[Samba] Winbind core dump issue
Paul Digby
pdigby at gmail.com
Mon Aug 10 19:32:27 MDT 2009
Greetings
We've moved from using NIS/SFU to using Samba/Winbind connecting to our
Windows 2003 AD domain with an Openldap idmap backend on our Redhat 4/5
servers. We managed to get this mostly working in that users can
authenticate using their domain accounts (thank you Samba team!!!). We do
however keep getting the same error in the log.winbindd-idmap log:
winbindd: ../../../libraries/libldap/getentry.c:48: ldap_next_entry:
Assertion `entry != ((void *)0)' failed.
[2009/08/11 12:00:12, 0] lib/fault.c:fault_report(40)
===============================================================
[2009/08/11 12:00:12, 0] lib/fault.c:fault_report(41)
INTERNAL ERROR: Signal 6 in pid 25614 (3.2.13)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2009/08/11 12:00:12, 0] lib/fault.c:fault_report(43)
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2009/08/11 12:00:12, 0] lib/fault.c:fault_report(44)
===============================================================
[2009/08/11 12:00:12, 0] lib/util.c:smb_panic(1670)
PANIC (pid 25614): internal error
[2009/08/11 12:00:12, 0] lib/util.c:log_stack_trace(1774)
BACKTRACE: 28 stack frames:
#0 winbindd(log_stack_trace+0x2d) [0x891b0c]
#1 winbindd(smb_panic+0x8e) [0x89195e]
#2 winbindd [0x87b660]
#3 winbindd [0x87b671]
#4 /lib/tls/libc.so.6 [0x377918]
#5 /lib/tls/libc.so.6(abort+0xe9) [0x379289]
#6 /lib/tls/libc.so.6(__assert_fail+0x101) [0x370da1]
#7 /usr/lib/libldap-2.2.so.7(ldap_next_entry+0x6b) [0x227c3b]
#8 /usr/lib/samba/idmap/ldap.so [0x2a36e3]
#9 winbindd [0xb2cec0]
#10 winbindd(idmap_unixids_to_sids+0x41a) [0xb2dbd3]
#11 winbindd(idmap_uid_to_sid+0xb9) [0xb30059]
#12 winbindd(winbindd_dual_uid2sid+0xb0) [0x8031c6]
#13 winbindd [0x7f842f]
#14 winbindd [0x7faacf]
#15 winbindd [0x7f7ff7]
#16 winbindd(async_request+0x20f) [0x7f79c1]
#17 winbindd(do_async+0x13c) [0x7fad81]
#18 winbindd(winbindd_uid2sid_async+0x77) [0x80310c]
#19 winbindd(winbindd_getpwuid+0xb1) [0x7c9a91]
#20 winbindd [0x7c60d9]
#21 winbindd [0x7c6c89]
#22 winbindd [0x7c6ad4]
#23 winbindd [0x7c6407]
#24 winbindd [0x7c7383]
#25 winbindd(main+0xc7e) [0x7c82e2]
#26 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x364df3]
#27 winbindd [0x7c56b1]
[2009/08/11 12:00:12, 0] lib/fault.c:dump_core(201)
dumping core in /var/log/samba/cores/winbindd
Winbind seems to continue running but users get ID errors like 'cannot find
name for user ID #' and the machine is basically unusable for a minute or so
before it goes away. With the error referring to ldap, I'm not sure if this
is a problem with our ldap database or if it's a problem with winbind.
Initially we just used the latest versions of samba (Version
3.0.9-1.3E.13.2) from the RedHat repos but we found we were having problems
with trusted domains that we didn't have access to nor wanted to
authenticate with. We tried the 'allow trusted domains = no' and 'winbind:
ignore domains = trustdom1 trustdom2' options in smb.conf but I think these
options were not supported in this version. We then installed the 3.2.12
rpms from ftp.sernet.de which fixed that issue and got us to this stage.
Here is some information about our setup:
smbd & winbindd: Version 3.2.13
smb.conf:
[global]
workgroup = domain
realm = krb realm
server string = %h Samba Server Version %v
security = ADS
password server = server1 server2
local master = no
domain master = no
winbind cache time = 7200
max log size = 50
ldap admin dn = cn=manager,dc=example,dc=test,dc=com
ldap idmap suffix = ou=idmap
ldap suffix = dc=example,dc=test,dc=com
idmap backend = ldap:ldap://10.0.1.16
idmap uid = 500-10000
idmap gid = 100-1000
template homedir = /home/domain/%U
template shell = /bin/bash
winbind separator = +
winbind use default domain = Yes
winbind enum users = yes
winbind enum groups = yes
allow trusted domains = no
# winbind nested groups = yes
winbind: ignore domains = trustdom1 trustdom2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
cups options = raw
nsswitch.conf:
passwd: files winbind
shadow: files
group: files winbind
/etc/pam.d/system-auth:
auth sufficient pam_env.so
auth sufficient pam_unix.so
auth sufficient pam_winbind.so try_first_pass
account sufficient pam_unix.so
account sufficient pam_winbind.so
session sufficient pam_unix.so
session sufficient pam_winbind.so
password sufficient pam_unix.so
password sufficient pam_winbind.so try_first_pass
I really have no idea where to even start with this error so would really
appreciate any help you can give.
regards
Paul
More information about the samba
mailing list