Trying to build statically linked nss-winbind & pam-winbind
L.P.H. van Belle
belle at bazuin.nl
Tue Oct 11 12:04:16 UTC 2016
Hai,
Saw you message on samba-technical.
Have you tried to change you nsswitch.conf to this setup.
winbind [success=return notfound=continue unavail=continue tryagain=continue] compat
which seems more logical to me.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba-technical [mailto:samba-technical-bounces at lists.samba.org]
> Namens Louis Bouchard
> Verzonden: dinsdag 11 oktober 2016 12:01
> Aan: Andreas Schneider; samba-technical at lists.samba.org
> Onderwerp: Re: Trying to build statically linked nss-winbind & pam-winbind
>
> Hello,
>
> Le 10/10/2016 18:48, Andreas Schneider a écrit :
> > On Monday, 10 October 2016 17:56:23 CEST Louis Bouchard wrote:
> >> Hello,
> >>
> >> I am working in fixing Ubuntu[1] and Debian[2] bugs occuring when
> upgrading
> >> the libnss-winbind and libpam-winbind packages.
> >>
> >> One option is to provide those libraries as statically linked to avoid
> ABI
> >> breakage when upgrading. This has happened when commands were expecting
> the
> >> old library while the new one is in place.
> >
> > This will not work. There is a protocol used between libwbclient and
> winbind.
> > These packages NEED to be the same version. If you link pam_winbind and
> > nss_winbind statically and winbind gets updated it is likely that your
> module
> > it not able to talk to winbind anymore!
> >
> > The PAM and NSS module and libwbclient need to be updated together with
> > winbind.
> >
> > When upgrading PAM and NSS module, the machine probably needs a reboot
> so that
> > changes are applied.
> >
> >
> > To make it clear this is not a Samba issue! It is how PAM and NSS works
> ...
> >
> >
> > Cheers,
> >
> >
> > -- andreas
> >
>
> First of all, thanks Andreas for your quick reply. While I agree with your
> statement, maybe I wasn't clear enough on explaining the problem : The
> issue
> occurs when UPGRADING the libnss-winbind and/or libpam-winbind along with
> winbind and libwbclient (they all depend on each other from a packaging
> point of
> view).
>
> If the following configuration exists in /etc/nsswitch.conf :
>
> passwd: winbind compat
>
> there is a window of "opportunity" where commands issued by the packaging
> scripts may do dlopen on the new winbind libraries while the *new* shared
> libraries part of the samba-lib packages are not yet available. This can
> lead to
> SEGV from those commands, which is exactly what happened during a samba
> package
> upgrade (see LP: #1584485 [1]).
>
> Being able to statically link libnss-winbind and libpam-winbind especially
> against the libraries that are part of the samba-lib packages would
> alleviate
> this situation and allow a safe upgrade path for their package.
>
> Kind regards,
>
> ..Louis
>
>
> [1] https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485
> --
> Louis Bouchard
> Software engineer,
> Ubuntu Developer / Debian Maintainer
> GPG : 429D 7A3B DD05 B6F8 AF63 B9C4 8B3D 867C 823E 7A61
More information about the samba-technical
mailing list