[Samba] winbind pam trouble

Rowland penny rpenny at samba.org
Tue Apr 12 08:34:44 UTC 2016 

On 12/04/16 09:24, lists wrote:
> Hi Rowland,
>
>> You have real trouble if you don't have the last three :-D
>>
>> They are well known SIDs
>>
>> 501 is Guest
>> 502 is krbtgt
>> 517 is Cert Publishers
>>
>> Try opening a terminal on the DC and run this:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb
>> '(objectsid=S-1-5-21-90839350-987482234-868425949-501)'
>
> I searched with ldbsearch, and that confirmed that we DO have those 
> records. So at least we don't seem to have REAL trouble. :-D
>
> Looking at ADUC, I realise that these 'problem' acounts are the (few) 
> accounts with no UID assigned to them. So the 'error' makes sense: 
> they are mailinglists, or groups not used for file access permissions.
>
> So it seems this is logical, and does not explain the problems we had 
> yesterday evening with winbind crashing, as I wrote in my second email 
> yesterday:
>
>> [2016/04/11 20:39:01.330173,  0] ../lib/util/fault.c:79(fault_report)
>>   INTERNAL ERROR: Signal 11 in pid 4899 (4.2.9-SerNet-Debian-8.wheezy)
>>   Please read the Trouble-Shooting section of the Samba HOWTO
>> [2016/04/11 20:39:01.330199,  0] ../lib/util/fault.c:81(fault_report)
>> ===============================================================
>> [2016/04/11 20:39:01.330217,  0] ../source3/lib/util.c:788(smb_panic_s3)
>>   PANIC (pid 4899): internal error
>> [2016/04/11 20:39:01.330733,  0] 
>> ../source3/lib/util.c:899(log_stack_trace)
>>   BACKTRACE: 29 stack frames:
>>    #0 
>> /usr/lib/x86_64-linux-gnu/samba/libsmbconf.so.0(log_stack_trace+0x1a) 
>> [0x7f64c5f6699b]
>>    #1 
>> /usr/lib/x86_64-linux-gnu/samba/libsmbconf.so.0(smb_panic_s3+0x55) 
>> [0x7f64c5f66a99]
>>    #2 
>> /usr/lib/x86_64-linux-gnu/samba/libsamba-util.so.0(smb_panic+0x2d) 
>> [0x7f64c9883ed3]
>>    #3 /usr/lib/x86_64-linux-gnu/samba/libsamba-util.so.0(+0x231ec) 
>> [0x7f64c98841ec]
>>    #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7f64cb2520a0]
>>    #5 
>> /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_storage_free+0x4) 
>> [0x7f64c7f0ae4f]
>>    #6 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(+0x3c7cd) 
>> [0x7f64c7ef67cd]
>>    #7 
>> /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_kt_end_seq_get+0x2a) 
>> [0x7f64c7ef5eac]
>>    #8 /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(+0xa981) 
>> [0x7f64c4aaf981]
>>    #9 
>> /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(gse_krb5_get_server_keytab+0x3db) 
>> [0x7f64c4aafdaa]
>>    #10 /usr/lib/x86_64-linux-gnu/samba/libgse-samba4.so(+0xc644) 
>> [0x7f64c4ab1644]
>>    #11 
>> /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_start_mech+0x197) 
>> [0x7f64c4ce3eaf]
>>    #12 
>> /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_start_mech_by_oid+0xd9) 
>> [0x7f64c4ce4194]
>>    #13 /usr/sbin/winbindd(kerberos_return_pac+0x5b2) [0x7f64cb6a8248]
>>    #14 /usr/sbin/winbindd(winbindd_dual_pam_auth+0x792) [0x7f64cb6c6be5]
>>    #15 /usr/sbin/winbindd(+0x5aa44) [0x7f64cb6dba44]
>>    #16 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x9771) 
>> [0x7f64c9001771]
>>    #17 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x7a2b) 
>> [0x7f64c8fffa2b]
>>    #18 
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(_tevent_loop_once+0x92) [0x7f64c8ffc3b1] 
>>
>>    #19 /usr/sbin/winbindd(+0x5daef) [0x7f64cb6deaef]
>>    #20 /usr/sbin/winbindd(+0x5dc57) [0x7f64cb6dec57]
>>    #21 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x4d68) 
>> [0x7f64c8ffcd68]
>>    #22 
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(tevent_common_loop_immediate+0x128) 
>> [0x7f64c8ffcc15]
>>    #23 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x94ba) 
>> [0x7f64c90014ba]
>>    #24 /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(+0x7a2b) 
>> [0x7f64c8fffa2b]
>>    #25 
>> /usr/lib/x86_64-linux-gnu/samba/libtevent.so.0(_tevent_loop_once+0x92) [0x7f64c8ffc3b1] 
>>
>>    #26 /usr/sbin/winbindd(main+0x11d5) [0x7f64cb6b7319]
>>    #27 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) 
>> [0x7f64c3879ead]
>>    #28 /usr/sbin/winbindd(+0x26a09) [0x7f64cb6a7a09]
>
> Any ideas where to look next..?
>
> One line that struck me in the loglines above is:
> >   INTERNAL ERROR: Signal 11 in pid 4899 (4.2.9-SerNet-Debian-8.wheezy)
> Debian 8, wheezy.... strange to see those two (8, wheezy) in one line.
>
> We're on wheezy, and my sources.list line is also for wheezy.
>
> Suggestions?
>
> MJ
>

apt-get install libpam-krb5

Rowland

If I login to a domain member via ssh I get this in /var/log/auth.log:

Apr 12 09:21:21 member1 sshd[6502]: pam_krb5(sshd:auth): user rowland 
authenticated as rowland at SAMDOM.EXAMPLE.COM
Apr 12 09:21:22 member1 sshd[6500]: Accepted keyboard-interactive/pam 
for rowland from 192.168.0.128 port 41609 ssh2
Apr 12 09:21:22 member1 sshd[6500]: pam_unix(sshd:session): session 
opened for user rowland by (uid=0)

Rowland

More information about the samba mailing list