[Samba] Accessing member server prompts for credentials

Fri Jun 20 17:28:57 GMT 2008

On Fri, Jun 20, 2008 at 08:29:52AM +0000, Leon Stringer wrote:
> > From: Jeremy Allison <jra at samba.org>
> > Date: 2008/06/19 Thu PM 04:58:55 GMT
> > To: Leon Stringer <leon.stringer at ntlworld.com>
> > CC: samba at lists.samba.org
> > Subject: Re: [Samba] Accessing member server prompts for credentials
> > 
> > On Thu, Jun 19, 2008 at 10:08:34AM +0000, Leon Stringer wrote:
> > > 
> > > Toby: thanks for prompting me, I had missed those comments. I've configured nsswitch.conf hopefully correctly.
> > > 
> > > And when I do wbinfo -t I get:
> > > 
> > >   the trust secret via RPC calls succeeded
> > > 
> > > but only for the first five minutes after starting winbindd. After 
> > > five minutes I get:
> > > 
> > >   checking the trust secret via RPC calls failed
> > >   error code was  (0x0)
> > >   Could not check secret
> > > 
> > > wbinfo -u does not work at any point.
> > > 
> > > log.winbindd-idmap says:
> > > 
> > > [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182)
> > >   async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it.
> > > [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229)
> > >   Could not receive trustdoms
> > > 
> > > Any more advice gratefully received.
> > 
> > What Samba version is this please ? Looks like a bug I've fixed
> > recently.
> > 
> 
> 3.0.30 (Fedora 8 package).

Yep, this is definately something I fixed recently. Here is
the patch. If you aren't able to apply it, Jerry is planning
3.0.31 (soon) to address this.

Jeremy.
-------------- next part --------------

diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c
index 636d635..c79bb46 100644
--- a/source/nsswitch/winbindd.c
+++ b/source/nsswitch/winbindd.c
@@ -117,14 +117,21 @@ static void flush_caches(void)
 
 /* Handle the signal by unlinking socket and exiting */
 
-static void terminate(void)
+static void terminate(bool in_parent)
 {
-	pstring path;
-
-	/* Remove socket file */
-	pstr_sprintf(path, "%s/%s", 
-		 WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
-	unlink(path);
+	if (in_parent) {
+		/* When parent goes away we should
+		 * remove the socket file. Not so
+		 * when children terminate.
+		 */ 
+
+		pstring path;
+
+		/* Remove socket file */
+		pstr_sprintf(path, "%s/%s", 
+			WINBINDD_SOCKET_DIR, WINBINDD_SOCKET_NAME);
+		unlink(path);
+	}
 
 	idmap_close();
 	
@@ -731,10 +738,10 @@ void winbind_check_sighup(void)
 }
 
 /* check if TERM has been received */
-void winbind_check_sigterm(void)
+void winbind_check_sigterm(bool in_parent)
 {
 	if (do_sigterm)
-		terminate();
+		terminate(in_parent);
 }
 
 /* Process incoming clients on listen_sock.  We use a tricky non-blocking,
@@ -901,7 +908,7 @@ static void process_loop(void)
 
 	/* Check signal handling things */
 
-	winbind_check_sigterm();
+	winbind_check_sigterm(true);
 	winbind_check_sighup();
 
 	if (do_sigusr2) {
diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index 7176a25..7b79734 100644
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -1005,7 +1005,7 @@ static BOOL fork_domain_child(struct winbindd_child *child)
 		main_loop_TALLOC_FREE();
 
 		/* check for signals */
-		winbind_check_sigterm();
+		winbind_check_sigterm(false);
 		winbind_check_sighup();
 
 		run_events(winbind_event_context(), 0, NULL, NULL);
