[Samba] Upgrade from 3.5.6 to 3.6.12 causes errors in password TDB
We're having trouble with our samba PDC since the upgrade to 3.6.12. We've got a standard smbpassword file using TDB and I;ve run tdbtool and tdbbackup over the file and both report no errors. The PDC will run for several hours handling hundreds of users and will then catastrophically fail with each daemon process reporting the following in turn: === [2013/03/05 08:46:09.378281, 0] lib/util.c:1117(smb_panic) PANIC (pid 15900): internal error [2013/03/05 08:46:09.387147, 0] lib/util.c:1221(log_stack_trace) BACKTRACE: 39 stack frames: #0 /usr/local/samba/sbin/smbd(log_stack_trace+0x1a) [0x2af15816e065] #1 /usr/local/samba/sbin/smbd(smb_panic+0x55) [0x2af15816e169] #2 /usr/local/samba/sbin/smbd [0x2af15815f72c] #3 /lib64/libc.so.6 [0x2af15a39f2f0] #4 /usr/local/samba/sbin/smbd(tcopy_passwd+0x27) [0x2af15814dde7] #5 /usr/local/samba/sbin/smbd(pdb_copy_sam_account+0x94) [0x2af15812d607] #6 /usr/local/samba/sbin/smbd(pdb_getsampwsid+0x188) [0x2af158131666] #7 /usr/local/samba/sbin/smbd(_samr_OpenUser+0x10b) [0x2af1580738f3] #8 /usr/local/samba/sbin/smbd [0x2af15808197e] #9 /usr/local/samba/sbin/smbd [0x2af158090ee4] #10 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_raw_call_send+0xba) [0x2af1581d49a1] #11 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_call_send+0x28e) [0x2af1581d4c90] #12 /usr/local/samba/sbin/smbd(dcerpc_binding_handle_call+0x96) [0x2af1581d4d87] #13 /usr/local/samba/sbin/smbd(dcerpc_samr_OpenUser_r+0x20) [0x2af1580fb88a] #14 /usr/local/samba/sbin/smbd(dcerpc_samr_OpenUser+0x1d) [0x2af1580fb8ac] #15 /usr/local/samba/sbin/smbd [0x2af15802b909] #16 /usr/local/samba/sbin/smbd(_netr_ServerAuthenticate3+0x297) [0x2af15802c3a2] #17 /usr/local/samba/sbin/smbd(_netr_ServerAuthenticate2+0x5d) [0x2af15802c90c] #18 /usr/local/samba/sbin/smbd [0x2af1580325de] #19 /usr/local/samba/sbin/smbd [0x2af15808dc42] #20 /usr/local/samba/sbin/smbd(process_complete_pdu+0x264) [0x2af15808e21a] #21 /usr/local/samba/sbin/smbd(process_incoming_data+0x3c4) [0x2af15809014c] #22 /usr/local/samba/sbin/smbd(np_write_send+0x166) [0x2af15809033f] #23 /usr/local/samba/sbin/smbd [0x2af157ea0f87] #24 /usr/local/samba/sbin/smbd [0x2af157ea1518] #25 /usr/local/samba/sbin/smbd(reply_trans+0x6e4) [0x2af157ea2186] #26 /usr/local/samba/sbin/smbd [0x2af157f01097] #27 /usr/local/samba/sbin/smbd [0x2af157f05296] #28 /usr/local/samba/sbin/smbd [0x2af157f05567] #29 /usr/local/samba/sbin/smbd [0x2af157f055d8] #30 /usr/local/samba/sbin/smbd(run_events_poll+0x3c9) [0x2af15817c09a] #31 /usr/local/samba/sbin/smbd(smbd_process+0xa0b) [0x2af157f042be] #32 /usr/local/samba/sbin/smbd [0x2af1583c182f] #33 /usr/local/samba/sbin/smbd(run_events_poll+0x3c9) [0x2af15817c09a] #34 /usr/local/samba/sbin/smbd [0x2af15817c4cf] #35 /usr/local/samba/sbin/smbd(_tevent_loop_once+0x84) [0x2af15817c7e9] #36 /usr/local/samba/sbin/smbd(main+0x13bc) [0x2af1583c2f6c] #37 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2af15a38c994] #38 /usr/local/samba/sbin/smbd [0x2af157e88ee9] Is this a known issue? -- Jonathan Knight IT Services Keele University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7
I think the problem that you are seeing is that the Windows 7 PC will join the domain but then fail to log any users on. There is some better documentation out there, but the solution is to have server signing = disabled in your smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining domain works - logging in doesn't
On 22/10/2010 18:45, Dale Schroeder wrote: Jonathan, A guess -- I had the same error message and similar log entries because I had set server signing = auto The 3.5.x PDC would work only with the default No. That was it Dale! Many thanks. Jon. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining domain works - logging in doesn't
