ldapsam failure in 2.2.8 on OSX-10.2.4, yet working fine in 2.2.5

satadru at umich.edu satadru at umich.edu
Mon Mar 31 02:58:33 GMT 2003 

Background:

I have a externally firewalled server running OS X Server, on which I have 
compiled samba 2.2.5 with ldapsam using the Makefile for samba on the Apple 
Public CVS servers (attached), since the version of Samba that comes with 
OS X Server does not have ldap support compiled in (Which I need to use 
Samba as a PDC that authenticates against the builtin ldap server).

The ONLY changes I made to get samba to compile were to remove an 
unnecessary LDFLAGS=-lresolv in the configure generated Makefile (only 
relevant for 2.2.5, fixed by 2.2.8), and  adding --with-ldapsam and a 
--disable-cups to the configure options in the Apple Makefile.

Upon hearing of the recent security advisory and recommended update to 
2.2.8 (and receiving and having to reinstall samba 2.2.5 on top of more 
recent apple software updates), I downloaded 2.2.8 and compiled using the 
exact same methodology as with 2.2.5:

extract 2.2.8
copy the Apple Makefile to the top directory of the samba source tree
run make


Problem:

Samba 2.2.8 successfully compiles, but when used to share a filesystem, 
consistently has a "PANIC: failed to set gid" right after it gets through 
successfully authenticating the password to the ldap server.

Thinking that perhaps this was a problem with my compiler setup (or some 
problem that has exhibited itself through the various OS updates that have 
come out since I first installed 10.2) I recompiled 2.2.5.  2.2.5 works 
just fine.

I also pulled SAMBA_2_2 from cvs, and had the same problem.  I have not 
backtracked through CVS to find the exact date of failure, but if 
necessary, I can do so to track down the problem.  Any assistance with 
tracking down this problem would be appreciated.

Any other useful data and logs can be made available upon request.

Sincerely
Satadru Pramanik
Systems Administrator
Intercooperative Council at the University of Michigan

Details:

All of the following output is from trying to open a connection to the same 
share on the server.

Smbd log output at point of failure in 2.2.8

[2003/03/30 14:28:45, 2] passdb/pdb_ldap.c:get_single_attribute(441)
  get_single_attribute: [acctFlags] = [[U        ]]
[2003/03/30 14:28:45, 0] lib/util_sec.c:assert_gid(111)
  Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0)
[2003/03/30 14:28:45, 0] lib/util.c:smb_panic(1094)
  PANIC: failed to set gid

[2003/03/30 14:28:55, 2] smbd/reply.c:reply_special(91)


This as opposed to that of a working 2.2.5 at the exact same point:

[2003/03/30 14:42:30, 2] passdb/pdb_ldap.c:get_single_attribute(360)
  get_single_attribute: [acctFlags] = [[U        ]]
[2003/03/30 14:42:30, 2] smbd/open.c:open_file(230)
  satadru opened file startup.cmd read=Yes write=No (numopen=2)
[2003/03/30 14:42:30, 2] smbd/open.c:open_file(230)
  satadru opened file startup.cmd read=Yes write=No (numopen=3)
[2003/03/30 14:42:30, 2] smbd/close.c:close_normal_file(211)


Here is output from running the 2.2.8 smbd -i (with log level of 10):

smb_password_ok: Checking SMB password for user satadru
smb_password_ok: challenge received
smb_password_ok: Checking NT MD4 password
smb_password_ok: NT MD4 password check succeeded
lp_servicenumber: couldn't find satadru
adding home directory satadru at /Volumes/Data/Home/satadru
register_vuid: (1000,1000) satadru satadru ICC guest=0
register_vuid: allocated vuid = 100
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0)
PANIC: failed to set gid

working 2.2.5 output of smbd -i (with log level of 10):

smb_password_ok: Checking SMB password for user satadru
smb_password_ok: challenge received
smb_password_ok: Checking NT MD4 password
smb_password_ok: NT MD4 password check succeeded
lp_servicenumber: couldn't find satadru
adding home directory satadru at /Volumes/Data/Home/satadru
register_vuid: (1000,1000) satadru satadru ICC guest=0
register_vuid: allocated vuid = 101
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
get_current_groups: user is in 3 groups: 1000, 20, 42
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_current_groups: user is in 3 groups: 0, 20, 42
uid_to_sid: local 1000 -> <SID HERE>
gid_to_sid: local 1000 -> <SID HERE>

(this keeps going as this smbd doesn't panic)




--
satadru at umich.edu
For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled.
-R. P. Feynman,
Personal observations on the reliability of the Shuttle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Makefile
Type: application/octet-stream
Size: 1880 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030330/0fb8dbde/Makefile.obj

More information about the samba-technical mailing list