[Samba] [samba4] crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"
François Lafont
flafdivers at free.fr
Sat Apr 13 18:08:43 MDT 2013
Hi,
I used Samba 4.0.5 in Wheezy. Here is that I have done:
---------------------------------------------------------------
samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI \
--server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123'
echo "nameserver 192.168.0.21" > /etc/resolv.conf
samba
ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
# I put "winbind" in the nsswitch.conf file.
sed -i -r -e 's/^(passwd:.*)$/\1 winbind/g' -e 's/^(group:.*)$/\1 winbind/g' /etc/nsswitch.conf
samba-tool user add test1 "+test123"
---------------------------------------------------------------
That's all. Here is my smb.conf after this commands:
---------------------------------------------------------------
# Global parameters
[global]
workgroup = CHEZMOI
realm = CHEZMOI.PRIV
netbios name = WHEEZY-1
server role = active directory domain controller
dns forwarder = 212.27.40.241
[netlogon]
path = /usr/local/samba/var/locks/sysvol/chezmoi.priv/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
---------------------------------------------------------------
It seems to work well:
---------------------------------------------------------------
~# getent passwd
[couic...]
CHEZMOI\Administrator:*:0:100::/home/CHEZMOI/Administrator:/bin/false
CHEZMOI\Guest:*:3000011:3000012::/home/CHEZMOI/Guest:/bin/false
CHEZMOI\krbtgt:*:3000016:100::/home/CHEZMOI/krbtgt:/bin/false
CHEZMOI\test1:*:3000017:100::/home/CHEZMOI/test1:/bin/false
~# wbinfo -u
Administrator
Guest
krbtgt
test1
# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
---------------------------------------------------------------
But there is something curious with the /usr/local/samba/var/locks/sysvol/ directory:
---------------------------------------------------------------
# ls -n /usr/local/samba/var/locks/sysvol/
total 8
drwxrws---+ 4 0 3000000 4096 Apr 14 01:40 chezmoi.priv
---------------------------------------------------------------
Which group has the gid 3000000?
---------------------------------------------------------------
# wbinfo -g | tr '\n' '\0' | xargs -0 -n 1 wbinfo --group-info
CHEZMOI\Enterprise Read-Only Domain Controllers:*:3000018:
CHEZMOI\Domain Admins:*:3000008:
CHEZMOI\Domain Users:*:100:
CHEZMOI\Domain Guests:*:3000012:
CHEZMOI\Domain Computers:*:3000019:
CHEZMOI\Domain Controllers:*:3000020:
CHEZMOI\Schema Admins:*:3000007:
CHEZMOI\Enterprise Admins:*:3000006:
CHEZMOI\Group Policy Creator Owners:*:3000004:
CHEZMOI\Read-Only Domain Controllers:*:3000021:
CHEZMOI\DnsUpdateProxy:*:3000022:
---------------------------------------------------------------
There is no 3000000 gid. And, a bit more embarrassing, if I use "ls -l" to resolv the gid to a name, winbind is crashing:
---------------------------------------------------------------
# time ls -l /usr/local/samba/var/locks/sysvol
total 8
drwxrws---+ 4 root 3000000 4096 Apr 14 01:40 chezmoi.priv
real 0m33.483s # <---- 33 seconds !
user 0m0.012s
sys 0m0.000s
# wbinfo -u
Error looking up domain users
# wbinfo -g
failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups
# wbinfo -i Guest
failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for user Guest
# wbinfo -p
Ping to winbindd failed
could not ping winbindd!
---------------------------------------------------------------
I have to restart samba:
---------------------------------------------------------------
# killall samba; sleep 2; samba
# wbinfo -u
Administrator
Guest
krbtgt
test1
# wbinfo -g
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
# wbinfo -p
Ping to winbindd succeeded
---------------------------------------------------------------
Have I made a mistake? Where is the problem?
Thanks in advande.
--
François Lafont
More information about the samba
mailing list