[Samba] winbind errors and panics
Hi, I'm setting up a Samba AD member server on CentOS 6. Everything seems to work, except that Windows users don't get automatically created in the idmap backend (which is an LDAP tree, btw). I do get the following errors in the winbind logging: [2012/01/26 13:04:20.634990, 1] winbindd/idmap_ldap.c:193(verify_idpool) Unable to verify the idpool, cannot continue initialization! [2012/01/26 13:04:20.635125, 0] winbindd/idmap.c:599(idmap_alloc_init) ERROR: Initialization failed for alloc backend, deferred! and a panic by winbind: [2012/01/26 13:06:50.726749, 0] lib/fault.c:46(fault_report) === [2012/01/26 13:06:50.726893, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 2730 (3.5.10-114.el6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2012/01/26 13:06:50.726931, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2012/01/26 13:06:50.726967, 0] lib/fault.c:50(fault_report) === [2012/01/26 13:06:50.727005, 0] lib/util.c:1490(smb_panic) PANIC (pid 2730): internal error [2012/01/26 13:06:50.730324, 0] lib/util.c:1594(log_stack_trace) BACKTRACE: 19 stack frames: #0 winbindd(log_stack_trace+0x2e) [0x95a88e] #1 winbindd(smb_panic+0x2e) [0x95a9ae] #2 winbindd(+0x170f9f) [0x947f9f] #3 [0x110400] #4 /lib/libldap-2.4.so.2(ldap_unbind_ext+0x25) [0x186855] #5 /lib/libldap-2.4.so.2(ldap_unbind+0x70) [0x1869a0] #6 winbindd(+0x52d07f) [0xd0407f] #7 winbindd(+0x52d325) [0xd04325] #8 winbindd(run_events+0x110) [0x96c800] #9 winbindd(+0xbffd8) [0x896fd8] #10 winbindd(+0xc0f1d) [0x897f1d] #11 winbindd(+0x198d08) [0x96fd08] #12 winbindd(tevent_common_loop_immediate+0xe6) [0x96e4f6] #13 winbindd(run_events+0x3e) [0x96c72e] #14 winbindd(+0x195bc1) [0x96cbc1] #15 winbindd(_tevent_loop_once+0x98) [0x96d2c8] #16 winbindd(main+0xa9a) [0x86804a] #17 /lib/libc.so.6(__libc_start_main+0xe6) [0xf9ace6] #18 winbindd(+0x8e531) [0x865531] [2012/01/26 13:06:50.731949, 0] lib/fault.c:326(dump_core) dumping core in /var/log/samba/cores/winbindd Here's my testparm output with replacing our internal domainname: Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[Profiles]" Processing section "[]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = realm = .LOCAL server string = Samba Server Version %v security = ADS passdb backend = ldapsam:ldap://limara.mgt..local log file = /var/log/samba/log.%m max log size = 50 ldap admin dn = cn=Manager,dc=,dc=local ldap group suffix = ou=Group,dc=office ldap idmap suffix = ou=People,ou=Domain Users,dc=office ldap machine suffix = ou=Computers,dc=office ldap suffix = dc=,dc=local ldap ssl = no idmap backend = ldap:ldap://limara.mgt..local idmap alloc backend = ldap idmap uid = 1-1 idmap gid = 1-1 idmap alloc config : ldap_base_dn = dc=office,dc=,dc=local idmap alloc config : ldap_url = ldap://limara.mgt..local ldapsam:editposix = yes ldapsam:trusted = yes cups options = raw [homes] comment = Home Directories path = /srv/windows/users/%S valid users = \%S read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Profiles] path = /srv/windows/profiles/ read only = No guest ok = Yes browseable = No [] path = /srv/windows/shared/ read only = No Searching on the errors on Google gives me only parts of the source code, questions, and no answers. For a sidenote: if I do create the user objects manually, the idmappings get created without problems. I could run production with the server as it is now, but I'd prefer to have the account creation/idmapping to go automatically, as that saves me a lot of admin work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind errors result in no logins!
Everyone, We are currently seeing a very strange problem on our server. Everything will be running along smoothly and then all of a sudden, nobody will be able to login. Looking through the logs reveals the following messages... Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): pam_winbind_request: read from socket failed! Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): internal module error (retval = 3, user = 'NA\nda') Apr 24 10:55:15 LINUX-1 httpd2-prefork: pam_winbind(httpd): [pamh: 0xa0c91c0] LEAVE: pam_sm_authenticate returning 3 Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): pam_winbind_request: read from socket failed! Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): internal module error (retval = 3, user = 'na\sja') Apr 24 10:55:17 LINUX-1 httpd2-prefork: pam_winbind(httpd): [pamh: 0x9c58c68] LEAVE: pam_sm_authenticate returning 3 Apr 24 10:55:31 LINUX-1 httpd2-prefork: pam_winbind(httpd): [pamh: 0x9c58630] ENTER: pam_sm_authenticate (flags: 0x0001) Also, once the problem begins, the CPU goes to 95%+ for winbind! The apache2_error log shows errors like this... [Fri Apr 24 16:08:08 2009] [error] [client 192.xxx.xxx.xxx] PAM: user 'na\\naj' - not authenticated: Error in service module [Fri Apr 24 16:08:15 2009] [error] [client 172.xxx.xxx.xxx] PAM: user 'na\\sja' - not authenticated: Error in service module [Fri Apr 24 16:08:29 2009] [error] [client 192.xxx.xxx.xxx] PAM: user 'na\\nda' - not authenticated: Error in service module [Fri Apr 24 16:09:48 2009] [error] [client 192.xxx.xxx.xxx] PAM: user 'na\\nda' - not authenticated: Error in service module Restarting the winbind and smb services clears up the problem immediately, but we can't seem to figure out what is going on. Does anyone have any suggestions of things to try? Have any of you seen this before? Thanks, Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind errors
I am getting this error in reference to winbindd: Failed to parse NTLMSSP packet, could not extract NTLMSSP command Here is my current smb.conf [global] # # Network configuration # server string = doc-odin.domain.com workgroup = DOMAIN netbios name = DOC-ODIN realm = DOMAIN security = ADS password server = server.domain.com server2.domain.com # # Domain configuation options # prefered master = no local master = no domain master = no prefered master = no domain logons = no # # Security options # encrypt passwords = yes update encrypted = yes password level = 20 # # Winbind options # # winbind use default domain = no winbind cache time = 5 winbind separator = / winbind enum users = no winbind enum groups = no winbind nested groups = yes # # User/Group mapping options # idmap uid = 500-50 idmap gid = 500-50 add user script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ # # LDAP/AD configuration options # passdb backend = ldapsam:LDAP://server2.domain.com ldap admin dn = "cn=readonly,cn=users,dc=domain,dc=com ldap user suffix = cn=users ldap group suffix = ou=groups ldap suffix = dc=domain,dc=com ldap delete dn = no use spnego = yes # # Networking options # hide unreadable = no wins support = no dns proxy = no interfaces = eth* lo bind interfaces only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts deny = 0.0.0.0/0 # # Miscellaneous options # os level = 20 template shell = /bin/false template homedir = /odin/%D/%U load printers = no # # Logging options # log level = 1 ads:5 auth:5 sam:5 rpc:5 Any help is appreciated. i was able to successfully join the domain using security = ads, if I run wbinfo -u I can see the users, if I run getent passwd I do not see the users and I am hoping that resolving that error with winbind will solve this. -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
