes
doing parameter browseable = yes
doing parameter browseable = no
Processing section "[prueergebnisse]"
doing parameter comment = Share fuer die Pruefungsergebnisse auf %L (Samba %v)
doing parameter path = /n/home/prue
doing parameter writeable = yes
doing parameter browseable = no
doing parameter create mask = 0660
doing parameter directory mode = 750
doing parameter valid users = @prof
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/
Processing section "[studienplan]"
doing parameter comment = Share fuer die Studienplanung FB 03 auf %L (Samba %v)
doing parameter path = /n/home/studienplan
doing parameter writeable = yes
doing parameter browseable = yes
doing parameter create mask = 0640
doing parameter directory mode = 750
doing parameter valid users = @stdpln
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/.doc/
doing parameter hide files = /.poppele/
doing parameter root preexec = /root/bin/studienplan-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/studienplan-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[intern]"
doing parameter comment = Share intern auf %L (Samba %v)
doing parameter path = /n/Intern
doing parameter writeable = yes
doing parameter browseable = no
doing parameter valid users = wp,fschneid,poppele
doing parameter create mask = 0640
doing parameter directory mode = 750
Processing section "[UsrShareDoc]"
doing parameter comment = /usr/share/doc auf %L (Samba %v)
doing parameter path = /usr/share/doc
doing parameter writeable = no
doing parameter browseable = no
doing parameter valid users = wp,fschneid,poppele
doing parameter create mask = 0640
doing parameter directory mode = 750
Processing section "[ideasteam]"
doing parameter comment = I-DEAS Team Verzeichnis auf %L (Samba %v)
doing parameter path = /n/home/ideasteam
doing parameter writeable = yes
doing parameter guest ok = yes
doing parameter browseable = yes
doing parameter guest account = guest
Global parameter guest account found in service section!
doing parameter map to guest = bad password
Global parameter map to guest found in service section!
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/AdvancedAnalysis/Design/FEM/.ideasteam.log/.backup/I-DEASKurs/
pm_process() returned Yes
adding IPC service
added interface ip=10.10.10.222 bcast=10.10.10.255 nmask=255.255.255.0
added interface ip=10.10.10.222 bcast=10.10.10.255 nmask=255.255.255.0
TimeInit: Serverzone is -3600
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain HKS  S-1-5-21-2407841754-3710589119-2075501539
Added domain BUILTIN  S-1-5-32
child daemon request 47
child daemon request 19
[ 1826]: list trusted domains
Added domain RZ  S-1-5-21-1038270140-2076475976-1641107025
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 47
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73cd bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73cd!
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73c4 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73c4!
child daemon request 13
[ 1826]: pam auth crap domain: RZ user: strack
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73ce bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73ce!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73cf bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73cf!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \NETLOGON fnum 0x73d0 bind request returned ok.
cli_net_req_chal: LSA Request Challenge from HKSPDC to \\LDAPSRV-BERLIN
cli_net_auth2: srv:\\LDAPSRV-BERLIN acct:HKS$ sc:4 mc: HKSPDC neg: 400701ff
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \NETLOGON fnum 0x73d1 bind request returned ok.
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d2 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d2!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d3 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d3!
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
child daemon request 49
[ 1826]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
WARNING: idmap backend is deprecated!
Initializing idmap domains
Initializing idmap alloc module
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
[    0]: sid to gid S-1-5-32-544
child daemon request 49
[ 1826]: sid to gid S-1-5-32-544
[    0]: ping
[    0]: ping
child daemon request 29
Failed to allocate new gidNumber. smbldap_modify() failed.
[    0]: sid to gid S-1-5-32-545
child daemon request 49
[ 1826]: sid to gid S-1-5-32-545
[    0]: ping
[    0]: ping
child daemon request 29
Failed to allocate new gidNumber. smbldap_modify() failed.
[    0]: sids to xids
child daemon request 50
[ 1826]: sids to unix ids
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesfully connected
winbindd: getentry.c:42: ldap_next_entry: Assertion `entry != ((void *)0)' failed.
