[Samba] Error "The remote procedure call was cancelled"
mallapadi niranjan
niranjan.ashok at gmail.com
Thu Feb 23 07:34:43 GMT 2006
Hi jerry
I have reproduced the same error, in samba 3.0.21b with openldap 2.3.19 .
i have created 70 groups starting from test1-test70 and created a user
called nir
and add nir to these 70 groups, and
tried to login with smbclient
the below command i gave when the samba was running in daemon mode and not
in interactive mode.
smbclient //testbdc/nir -U nir%nir
it showed the following error
"session setup failed call timed out server did not respond after 20000
milliseconds"
in slapd.conf i have setup timelimit to 50seconds
and in smb.conf ldap timeout is 50 seconds
next time i have run the samba in interactive mode with debug level 10
then i gave the following command
smbclient //testbdc/nir -U nir%nir
it gave the following error
"Session setup failed call returned zero bytes"
and samba got killed with the following error
*** glibc detected *** double free or corruption (!prev): 0x09af63b0 ***
Aborted
>From Windows system it was the same error
""Remote procedure call was cancelled""
The attached file is called stacktrace. plese check it ,
The above error occurs only to users who belong to many groups, this error
does not come
when user is in 10 or 20 groups.
The following is my smb.conf
##########################################
#======================= Global Settings
=====================================
[global]
workgroup = msdpl.com
netbios name = testbdc
passdb backend = ldapsam:ldap://msdpl.com
server string = Domain Controller
hosts allow = 192.168.128. 192.168.129. 192.168.130. 127.
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth0, lo
printing = cups
disable spoolss = Yes
printcap name = cups
max print jobs = 100
enable privileges = yes
password level = 8
username level = 8
bind interfaces only = yes
local master = Yes
os level = 65
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
domain logons = yes
logon script = %u.bat
logon path =
logon drive = X:
logon home = \\testbdc\%U
wins support = yes
name resolve order = wins lmhosts host bcast
log level = 10
dns proxy = no
time server = yes
log file = /var/log/samba/%U.%m.log
max log size = 0
nt acl support = yes
ldap passwd sync = yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%m"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
ldap delete dn = Yes
ldap ssl = no
ldap suffix = dc=msdpl,dc=com
ldap admin dn = cn=manager,dc=msdpl,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap timeout = 50
idmap backend = ldap:ldap://192.168.129.18
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
winbind use default domain = yes
template shell = /bin/bash
################[Share Definations]##################
[homes]
comment = Home Directories
valid users = %S
browseable = no
read only = no
nt acl support = Yes
# Un-comment the following and create the netlogon directory for Domain
Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon/scripts
guest ok = yes
browseable = no
write list = root
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0600
guest ok = Yes
printable = yes
use client driver = Yes
browseable = no
#########################################################################
slapd.conf
##############################################################################
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/ldap-2.3/etc/openldap/schema/core.schema
include /usr/local/ldap-2.3/etc/openldap/schema/cosine.schema
include /usr/local/ldap-2.3/etc/openldap/schema/inetorgperson.schema
include /usr/local/ldap-2.3/etc/openldap/schema/nis.schema
include /usr/local/ldap-2.3/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/ldap-2.3/var/run/slapd.pid
argsfile /usr/local/ldap-2.3/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/ldap-2.3/libexec/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=msdpl,dc=com"
rootdn "cn=manager,dc=msdpl,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
timelimit 50
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/ldap-2.3/var/openldap-data
# Indices to maintain
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index loginShell eq,pres
index nisMapName,nisMapEntry eq,pres,sub
index displayName eq,pres,sub
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index default sub
access to
attrs=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Users,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Guests,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Print Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Backup Operators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Replicators,ou=Groups,dc=msdpl,dc=com" write
by anonymous auth
by * none
# some attributes need to be readable anonymously so that 'id user' can
answer correctly
access to
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by * read
# somme attributes can be writable by users themselves
access to
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by * read
# some attributes need to be writable for samba
access to dn.base="dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new users account
access to dn="ou=People,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=msdpl,dc=com"
by dn="cn=nns,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=kk1438,ou=People,dc=msdpl,dc=com" write
by dn="cn=Domain Admins,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Administrators,ou=Groups,dc=msdpl,dc=com" write
by dn="cn=Account Operators,ou=Groups,dc=msdpl,dc=com" write
by * none
access to * by * read
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com at EXAMPLE.COM
###############################################################################
Please help me jerry.
Regards
Niranjan
More information about the samba
mailing list