[Samba] auth problems with samba 4.4.6 (winbind) *(suppected bug)

L.P.H. van Belle belle at bazuin.nl
Wed Oct 19 07:02:09 UTC 2016 

Hai, 

 

I had some users today that couldnt login. 

Windows stopped at the “Welcome” screen.  

 

Now, i checked the logs and i noticed a change in winbind. 

i noticed 2 logs files with increase a 1000% in size.  log.winbindd-idmap and log.wb-NTDOM

 

 

Before ( samba 4.4.5 ) log.winbindd-idmap

[2016/09/30 11:32:37.040567,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/09/30 11:33:17.967227,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/05 16:18:58.799428,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/12 13:31:55.689930,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/18 15:35:41.931491,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/19 01:39:57.249786,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The caontext has expired: Success]

( the last line was and restart of winbind.) 

 

after ( 4.4.6 ) log.winbindd-idmap

[2016/10/18 15:35:41.931491,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/19 01:39:57.249786,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/19 01:39:57.255431,  0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)

  kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.

[2016/10/19 01:44:56.909360,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

 

Before ( samba 4.4.5 ) log.wb-NTDOM

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/12 13:31:55.689792,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/12 13:32:05.276839,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/13 00:32:19.370114,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/18 15:35:41.931396,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/18 15:35:54.299672,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)

  Got sig[15] terminate (is_parent=0)

[2016/10/19 01:36:08.441464,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

 

after ( 4.4.6 ) log.wb-NTDOM

[2016/10/19 01:36:08.441464,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/19 01:36:08.446288,  0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)

  kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.

[2016/10/19 01:36:08.510460,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/19 01:36:08.510540,  0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)

  kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.

[2016/10/19 01:36:39.285046,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)

  gss_init_sec_context failed with [ The context has expired: Success]

[2016/10/19 01:36:39.285142,  0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)

  kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.

 

 

fix was very simple. 

  

turned of the pc. 

restarted winbind on this server and these users could login again.  

I did not update my DC’s, since i’ve seen more about this on the mailing list. 

 

The server in question is a samba member server, and this server contains the profiles and users home folders.

Debian Jessie, samba/winbind 4.4.6 

 

The strange thing here. 

About 60 users logged in ok and 3 not. 

This is the first time this happend since im running 4.2 and up. 

so im very sure this is a bug. 

 

Anyone, is this a known bug 

and if so any patch i can test? 

Or anything i can do else to help debug this if there is no patch? 

 

 

 

 

Greetz, 

 

Louis

 

 

 

More information about the samba mailing list