===============================================================
INTERNAL ERROR: Signal 6 in pid 1830 (3.0.25pre1)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===============================================================
PANIC (pid 1830): internal error
BACKTRACE: 30 stack frames:
 #0 /opt/rz/samba/sbin/winbindd(log_stack_trace+0x27) [0x800ccf1b]
 #1 /opt/rz/samba/sbin/winbindd(smb_panic+0x7d) [0x800ccd6b]
 #2 /opt/rz/samba/sbin/winbindd [0x800b5dc5]
 #3 /opt/rz/samba/sbin/winbindd [0x800b5dd6]
 #4 /lib/libpthread.so.0 [0x40271825]
 #5 /lib/libc.so.6 [0x400df678]
 #6 /lib/libpthread.so.0(raise+0x2b) [0x4026ea7b]
 #7 /lib/libc.so.6(gsignal+0x44) [0x400df4d4]
 #8 /lib/libc.so.6(abort+0x178) [0x400e0a08]
 #9 /lib/libc.so.6(__assert_fail+0x10f) [0x400d8bbf]
 #10 /usr/lib/libldap_r.so.2(ldap_next_entry+0x70) [0x4008fdd0]
 #11 /opt/rz/samba/sbin/winbindd [0x802077a9]
 #12 /opt/rz/samba/sbin/winbindd [0x801ff9e2]
 #13 /opt/rz/samba/sbin/winbindd(idmap_sids_to_unixids+0x442) [0x802005d3]
 #14 /opt/rz/samba/sbin/winbindd(winbindd_dual_sids2xids+0x23e) [0x80066f42]
 #15 /opt/rz/samba/sbin/winbindd [0x8006452e]
 #16 /opt/rz/samba/sbin/winbindd [0x800661de]
 #17 /opt/rz/samba/sbin/winbindd [0x800640ab]
 #18 /opt/rz/samba/sbin/winbindd(async_request+0x1c1) [0x80063b5d]
 #19 /opt/rz/samba/sbin/winbindd [0x80066480]
 #20 /opt/rz/samba/sbin/winbindd(winbindd_sid2gid_async+0xec) [0x80067895]
 #21 /opt/rz/samba/sbin/winbindd(winbindd_sid_to_gid+0x145) [0x80056b95]
 #22 /opt/rz/samba/sbin/winbindd [0x8003c778]
 #23 /opt/rz/samba/sbin/winbindd [0x8003d40f]
 #24 /opt/rz/samba/sbin/winbindd [0x8003d224]
 #25 /opt/rz/samba/sbin/winbindd [0x8003cb54]
 #26 /opt/rz/samba/sbin/winbindd [0x8003db2b]
 #27 /opt/rz/samba/sbin/winbindd(main+0x731) [0x8003e5d0]
 #28 /lib/libc.so.6(__libc_start_main+0xc6) [0x400cbe36]
 #29 /opt/rz/samba/sbin/winbindd [0x8003c0e1]
dumping core in /opt/rz/samba-3.0.25pre1/var/cores/winbindd
[    0]: ping
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 47
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d4 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d4!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73c5 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73c5!
child daemon request 13
[ 1826]: pam auth crap domain: RZ user: strack
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d5 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d5!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d6 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d6!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d7 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d7!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d8 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x73d8!
