[Samba] winbind pam trouble
Rowland penny
rpenny at samba.org
Tue Apr 12 08:34:44 UTC 2016
On 12/04/16 09:24, lists wrote:
> Hi Rowland,
>
>> You have real trouble if you don't have the last three :-D
>>
>> They are well known SIDs
>>
>> 501 is Guest
>> 502 is krbtgt
>> 517 is Cert Publishers
>>
>> Try opening a terminal on the DC and run this:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb
>> '(objectsid=S-1-5-21-90839350-987482234-868425949-501)'
>
> I searched with ldbsearch, and that confirmed that we DO have those
> records. So at least we don't seem to have REAL trouble. :-D
>
> Looking at ADUC, I realise that these 'problem' acounts are the (few)
> accounts with no UID assigned to them. So the 'error' makes sense:
> they are mailinglists, or groups not used for file access permissions.
>
> So it seems this is logical, and does not explain the problems we had
> yesterday evening with winbind crashing, as I wrote in my second email
> yesterday:
>
>> [2016/04/11 20:39:01.330173, 0] ../lib/util/fault.c:79(fault_report)
>> INTERNAL ERROR: Signal 11 in pid 4899 (4.2.9-SerNet-Debian-8.wheezy)
>> Please read the Trouble-Shooting section of the Samba HOWTO
>> [2016/04/11 20:39:01.330199, 0] ../lib/util/fault.c:81(fault_report)
>> ===============================================================
>> [2016/04/11 20:39:01.330217, 0] ../source3/lib/util.c:788(smb_panic_s3)
>> PANIC (pid 4899): internal error
>> [2016/04/11 20:39:01.330733, 0]
>> ../source3/lib/util.c:899(log_stack_trace)
>> BACKTRACE: 29 stack frames:
>> #0
>> /usr/lib/x86_64-linux-gnu/samba/libsmbconf.so.0(log_stack_trace+0x1a)
>> [0x7f64c5f6699b]
>> #1
>> /usr/lib/x86_64-linux-gnu/samba/libsmbconf.so.0(smb_panic_s3+0x55)
>> [0x7f64c5f66a99]
>> #2
>> /usr/lib/x86_64-linux-gnu/samba/libsamba-util.so.0(smb_panic+0x2d)
>> [0x7f64c9883ed3]
>> #3 /usr/lib/x86_64-linux-gnu/samba/libsamba-util.so.0(+0x231ec)
>> [0x7f64c98841ec]
>> #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7f64cb2520a0]
>> #5
>> /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_storage_free+0x4)
>> [0x7f64c7f0ae4f]
>> #6 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(+0x3c7cd)
>> [0x7f64c7ef67cd]
>> #7
>> /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_kt_end_seq_get+0x2a)
>> [0x7f64c7ef5eac]
>> #8 /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(+0xa981)
>> [0x7f64c4aaf981]
>> #9
>> /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(gse_krb5_get_server_keytab+0x3db)
>> [0x7f64c4aafdaa]
>> #10 /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(+0xc644)
>> [0x7f64c4ab1644]
>> #11
>> /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_start_mech+0x197)
>> [0x7f64c4ce3eaf]
>> #12
>> /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_start_mech_by_oid+0xd9)
>> [0x7f64c4ce4194]
>> #13 /usr/sbin/winbindd(kerberos_return_pac+0x5b2) [0x7f64cb6a8248]
>> #14 /usr/sbin/winbindd(winbindd_dual_pam_auth+0x792) [0x7f64cb6c6be5]
>> #15 /usr/sbin/winbindd(+0x5aa44) [0x7f64cb6dba44]
>> #16 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x9771)
>> [0x7f64c9001771]
>> #17 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x7a2b)
>> [0x7f64c8fffa2b]
>> #18
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(_tevent_loop_once+0x92) [0x7f64c8ffc3b1]
>>
>> #19 /usr/sbin/winbindd(+0x5daef) [0x7f64cb6deaef]
>> #20 /usr/sbin/winbindd(+0x5dc57) [0x7f64cb6dec57]
>> #21 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x4d68)
>> [0x7f64c8ffcd68]
>> #22
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(tevent_common_loop_immediate+0x128)
>> [0x7f64c8ffcc15]
>> #23 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x94ba)
>> [0x7f64c90014ba]
>> #24 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x7a2b)
>> [0x7f64c8fffa2b]
>> #25
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(_tevent_loop_once+0x92) [0x7f64c8ffc3b1]
>>
>> #26 /usr/sbin/winbindd(main+0x11d5) [0x7f64cb6b7319]
>> #27 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)
>> [0x7f64c3879ead]
>> #28 /usr/sbin/winbindd(+0x26a09) [0x7f64cb6a7a09]
>
> Any ideas where to look next..?
>
> One line that struck me in the loglines above is:
> > INTERNAL ERROR: Signal 11 in pid 4899 (4.2.9-SerNet-Debian-8.wheezy)
> Debian 8, wheezy.... strange to see those two (8, wheezy) in one line.
>
> We're on wheezy, and my sources.list line is also for wheezy.
>
> Suggestions?
>
> MJ
>
apt-get install libpam-krb5
Rowland
If I login to a domain member via ssh I get this in /var/log/auth.log:
Apr 12 09:21:21 member1 sshd[6502]: pam_krb5(sshd:auth): user rowland
authenticated as rowland at SAMDOM.EXAMPLE.COM
Apr 12 09:21:22 member1 sshd[6500]: Accepted keyboard-interactive/pam
for rowland from 192.168.0.128 port 41609 ssh2
Apr 12 09:21:22 member1 sshd[6500]: pam_unix(sshd:session): session
opened for user rowland by (uid=0)
Rowland
More information about the samba
mailing list