[Samba] sudo issues after upgrading to samba/winbind 4.0.13 on Debian Wheezy
Hans-Kristian Bakke
hkbakke at gmail.com
Fri Jan 3 20:24:10 MST 2014
Hi
I have upgraded from samba 3.6.19 to samba 4.0.13 on Debian Wheezy
64-bit with Samba 4.0.13 from wheezy-backports. I use winbind to
authenticate against a two-server AD domain on Server 2012 functional
level and forced LDAPS.
After upgrading from 3.6.19 to 4.0.13 everything still works for me as
usual. That is samba shares authentication, all things relying on the
keytab, SSO logins with SSH using GSSAPI and so on. But strangely sudo
for winbind users do not work anymore. The sudo package was not
updated, but i installed a newer version just to check (1.8.8) but no
success.
wbinfo, getent, id, groups and su - work perfectly with all users and
group memberships listed.
When trying sudo in any form, like sudo -i, I get the password
question, but after inputting the password sudo just hangs, not
responding to anything and somethimes timing out, other times I kill
it from another root session.
It is like this on all my Wheezy servers after upgrading to 4.0.13
(and installing libpam-winbind and libnss-winbind). I have not messed
with the sudo configuration or pam.d configuration on any of the
servers, other than adding the user to sudoers (adduser xxx sudo).
Local users works perfectly with sudo. Wheezy servers that I have not
upgraded to 4.0.13 is working correctly and the pam.d configs seem
identical.
I have purged everything related to samba/winbind and reinstalled,
including leaving and joining the domain with no success for sudo.
I have straced the issue and it seems to be looping trying to pull
data from /var/lib/samba/winbindd_privileged/pipe.
The strace had to be started via pid after initiating sudo -i and
waiting for input as I got som setuid error trying to run the command
it self with strace.
---
lstat("/var/run/samba/winbindd", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
lstat("/var/run/samba/winbindd/pipe", {st_mode=S_IFSOCK|0777,
st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 4
fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(4, F_GETFD) = 0
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_FILE, path="/var/run/samba/winbindd/pipe"}, 110) = 0
poll([{fd=4, events=POLLIN|POLLOUT|POLLHUP}], 1, -1) = 1 ([{fd=4,
revents=POLLOUT}])
write(4, "0\10\0\0\0\0\0\0\0\0\0\0\17\34\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
2096) = 2096
poll([{fd=4, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "\250\r\0\0\2\0\0\0\33\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
3496) = 3496
poll([{fd=4, events=POLLIN|POLLOUT|POLLHUP}], 1, -1) = 1 ([{fd=4,
revents=POLLOUT}])
write(4, "0\10\0\0/\0\0\0\0\0\0\0\17\34\0\0\0\10\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
2096) = 2096
poll([{fd=4, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "\313\r\0\0\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
3496) = 3496
poll([{fd=4, events=POLLIN|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
read(4, "/var/lib/samba/winbindd_privileg"..., 35) = 35
lstat("/var/lib/samba/winbindd_privileged", {st_mode=S_IFDIR|0750,
st_size=4096, ...}) = 0
lstat("/var/lib/samba/winbindd_privileged/pipe",
{st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 10
fcntl(10, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(10, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl(10, F_GETFD) = 0
fcntl(10, F_SETFD, FD_CLOEXEC) = 0
connect(10, {sa_family=AF_FILE,
path="/var/lib/samba/winbindd_privileged/pipe"}, 110) = 0
close(4) = 0
poll([{fd=10, events=POLLIN|POLLOUT|POLLHUP}], 1, -1) = 1 ([{fd=10,
revents=POLLOUT}])
write(10, "0\10\0\0\r\0\0\0\0\0\0\0\17\34\0\0\0\0\0\0\236\360\0\0\0\0\0\0\0\0\0\0"...,
2096) = 2096
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
poll([{fd=10, events=POLLIN|POLLHUP}], 1, 5000) = 0 (Timeout)
close(10)
---
Regards
Hans-Kristian
More information about the samba
mailing list