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
[    0]: ping
[    0]: sid to gid S-1-5-32-544
===============================================================
INTERNAL ERROR: Signal 6 in pid 1826 (3.0.25pre1)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===============================================================
PANIC (pid 1826): internal error
BACKTRACE: 19 stack frames:
 #0 /opt/rz/samba/sbin/winbindd(log_stack_trace+0x27) [0x800ccf1b]
 #1 /opt/rz/samba/sbin/winbindd(smb_panic+0x7d) [0x800ccd6b]
 #2 /opt/rz/samba/sbin/winbindd [0x800b5dc5]
 #3 /opt/rz/samba/sbin/winbindd [0x800b5dd6]
 #4 /lib/libpthread.so.0 [0x40271825]
 #5 /lib/libc.so.6 [0x400df678]
 #6 /lib/libpthread.so.0(raise+0x2b) [0x4026ea7b]
 #7 /lib/libc.so.6(gsignal+0x44) [0x400df4d4]
 #8 /lib/libc.so.6(abort+0x178) [0x400e0a08]
 #9 /opt/rz/samba/sbin/winbindd [0x800afa29]
 #10 /opt/rz/samba/sbin/winbindd(talloc_get_name+0x1e) [0x800b07af]
 #11 /opt/rz/samba/sbin/winbindd(talloc_check_name+0x35) [0x800b0836]
 #12 /opt/rz/samba/sbin/winbindd(talloc_check_name_abort+0x21) [0x800cfbe0]
 #13 /opt/rz/samba/sbin/winbindd [0x80063b8b]
 #14 /opt/rz/samba/sbin/winbindd [0x8003ca35]
 #15 /opt/rz/samba/sbin/winbindd [0x8003db2b]
 #16 /opt/rz/samba/sbin/winbindd(main+0x731) [0x8003e5d0]
 #17 /lib/libc.so.6(__libc_start_main+0xc6) [0x400cbe36]
 #18 /opt/rz/samba/sbin/winbindd [0x8003c0e1]
dumping core in /opt/rz/samba-3.0.25pre1/var/cores/winbindd
Got invalid request length: 0
Got invalid request length: 0
-------------- next part --------------
winbindd version 3.0.25pre1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2007
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter name resolve order = wins lmhosts bcast host
doing parameter workgroup = HKS
doing parameter log level = 2
doing parameter log file = /var/log/samba/samba.log
doing parameter max log size = 0
doing parameter deadtime = 5
doing parameter smb ports = 445 139
doing parameter add machine script = /root/bin/addmachine "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter logon path = \\HKSPDC1\profiles\%u
doing parameter domain logons = Yes
doing parameter os level = 255
doing parameter preferred master = Yes
doing parameter domain master = Yes
doing parameter wins support = Yes
doing parameter winbind cache time = 3000
doing parameter winbind enum groups = no
doing parameter winbind enum users = no
doing parameter winbind trusted domains only = yes
doing parameter winbind use default domain = no
doing parameter winbind enum users = no
doing parameter winbind enum groups = no
doing parameter remote browse sync = 129.187.244.178
doing parameter passdb backend = smbpasswd
doing parameter force unknown acl user = yes
doing parameter interfaces = eth0
doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=32768 SO_RCVBUF=32768 SO_KEEPALIVE
doing parameter ldap suffix = dc=fhm,dc=edu
doing parameter ldap machine suffix = ou=computers
doing parameter ldap user suffix = ou=people
doing parameter ldap group suffix = ou=group
doing parameter ldap ssl = start_tls
doing parameter ldap timeout = 3
doing parameter idmap domains = RZ
doing parameter idmap config RZ: range = 1-50000
doing parameter idmap config RZ: readonly = yes
doing parameter idmap config RZ: backend = ldap
doing parameter idmap config RZ: ldap_url = ldap:"ldap://129.187.244.99:389 ldap://10.27.120.100"
doing parameter idmap config RZ: ldap_anon = no
doing parameter idmap config RZ: ldap_user_dn = uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot
doing parameter idmap config RZ: ldap_base_dn = dc=fhm,dc=edu
doing parameter logon script = logon.bat
doing parameter time server = yes
doing parameter add user script = /root/bin/useradd "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[netlogon]"
doing parameter comment = netlogon on %L (Samba %v)
doing parameter path = /n/home/netlogon/%a
doing parameter browseable = No
doing parameter read only = Yes
doing parameter root preexec = /root/bin/netlogon-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/netlogon-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[profiles]"
doing parameter comment = profiles on %L (Samba %v)
doing parameter path = /n/home/profiles/%a
doing parameter writeable = yes
doing parameter browseable = no
doing parameter browseable = yes