I'm building a replacement samba 3.5.6 domain controller to replace an old 3.0 one. Some other things are changing too. Our user accounts are now in LDAP rather than flat files (although the machine trust accounts will remain in a flat file), but that should be hidden from samba as it's going to be done through NSS. The smbpasswd file is a TDB file and will remain so. Our users don't authenticate with any native services on the server other than samba and PAM hasn't been configured to use LDAP. Samba was built with --without-pam as it authenticates using its own smbpasswd file and nothing else will need to authenticate that way. Our intention is to move over to an entirely LDAP based system, but we're doing that a stage at a time. So far, so good. Samba duly starts and I can join an XP PC to the domain without an issue. But when I try to log into the domain using my username I get: The system cannot log you on now because the domain KIS2 is not available nmblookup happily returns querying KIS2 on 160.5.10.3 160.5.10.3 KIS21c so it looks like its registered as a domain controller happily and besides, PC's can join the domain. I can mount shares from the server using my username and I can see the IPC$ share anonymously. I can log into the PC using a local account and mount shares using my username. Anonymous login successful Domain=[KIS2] OS=[Unix] Server=[Samba 3.5.6] Sharename Type Comment - --- IPC$IPC IPC Service (Keele I.T. Services) Anonymous login successful Domain=[KIS2] OS=[Unix] Server=[Samba 3.5.6] Server Comment ---- OATCAKE Keele I.T. Services WorkgroupMaster ---- KIS2 OATCAKE Oatcake is the samba server and nmblookup shows it with the right IP address. Testparm shows the critical options as: map untrusted to domain = Yes domain logons = Yes domain master = Yes So I can't see an obvious problem there. So clearly I've made some sort of obvious error somewhere that escapes me. At the risk of appearing foolish amongst my peers I am posting in the hope that you can point me in the direction I need to investigate. I'll include the end of the log.smbd running at debug level 5 which shows the logon process access the IPC$ share and then the connection being dropped. 2010/10/22 12:01:55.413644, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/10/22 12:01:55.413761, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/10/22 12:01:55.413789, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/10/22 12:01:55.413810, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/10/22 12:01:55.413832, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/10/22 12:01:55.413853, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/10/22 12:01:55.413896, 5] passdb/pdb_interface.c:1473(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 513. [2010/10/22 12:01:55.413959, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2010/10/22 12:01:55.413985, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2010/10/22 12:01:55.414007, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2010/10/22 12:01:55.414029, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2010/10/22 12:01:55.414050, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2010/10/22 12:01:55.414460, 5] passdb/pdb_tdb.c:609(tdbsam_getsampwrid) pdb_getsampwrid (TDB): error looking up RID 513 by key RID_0201. [2010/10/22 12:01:55.414652, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/10/22 12:01:55.414690, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/10/22 12:01:55.414718, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2010/10/22 12:01:55.414742, 5] auth/auth.c:304(check_ntlm_password) check_ntlm_password: guest authentication for user [] - [] - [nobody] succeeded [2010/10/22 12:01:55.414765, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2010/10/22 12:01:55.414819, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/10/22 12:01:55.414846, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/10/22 12:01:55.414868, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) -
[Samba] Samba 3.0.8 breaks all printing from Windows 98
We have small panic here as we've just put samba 3.0.8 up to fix the DoS attack but all printing from Windows 98 has now broken. Printing from Windows XP is still working fine. We're running on Fedora 2 using LPRng. Everything was working fine under 3.0.7 and no changes to the OS or the config files was made. Samba was upgraded to 3.0.8 using the configure line from the 3.0.7 build. The log.smbd file contains: [2004/11/10 15:08:11, 1] smbd/service.c:make_connection_snum(648) rm4pc68-klab1 (160.5.110.156) signed connect to service lilab1 initially as user (uid=, gid=901) (pid 8669) [2004/11/10 15:08:11, 0] printing/printing_db.c:get_print_db_byname(40) PANIC: assert failed at printing/printing_db.c(40) [2004/11/10 15:08:11, 0] lib/util.c:smb_panic2(1403) PANIC: assert failed [2004/11/10 15:08:11, 0] lib/util.c:smb_panic2(1411) BACKTRACE: 16 stack frames: #0 /usr/local/samba/sbin/smbd(smb_panic2+0x1f5) [0x82076be] #1 /usr/local/samba/sbin/smbd(smb_panic+0x19) [0x82074c7] #2 /usr/local/samba/sbin/smbd(get_print_db_byname+0x9f) [0x823ac1f] #3 /usr/local/samba/sbin/smbd [0x8226292] #4 /usr/local/samba/sbin/smbd(print_job_set_name+0x27) [0x8228f64] #5 /usr/local/samba/sbin/smbd [0x8095554] #6 /usr/local/samba/sbin/smbd(api_reply+0x391) [0x80992bb] #7 /usr/local/samba/sbin/smbd [0x808d8f6] #8 /usr/local/samba/sbin/smbd(reply_trans+0xde2) [0x808e8e2] #9 /usr/local/samba/sbin/smbd [0x80e372d] #10 /usr/local/samba/sbin/smbd [0x80e3803] #11 /usr/local/samba/sbin/smbd(process_smb+0x215) [0x80e3b9a] #12 /usr/local/samba/sbin/smbd(smbd_process+0x195) [0x80e49b9] #13 /usr/local/samba/sbin/smbd(main+0x881) [0x827395b] #14 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015704] #15 /usr/local/samba/sbin/smbd [0x80750d1] A quick check reveals that printing.c has undergone a fairly major change to the API with many functions changing from using a sharename to being sent a service number which then has to be converted into a name for get_print_db_byname. The assert that fails is a check to make sure that the printer name is not NULL. Obviously we're dead in the water here so any help would be appreciated. __[EMAIL PROTECTED]Jonathan Knight, / Department of Computer Science / _ __ Telephone: +44 1782 583437 University of Keele, Keele, (_/ (_) / / Fax : +44 1782 713082 Staffordshire. ST5 5BG. U.K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles and PDC
We have severla samba servers which we've just tried to upgrade to using the domain based security. Most things seem to be fine but there is one problem which is causing some trouble. Roaming profiles are decalred on the PDC to be: logon path = \\ufs.%G\%U\Profiles which resolves to a folder called Profiles in the users home directory. The server ufs.%G is not the same server as the PDC. When we try to log in we get a message telling us that there is a security problem with the Roaming profile and it refuses to download. However the folder Profiles does get created on the users home directory. In the samba log files we get the error: rm43pc066-kopen (160.5.100.2) signed connect to service csa01 initially as user csa01 (uid=732, gid=426) (pid 31918) [2004/09/29 18:03:11, 0] smbd/posix_acls.c:create_canon_ace_lists(1385) create_canon_ace_lists: unable to map SID S-1-5-21-1129199182-1858052969-2540920885-2464 to uid or gid. However once logged in we can browse and play with the folder with no problem. We're running samba 3.0.7 on fedora-2 with acl support. Using %N/Profiles/%U as the logon path works fine but we want the profiles to be in the users home directory and not on the PDC. -- __[EMAIL PROTECTED]Jonathan Knight, / Department of Computer Science / _ __ Telephone: +44 1782 583437 University of Keele, Keele, (_/ (_) / / Fax : +44 1782 713082 Staffordshire. ST5 5BG. U.K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Preexec on Profiles
I'm trying to get a preexec line to work on Profiles when a windows XP system logs in. The line and script are the same as we used to use on the homes share with WIndows 98 clients on samba 2. However I cannot seem to make the preexec line trigger either on login or by explicitly mounting the share. Here's the bit from my smb.conf [Profiles] path = /var/samba/profiles preexec = /usr/local/samba/KEELE/logon %u %m %I browseable = yes guest ok = yes read only = no guest ok = yes I've tried executing the script as the user and it seems to work fine so I suspect there's a problem with the way samba is dealing with it. I've also run testparm to check it's seen the parameter and apart from renaming it as exec it appears to be intact. Here's the script #!/bin/sh # # # Logon script echo $* /tmp/log /usr/local/samba/KEELE/mozilla-profile-setup /tmp/log 21 -- __[EMAIL PROTECTED]Jonathan Knight, / Department of Computer Science / _ __ Telephone: +44 1782 583437 University of Keele, Keele, (_/ (_) / / Fax : +44 1782 713082 Staffordshire. ST5 5BG. U.K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
