[Samba] FW: Questions about Samba 4

Rowland Penny rowlandpenny241155 at gmail.com
Fri Aug 28 09:29:41 UTC 2015 

On 28/08/15 09:20, Volker Lendecke wrote:
> On Thu, Aug 27, 2015 at 08:17:15AM +0200, L.P.H. van Belle wrote:
>> This was a test on debian Jessie with sernet samba 4.2.3.
>> and the test was, "login" with a AD user on ssh.
>> this worked, fine, but this i noticed later.
> Ok, got more information. But I am still not able to
> reproduce it. Unless someone would be willing to give a
> developer root login to such a box (which I see as pretty
> unlikely) I think I have done what I could and have to leave
> this to the real experts like Simo or Andrew Bartlett.
> winbind according to all my information seems to spin
> somewhere deep in the kinit code.
>
> Sorry,
>
> Volker
>

Hi Volker, it seems pretty easy to reproduce, just throw up a test DC in 
a VM, create a user and set the password to need to be changed at next 
login. Now create a member server in another VM and join this to the DC. 
now open three terminals, ssh into the member server as root from one 
and start 'top' , ssh into the member server as root from another and 
finally attempt to ssh into the member server as the user you created 
from the last one.
Now watch the 'top' running in the other terminal, it should show 
winbind using 100% CPU (or very close to it) at this point go to the 
open root terminal and run gdb.

I can easily reproduce it on an X86_64 machine running Samba Version 
4.2.3-SerNet-Debian-7.wheezy

I get this from gdb:

(gdb) bt
#0  0x00007f6449c6cf19 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007f644ae45e43 in ?? ()
    from /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so
#2  0x00007f644e25fc36 in krb5_get_init_creds_password ()
    from /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26
#3  0x00007f644ae460ff in kerberos_kinit_password_ext ()
    from /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so
#4  0x00007f64519fde1d in kerberos_return_pac ()
#5  0x00007f6451a1cb5f in winbindd_dual_pam_auth ()
#6  0x00007f6451a319c4 in ?? ()
#7  0x00007f644f32c741 in ?? ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#8  0x00007f644f32a9fb in ?? ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#9  0x00007f644f327381 in _tevent_loop_once ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#10 0x00007f6451a34a6f in ?? ()
#11 0x00007f6451a34bd7 in ?? ()
#12 0x00007f644f327d38 in ?? ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#13 0x00007f644f327be5 in tevent_common_loop_immediate ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#14 0x00007f644f32c48a in ?? ()
---Type <return> to continue, or q <return> to quit---
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#15 0x00007f644f32a9fb in ?? ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#16 0x00007f644f327381 in _tevent_loop_once ()
    from /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0
#17 0x00007f6451a0d319 in main ()
(gdb)

But of course, this is probably me trying to teach my granny to suck 
eggs :-)

Rowland

More information about the samba mailing list