doing parameter create mode = 0600
doing parameter directory mode = 0700
doing parameter root preexec = /root/bin/profiles-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/profiles-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[homes]"
doing parameter comment = Heimatverzeichnis von %U auf %L (Samba %v)
doing parameter path = /n/home/%G/%U
doing parameter writeable = yes
doing parameter browsable = no
doing parameter create mode = 0644
doing parameter directory mode = 755
doing parameter root preexec = /root/bin/homes-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/homes-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[transfer]"
doing parameter comment = Transfer-Laufwerk auf %L (Samba %v)
doing parameter path = /n/home/transfer
doing parameter writeable = yes
doing parameter create mode = 0666
doing parameter create mode = 0644
doing parameter create mode = 0664
doing parameter directory mode = 755
doing parameter browseable = yes
doing parameter browsable = no
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/
doing parameter create mode = 0744
doing parameter map archive = yes
Processing section "[catdoc]"
doing parameter comment = "Catia Documentation and Settings" auf %L (Samba %v)
doing parameter path = /n/catiadocu
doing parameter volume = Catia Documentation and Settings
doing parameter writeable = yes
Processing section "[ati]"
doing parameter comment = Acronis True Image auf %L (Samba %v)
doing parameter path = /n/AcronisTrueImage
doing parameter volume = Acronis True Image
doing parameter writeable = yes
doing parameter browseable = yes
Processing section "[sperl]"
doing parameter comment = sperl auf %L (Samba %v)
doing parameter path = /n/home/fb03/sperl
doing parameter writeable = yes
doing parameter create mode = 0666
doing parameter create mode = 0644
doing parameter create mode = 0660
doing parameter directory mode = 770
doing parameter browseable = yes
Processing section "[pruetransfer]"
doing parameter comment = Transferlaufwerk fuer die Pruefungsaufgaben auf %L (Samba %v)
doing parameter path = /n/home/pruetransfer
doing parameter writeable = yes
doing parameter browseable = yes
doing parameter browseable = no
Processing section "[prueergebnisse]"
doing parameter comment = Share fuer die Pruefungsergebnisse auf %L (Samba %v)
doing parameter path = /n/home/prue
doing parameter writeable = yes
doing parameter browseable = no
doing parameter create mask = 0660
doing parameter directory mode = 750
doing parameter valid users = @prof
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/
Processing section "[studienplan]"
doing parameter comment = Share fuer die Studienplanung FB 03 auf %L (Samba %v)
doing parameter path = /n/home/studienplan
doing parameter writeable = yes
doing parameter browseable = yes
doing parameter create mask = 0640
doing parameter directory mode = 750
doing parameter valid users = @stdpln
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/.doc/
doing parameter hide files = /.poppele/
doing parameter root preexec = /root/bin/studienplan-pre  "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
doing parameter root postexec = /root/bin/studienplan-post "%U" "%M" "%u" "%m" "%L" "%I" "%G" "%H" "%P" "%S" "%v" "%N" "%p" "%R" "%d" "%a" "%T" "%D" "%g" "%h"
Processing section "[intern]"
doing parameter comment = Share intern auf %L (Samba %v)
doing parameter path = /n/Intern
doing parameter writeable = yes
doing parameter browseable = no
doing parameter valid users = wp,fschneid,poppele
doing parameter create mask = 0640
doing parameter directory mode = 750
Processing section "[UsrShareDoc]"
doing parameter comment = /usr/share/doc auf %L (Samba %v)
doing parameter path = /usr/share/doc
doing parameter writeable = no
doing parameter browseable = no
doing parameter valid users = wp,fschneid,poppele
doing parameter create mask = 0640
doing parameter directory mode = 750
Processing section "[ideasteam]"
doing parameter comment = I-DEAS Team Verzeichnis auf %L (Samba %v)
doing parameter path = /n/home/ideasteam
doing parameter writeable = yes
doing parameter guest ok = yes
doing parameter browseable = yes
doing parameter guest account = guest
Global parameter guest account found in service section!
doing parameter map to guest = bad password
Global parameter map to guest found in service section!
