[Samba] Winbind Daemon fails to start, group shares no longer functioning

Anthony Boccia aboccia at afilias.info
Wed Jun 20 12:19:46 MDT 2012


Hello All,

I am currently having an issue with my samba PDC. I have recently updated
to 3.6.5 Samba, and have made what i believe to be the correct changes in
my config to account for the changes to the idmap system. My setup is as
follows, SAMBA PDC on RHEL 6.2, which authenticates passwords through
Kerberos, and Deals with user profiles via LDAP. I had about 25 Windows
clients which were able to connect, receive their profiles and have full
access to their personal and group shares. Recently I have had complaints
that no users are able to access their group shares. Upon troubleshooting I
notice the winbind daemon had failed.

It will not restart, I do not see any configuration issues that would be
causing problems. I had thoroughly tested for about a month in a lab
environment, this issue never arross. I began using winbind to allow for
direct accessing of posix account values in LDAP from samba, without the
need for the smbldap-tools scripts. I am able to join machines to the
domain, add users, remove users and machines etc. I am not sure what could
be causing the issue which does not allow users to access group shares, but
even more importantly I cannot figure out what is wrong with winbind.
Attached to this email I have the winbind stack trace, winbind daemon
stdout which is shown on terminal, and my samba config. I feel it also
important to note that this PDC replace a much older 3.5.3 PDC, which
utilized the 3rd party smbldap tools scripts and did not need winbind. This
is new territory for me.

I am sure there is something that I am missing, though i am not sure what.
If anyone could please take a look and if possible shed a bit of light on
what it might be i would greatly appreciate it.


If anymore information is needed, please let me know and I shall provide it.

Thank You

-- 
Anthony Boccia
Afilias Canada Corp
Systems Administrator
Production Control - Infrastructure
-------------- next part --------------
===============================================================
INTERNAL ERROR: Signal 11 in pid 1493 (3.6.5-1.el6)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===============================================================
PANIC (pid 1493): internal error
BACKTRACE: 13 stack frames:
 #0 winbindd(log_stack_trace+0x1a) [0x7f6fc31b120a]
 #1 winbindd(smb_panic+0x2b) [0x7f6fc31b12db]
 #2 winbindd(+0x1940a4) [0x7f6fc31a20a4]
 #3 /lib64/libc.so.6(+0x31fbc32900) [0x7f6fc0402900]
 #4 winbindd(dom_sid_compare+0x28) [0x7f6fc31dd7c8]
 #5 winbindd(add_sid_to_array_unique+0x43) [0x7f6fc31df7a3]
 #6 winbindd(create_token_from_username+0x563) [0x7f6fc3134a83]
 #7 winbindd(create_local_token+0x55) [0x7f6fc3132285]
 #8 winbindd(make_serverinfo_from_username+0x80) [0x7f6fc3132700]
 #9 winbindd(init_system_info+0x5e) [0x7f6fc31330de]
 #10 winbindd(main+0x5ab) [0x7f6fc30dd48b]
 #11 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7f6fc03eecdd]
 #12 winbindd(+0xccf19) [0x7f6fc30daf19]
dumping core in /var/log/samba/cores/winbindd
Aborted (core dumped)
-------------- next part --------------
pm_process() returned Yes
adding IPC service
Substituting charset 'UTF-8' for LOCALE
added interface eth0 ip=fe80::250:56ff:fe9a:d14%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.10.32.88 bcast=10.10.39.255 netmask=255.255.248.0
Netbios name list:-
my_netbios_names[0]="SAMBA"
added interface eth0 ip=fe80::250:56ff:fe9a:d14%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.10.32.88 bcast=10.10.39.255 netmask=255.255.248.0
TimeInit: Serverzone is 0
initialize_winbindd_cache: clearing cache and re-creating with version number 2
Overriding messaging pointer for type 1 - private_data=(nil)
Added domain BUILTIN  S-1-5-32
Added domain domain  S-1-5-21-408791004-3275982270-559079837
Finding user sambaadmin
Trying _Get_Pwnam(), username as lowercase is sambaadmin
Get_Pwnam_internals did find user [sambaadmin]!
Finding user sambaadmin
Trying _Get_Pwnam(), username as lowercase is sambaadmin
Get_Pwnam_internals did find user [sambaadmin]!
Opening cache file at /var/lib/samba/gencache.tdb
Opening cache file at /var/lib/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 0
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend IPA_ldapsam
Successfully added passdb backend 'IPA_ldapsam'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to find a passdb backend to match ldapsam:"ldap://kerberos-ldap-server ldap://ldapserver1 ldap://ldapserver2 " (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=domain))]
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(objectClass=sambaDomain)(sambaDomainName=domain))], scope => [2]
Substituting charset 'UTF-8' for LOCALE
The connection to the LDAP server was closed
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
pdb backend ldapsam:"ldap://kerberos-ldap-server ldap://ldapserver1 ldap://ldapserver2 " has a valid init
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
Forcing Primary Group to 'Domain Users' for sambaadmin
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(objectClass=posixGroup)(|(memberUid=sambaadmin)(gidNumber=0)))], scope => [2]
primary group of [sambaadmin] not found
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(uid=sambaadmin)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: sambaadmin
smbldap_search_ext: base => [sambaDomainName=domain,dc=domain,dc=info], filter => [(objectClass=sambaDomain)], scope => [0]
gid_to_sid: winbind failed to find a sid for gid 0
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
gid_to_sid: winbind failed to find a sid for gid 0
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
Forcing Primary Group to 'Domain Users' for sambaadmin
Opening cache file at /var/lib/samba/login_cache.tdb
smbldap_search_ext: base => [sambaDomainName=domain,dc=domain,dc=info], filter => [(objectClass=sambaDomain)], scope => [0]
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(sambaSID=S-1-5-21-408791004-3275982270-559079837-500)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: sambaadmin
gid_to_sid: winbind failed to find a sid for gid 0
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
gid_to_sid: winbind failed to find a sid for gid 0
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(gidNumber=0)(objectClass=sambaGroupMapping))], scope => [2]
ERROR: Got 0 entries for gid 0, expected one
Forcing Primary Group to 'Domain Users' for sambaadmin
smbldap_search_ext: base => [dc=domain,dc=info], filter => [(&(objectClass=posixGroup)(|(memberUid=sambaadmin)(gidNumber=0)))], scope => [2]
primary group of [sambaadmin] not found
===============================================================


More information about the samba mailing list