ldapsam failure in 2.2.8 on OSX-10.2.4, yet working fine in 2.2.5
satadru at umich.edu
satadru at umich.edu
Mon Mar 31 02:58:33 GMT 2003
Background:
I have a externally firewalled server running OS X Server, on which I have
compiled samba 2.2.5 with ldapsam using the Makefile for samba on the Apple
Public CVS servers (attached), since the version of Samba that comes with
OS X Server does not have ldap support compiled in (Which I need to use
Samba as a PDC that authenticates against the builtin ldap server).
The ONLY changes I made to get samba to compile were to remove an
unnecessary LDFLAGS=-lresolv in the configure generated Makefile (only
relevant for 2.2.5, fixed by 2.2.8), and adding --with-ldapsam and a
--disable-cups to the configure options in the Apple Makefile.
Upon hearing of the recent security advisory and recommended update to
2.2.8 (and receiving and having to reinstall samba 2.2.5 on top of more
recent apple software updates), I downloaded 2.2.8 and compiled using the
exact same methodology as with 2.2.5:
extract 2.2.8
copy the Apple Makefile to the top directory of the samba source tree
run make
Problem:
Samba 2.2.8 successfully compiles, but when used to share a filesystem,
consistently has a "PANIC: failed to set gid" right after it gets through
successfully authenticating the password to the ldap server.
Thinking that perhaps this was a problem with my compiler setup (or some
problem that has exhibited itself through the various OS updates that have
come out since I first installed 10.2) I recompiled 2.2.5. 2.2.5 works
just fine.
I also pulled SAMBA_2_2 from cvs, and had the same problem. I have not
backtracked through CVS to find the exact date of failure, but if
necessary, I can do so to track down the problem. Any assistance with
tracking down this problem would be appreciated.
Any other useful data and logs can be made available upon request.
Sincerely
Satadru Pramanik
Systems Administrator
Intercooperative Council at the University of Michigan
Details:
All of the following output is from trying to open a connection to the same
share on the server.
Smbd log output at point of failure in 2.2.8
[2003/03/30 14:28:45, 2] passdb/pdb_ldap.c:get_single_attribute(441)
get_single_attribute: [acctFlags] = [[U ]]
[2003/03/30 14:28:45, 0] lib/util_sec.c:assert_gid(111)
Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0)
[2003/03/30 14:28:45, 0] lib/util.c:smb_panic(1094)
PANIC: failed to set gid
[2003/03/30 14:28:55, 2] smbd/reply.c:reply_special(91)
This as opposed to that of a working 2.2.5 at the exact same point:
[2003/03/30 14:42:30, 2] passdb/pdb_ldap.c:get_single_attribute(360)
get_single_attribute: [acctFlags] = [[U ]]
[2003/03/30 14:42:30, 2] smbd/open.c:open_file(230)
satadru opened file startup.cmd read=Yes write=No (numopen=2)
[2003/03/30 14:42:30, 2] smbd/open.c:open_file(230)
satadru opened file startup.cmd read=Yes write=No (numopen=3)
[2003/03/30 14:42:30, 2] smbd/close.c:close_normal_file(211)
Here is output from running the 2.2.8 smbd -i (with log level of 10):
smb_password_ok: Checking SMB password for user satadru
smb_password_ok: challenge received
smb_password_ok: Checking NT MD4 password
smb_password_ok: NT MD4 password check succeeded
lp_servicenumber: couldn't find satadru
adding home directory satadru at /Volumes/Data/Home/satadru
register_vuid: (1000,1000) satadru satadru ICC guest=0
register_vuid: allocated vuid = 100
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0)
PANIC: failed to set gid
working 2.2.5 output of smbd -i (with log level of 10):
smb_password_ok: Checking SMB password for user satadru
smb_password_ok: challenge received
smb_password_ok: Checking NT MD4 password
smb_password_ok: NT MD4 password check succeeded
lp_servicenumber: couldn't find satadru
adding home directory satadru at /Volumes/Data/Home/satadru
register_vuid: (1000,1000) satadru satadru ICC guest=0
register_vuid: allocated vuid = 101
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
get_current_groups: user is in 3 groups: 1000, 20, 42
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_current_groups: user is in 3 groups: 0, 20, 42
uid_to_sid: local 1000 -> <SID HERE>
gid_to_sid: local 1000 -> <SID HERE>
(this keeps going as this smbd doesn't panic)
--
satadru at umich.edu
For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled.
-R. P. Feynman,
Personal observations on the reliability of the Shuttle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 1880 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030330/0fb8dbde/Makefile.obj
More information about the samba-technical
mailing list