doing parameter veto files = /*.bak*/*.setperm*/*save*/*.doit*/*.dateiliste*/AdvancedAnalysis/Design/FEM/.ideasteam.log/.backup/I-DEASKurs/
pm_process() returned Yes
adding IPC service
added interface ip=10.10.10.222 bcast=10.10.10.255 nmask=255.255.255.0
added interface ip=10.10.10.222 bcast=10.10.10.255 nmask=255.255.255.0
TimeInit: Serverzone is -3600
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Added domain HKS  S-1-5-21-2407841754-3710589119-2075501539
Added domain BUILTIN  S-1-5-32
child daemon request 47
child daemon request 19
[ 2035]: list trusted domains
Added domain RZ  S-1-5-21-1038270140-2076475976-1641107025
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 47
get_dc_list: preferred server list: ", *"
resolve_wins: Attempting wins lookup for name RZ<0x1c>
wins_srv_is_dead: 127.0.0.1 is alive
resolve_wins: using WINS server 127.0.0.1 and tag '*'
nmb packet from 127.0.0.1(137) header: id=3627 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=RZ<1c> rr_type=32 rr_class=1 ttl=518400
    answers   0 char ......   hex E000C0A80101
Got a positive name query response from 127.0.0.1 ( 192.168.1.1 )
get_dc_list: returning 1 ip addresses in an unordered list
get_dc_list: 192.168.1.1:0 
fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable)
send_mailslot: Sending to mailslot \MAILSLOT\NET\NTLOGON from HKSPDC<00> to RZ<1c> IP 192.168.1.1
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c2 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c2!
cm_get_ipc_userpass: No auth-user defined
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
authenticated session setup failed with Logon failure
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c7 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c7!
child daemon request 13
[ 2035]: pam auth crap domain: RZ user: strack
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c3 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c3!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c4 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c4!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \NETLOGON fnum 0x74c5 bind request returned ok.
cli_net_req_chal: LSA Request Challenge from HKSPDC to \\LDAPSRV-BERLIN
cli_net_auth2: srv:\\LDAPSRV-BERLIN acct:HKS$ sc:4 mc: HKSPDC neg: 400701ff
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \NETLOGON fnum 0x74c6 bind request returned ok.
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c7 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c7!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c8 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c8!
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
child daemon request 49
[ 2035]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: sid to gid S-1-5-32-544
child daemon request 49
[ 2035]: sid to gid S-1-5-32-544
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: ping
child daemon request 29
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: sid to gid S-1-5-32-545
child daemon request 49
[ 2035]: sid to gid S-1-5-32-545
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: ping
child daemon request 29
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: sids to xids
child daemon request 50
[ 2035]: sids to unix ids
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
idmap_sids_to_unixids returned an error: 0xc0000001
[    0]: ping
[    0]: request interface version
[    0]: request location of privileged pipe
[    0]: pam auth crap domain: [RZ] user: strack
child daemon request 47
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c9 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c9!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c8 bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74c8!
child daemon request 13
[ 2035]: pam auth crap domain: RZ user: strack
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74ca bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74ca!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cb bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cb!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cc bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cc!
rpc_pipe_bind: Remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cd bind request returned ok.
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine LDAPSRV-BERLIN pipe \lsarpc fnum 0x74cd!
[    0]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
child daemon request 49
[ 2035]: sid to gid S-1-5-21-1038270140-2076475976-1641107025-7015
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: sid to gid S-1-5-32-544
child daemon request 49
[ 2035]: sid to gid S-1-5-32-544
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: ping
child daemon request 29
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: sid to gid S-1-5-32-545
child daemon request 49
[ 2035]: sid to gid S-1-5-32-545
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: ping
[    0]: ping
child daemon request 29
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
[    0]: sids to xids
child daemon request 50
[ 2035]: sids to unix ids
Initializing idmap domains
get_credentials: Unable to fetch auth credentials for uid=admin_ro,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot in RZ
idmap_ldap_db_init: Failed to get connection credentials (NT_STATUS_ACCESS_DENIED)
ERROR: Initialization failed for backend ldap (domain RZ)
Aborting IDMAP Initialization ...
idmap_sids_to_unixids returned an error: 0xc0000001
[    0]: ping
Got invalid request length: 0
Got invalid request length: 0
Got invalid request length: 0

More information about the samba mailing list