[Samba] auth problems with samba 4.4.6 (winbind) *(suppected bug)
L.P.H. van Belle
belle at bazuin.nl
Wed Oct 19 07:02:09 UTC 2016
Hai,
I had some users today that couldnt login.
Windows stopped at the “Welcome” screen.
Now, i checked the logs and i noticed a change in winbind.
i noticed 2 logs files with increase a 1000% in size. log.winbindd-idmap and log.wb-NTDOM
Before ( samba 4.4.5 ) log.winbindd-idmap
[2016/09/30 11:32:37.040567, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/09/30 11:33:17.967227, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/05 16:18:58.799428, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/12 13:31:55.689930, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/18 15:35:41.931491, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/19 01:39:57.249786, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The caontext has expired: Success]
( the last line was and restart of winbind.)
after ( 4.4.6 ) log.winbindd-idmap
[2016/10/18 15:35:41.931491, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/19 01:39:57.249786, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/19 01:39:57.255431, 0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
[2016/10/19 01:44:56.909360, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
Before ( samba 4.4.5 ) log.wb-NTDOM
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/12 13:31:55.689792, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/12 13:32:05.276839, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/13 00:32:19.370114, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/18 15:35:41.931396, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/18 15:35:54.299672, 0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2016/10/19 01:36:08.441464, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
after ( 4.4.6 ) log.wb-NTDOM
[2016/10/19 01:36:08.441464, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/19 01:36:08.446288, 0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
[2016/10/19 01:36:08.510460, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/19 01:36:08.510540, 0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
[2016/10/19 01:36:39.285046, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
gss_init_sec_context failed with [ The context has expired: Success]
[2016/10/19 01:36:39.285142, 0] ../source3/libads/sasl.c:785(ads_sasl_spnego_bind)
kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
fix was very simple.
turned of the pc.
restarted winbind on this server and these users could login again.
I did not update my DC’s, since i’ve seen more about this on the mailing list.
The server in question is a samba member server, and this server contains the profiles and users home folders.
Debian Jessie, samba/winbind 4.4.6
The strange thing here.
About 60 users logged in ok and 3 not.
This is the first time this happend since im running 4.2 and up.
so im very sure this is a bug.
Anyone, is this a known bug
and if so any patch i can test?
Or anything i can do else to help debug this if there is no patch?
Greetz,
Louis
More information about the samba
mailing list