[Samba] RE: Winbind issue

Robert Mattson R.Mattson at latrobe.edu.au
Sun Jun 1 08:40:24 GMT 2008 

I have run a debug level 10, and removed the option "PASSWORD SERVER"
from the configuration file since my last email.
Also since the last post I have checked to ensure I'm using gcc 4.1.2 by changing the profile correctly, which I'd not done in the past.

I think that removing password server got rid of the Referrer loop...

Anyway, if someone has any suggestions - I'd really appreciate it.

This is the output I get in /var/log/samba/winbind.log

/etc/init.d/samba start
Wbinfo -u
Wbinfo -g
Getent passwd
.
.
srvr sam # wbinfo -p
Ping to winbindd succeeded on fd 4
srvr sam # wbinfo -p
Ping to winbindd succeeded on fd 4
srvr sam # wbinfo -p
Ping to winbindd failed on fd -1
could not ping winbindd!


<SNIP>
.
.
[2008/06/01 18:16:25, 10] nsswitch/idmap_cache.c:idmap_cache_set(176)
  Adding cache entry with key = IDMAP/UID/68673; value =   1212309085/IDMAP/SID/<snip> and timeout = Sun Jun  1 18:31:25 2008
   (900 seconds ahead)
[2008/06/01 18:16:25, 10] nsswitch/idmap_util.c:idmap_sid_to_gid(145)
  idmap_sid_to_gid: sid = [<snip>]
[2008/06/01 18:16:25, 10] nsswitch/idmap_cache.c:idmap_cache_map_sid(423)
  Returning valid cache entry: key = IDMAP/SID/<snip>, value = IDMAP/GID/15016, timeout = Sun Jun  1 18:31:00 2008
[2008/06/01 18:16:25, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn GETPWENT
[2008/06/01 18:16:25, 3] nsswitch/winbindd_user.c:winbindd_getpwent(636)
  [10129]: getpwent
[2008/06/01 18:16:25, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn ENDPWENT
[2008/06/01 18:16:25, 3] nsswitch/winbindd_user.c:winbindd_endpwent(521)
  [10129]: endpwent
[2008/06/01 18:17:16, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2008/06/01 18:17:16, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2008/06/01 18:17:16, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [10130]: request interface version
[2008/06/01 18:17:16, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2008/06/01 18:17:16, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [10130]: request location of privileged pipe
[2008/06/01 18:17:16, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2008/06/01 18:17:16, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn PING
[2008/06/01 18:17:16, 3] nsswitch/winbindd_misc.c:winbindd_ping(470)
  [10130]: ping
[2008/06/01 18:17:18, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2008/06/01 18:17:18, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2008/06/01 18:17:18, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [10131]: request interface version
[2008/06/01 18:17:18, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2008/06/01 18:17:18, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [10131]: request location of privileged pipe
[2008/06/01 18:17:18, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2008/06/01 18:17:18, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn PING
[2008/06/01 18:17:18, 3] nsswitch/winbindd_misc.c:winbindd_ping(470)
  [10131]: ping
[2008/06/01 18:17:30, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 25
[2008/06/01 18:17:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn INTERFACE_VERSION
[2008/06/01 18:17:30, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(491)
  [10132]: request interface version
[2008/06/01 18:17:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2008/06/01 18:17:30, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
  [10132]: request location of privileged pipe
[2008/06/01 18:17:30, 6] nsswitch/winbindd.c:new_connection(628)
  accepted socket 26
[2008/06/01 18:17:30, 10] nsswitch/winbindd.c:process_request(314)
  process_request: request fn PING
[2008/06/01 18:17:30, 3] nsswitch/winbindd_misc.c:winbindd_ping(470)
  [10132]: ping
[2008/06/01 18:17:41, 10] lib/events.c:event_add_timed(129)
  Added timed event "async_request_timeout": 5555559b4c00
[2008/06/01 18:17:41, 10] lib/events.c:get_timed_events_timeout(295)
  timed_events_timeout: 299/999853
[2008/06/01 18:17:41, 10] lib/events.c:timed_event_destructor(66)
  Destroying timed event 5555559b4c00 "async_request_timeout"
[2008/06/01 18:17:41, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2307)
  Retrieving response for pid 10133
[2008/06/01 18:17:41, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2329)
  Retrieving extra data length=124

----

My config file:
[global]
        netbios name = FSDP-PRIME
        workgroup = doma
        realm = doma.EDU.AU
        idmap uid = 15000-200000
        idmap gid = 15000-200000
        loglevel = 10
        server string = SAMBA SERVER #2
        interfaces = <snip>
        load printers = no
        log file = /var/log/samba/%m.log
        max log size = 500000
        security = ADS
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        wins server = dnsa dnsb
        dns proxy = no
        ea support = yes
        winbind enum users = yes
        winbind enum groups = yes
[homes]
        comment = Home Directory
        browseable = no
        create mask = 0777
        directory mask = 0777
        valid users = +doma\\homedir
        writable = yes
.
.
.




Rob

________________________________________

All,
After upgrading to samba 3.0.30 on gentoo amd64 because of my recent best friend CVE-2008-1105

My winbind daemon is 'hanging up', and refusing to respond to pings after a few minutes of activity.
Wbinfo -u, getent passwd all work successfully, then after a bit wbinfo -p just tells me winbind dies.
I have 3.0.30/winbind on another machine, also amd64 that is working.... So I'm a little confused. (the patch levels and kernels are different on the two machines)

The failing server has mit-krb5-1.6.3-r1 openldap-2.3.41 and kernel 2.6.16-gentoo-r9
Glibc-2.6.1
gcc version 3.4.4 (Gentoo 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)

This is an excerpt of the log at the point winbind dies;
At the point this excerpt stops, winbind establishes a hundred or so connections with ads,
I've snipped it for brevity.


[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:16:31, 1] nsswitch/winbindd_ads.c:query_user_list(209)
  Not a user account? atype=0x30000000
[2008/06/01 00:17:53, 1] nsswitch/idmap.c:idmap_init(377)
  Initializing idmap domains
[2008/06/01 00:17:53, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
[2008/06/01 00:17:53, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
[2008/06/01 00:17:54, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
[2008/06/01 00:17:54, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
[2008/06/01 00:17:54, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
[2008/06/01 00:17:54, 1] libads/ldap_utils.c:ads_do_search_retry_internal(115)
  ads reopen failed after error Referral
.
.
.
.
<snip>

---


Cheers,
Rob

More information about the samba mailing list