Re: [Samba] [PLEASE TEST] Samba AD DC winbind hangs and timeouts
Hi Andrew (sorry for the delay,: holidays) I tested that now with Version 4.2.0pre1-GIT-940395d wbinfo --uid-info 300 returns, as waited, WBC_ERR_DOMAIN_NOT_FOUND, and there are no delays anymore, no crash, all seems to be ok now. MANY thanks !! but I made some 'getent' tests, and found : samba-tool user add u2 samba-tool group add g2 samba-tool group addmembers g2 u2 # is ok : samba-tool group listmembers g2 u2 # is ok uid=326(TEST\u2) gid=100(users) groups=100(users),327(TEST\g2) # is NOT ok : does not return group membership getent group g2 TEST\g2:*:327: is that normal with samba4 ? thanks and regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Thursday, July 11, 2013 12:13 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: me...@samba.org; sa...@samba.org; samba-techni...@samba.org Subject: [PLEASE TEST] Samba AD DC winbind hangs and timeouts A number of patches aimed at fixing the nasty set of hangs, timeouts and crashes hitting our winbind implementation in the AD DC have been merged into master. It would be really, really helpful if you could re-test master and see if your specific problem has been addressed. (It turns out there are multiple overlapping issues here, which all seem to have been uncovered by the one interfaces patch). If not, we will continue to chase this down, otherwise this should allow us to merge the fixes into 4.0 and the new 4.1 branch. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sync - sysvol and getfacl
Hi i'm pretty sure this has the same cause as https://bugzilla.samba.org/show_bug.cgi?id=9820 Philippe -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Sandbox Sent: Wednesday, July 10, 2013 8:30 AM To: samba@lists.samba.org Subject: [Samba] Sync - sysvol and getfacl Hi, I'm using Samba 4.0.5 and when I use ls -la or getfacl on eg: sysvol/Policies directory Samba dies with this error message: == samba/samba.log == [2013/07/10 07:49:30, 0] ../lib/util/fault.c:72(fault_report) === [2013/07/10 07:49:30, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 3222 (4.0.5) Please read the Trouble-Shooting section of the Samba HOWTO [2013/07/10 07:49:30, 0] ../lib/util/fault.c:75(fault_report) === but the command gave this info: # file: Policies/ # owner: root # group: 300 user::rwx user:root:rwx group::rwx group:300:rwx group:301:r-x group:302:rwx group:303:r-x group:304:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:300:rwx default:group:301:r-x default:group:302:rwx default:group:303:r-x default:group:304:rwx default:mask::rwx default:other::--- It is interesting because I dont have that kind of groups with those ID's (according to getent group and wbinfo -g) except 304 which is Group Policy Creator Owners. I suppose the other four groups are (checked from windows side): Administrators, Server Operators, SYSTEM and Authenticated Users. Can I do anything with this? My next question is: sysvol sync. My PDC's and BDC's user and group ID's are totaly different. Is it possible to set my PDC/BDC ID's equal, because as I see BDC couldn't do his job while this isn't solved. Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - File Share
Hi Natalia i have the same problem with samba4 (assign share rights to groups, e.g. read list = @RG). I don't know if it is binded, but getent group don't give me the group membership (as samba 3.6 did). i need that to make some 'SIMPLES' share (with force-user / force group) without dealing with file / directory ownership. I hope it's just a bug and will stay supported in samba4 ... regards Philippe -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Natália Vaz Sent: Wednesday, July 10, 2013 4:00 PM To: samba Subject: [Samba] Samba4 - File Share Hi. I'm trying to set up a file server in a Samba4 domain, but when I use permission groups, I can't access the directories. How can I set the shares with restricted groups? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Do not close winbind socket during use
Hi Andrew, i tried your both patches (on a 'clean' 4.0.6), and the difference is that samba is not crashing anymore, but winbind seems to be blocked after a wbinfo --uid-info 300. e.g : r...@gwnois03.test.ch ~# wbinfo --uid-info 311 TEST\Guest:*:311:312::/home/TEST/Guest:/bin/false r...@gwnois03.test.ch ~# wbinfo --uid-info 300 no response, infinite timeout Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Thursday, June 27, 2013 3:43 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE; me...@samba.org; k...@samba.org Cc: sa...@samba.org; samba-techni...@samba.org Subject: [PATCH] Do not close winbind socket during use On Wed, 2013-06-26 at 20:39 +1000, Andrew Bartlett wrote: On Mon, 2013-06-24 at 15:26 +, philippe.simo...@swisscom.com wrote: Hi Andrew, and by putting more num-callers : valgrind --num-callers=50 samba -i -M single Thanks for getting me that. I've managed to reproduce it here, but not under valgrind, and only when I hack the code to force a timeout. At least this should help me figure out why we process the winbind socket close, which is the crux of this issue. I think I've found the cause of the issue you are hitting. There is still another issue with the nested event loop in the krb5 libs, but these two patches should help significantly. As you have had more luck than I in reproducing this in a unaltered setting, please let me know if this helps. Patches are for git master, but may apply to 4.0 as well. Kai, Metze: In reading the code, I cannot see why the DNS server would not suffer the same issue, if the DNS clients closed it's socket. Should we find a more generic way to do this in service_stream, or should just duplicate this? I don't think other servers hit the same issue as they are currently 'blocking' in terms of the socket handler. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 missing group membership with getent group
Hi that's my setting today (AD with 4.06 and files server with 3.6). Working great, but my goal is really to get rid of that (just one machine). thanks and regards philippe From: Ali Bendriss [mailto:ali.bendr...@gmail.com] Sent: Friday, June 21, 2013 3:39 PM To: samba@lists.samba.org Cc: Rowland Penny; Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Subject: Re: [Samba] samba4 missing group membership with getent group On Friday, June 21, 2013 10:12:26 AM Rowland Penny wrote: Hi, well yet another reason to use sssd instead of winbind. [...] Hi, An other option is to use samba AD in one server and the file server (smbd + winbindd) in an other. Since I've done that (last year I think) I've got no problem at all. At first you may think that it's to much resources (2 servers or vm) but it's really flexible and easy to maintain. -- Ali -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
hi Andrew the interfaces = eth0, lo bind interfaces only = Yes doesn't bring anything by me, always crash. for the 2 other question I need some more time (never used valgrind, and have to re-do the bisect ...) Thanks and regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Saturday, June 22, 2013 9:09 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: sa...@samba.org; samba-techni...@samba.org Subject: Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) On Fri, 2013-06-21 at 08:10 +, philippe.simo...@swisscom.com wrote: I tried both, and I get still crashes : 0001-gensec-work-around-nested-event-loops-by-ensuring-th.patch 0002-s4-winbind-Add-special-case-for-BUILTIN-domain.patch - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model talloc: access after free error - first free may be at ../source4/kdc/db-glue.c:206 Bad talloc magic value - access after free PANIC: Bad talloc magic value - access after free Aborted philippe Does setting: interfaces = virbr0:0 lo bind interfaces only = yes help? Also, does reverting (with 'git revert HASH', where HASH is the commit id your bisect identified) help? Finally, can you run Samba under valgrind again? The error you show above doesn't seem quite right in the context, and I want to be sure we are not chasing an unrelated issue. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
Hi Andrew (and thanks Michael for your git support) when I do a git revert f77d5d6479c879c8770fbc9a6ca5656ef3e41019 I don’t have the crash anymore, wbinfo give the right WBC_ERR_DOMAIN_NOT_FOUND status. but just some more warnings after starting samba : # samba -i -M single samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'GWNOIS03.test.ch' TLS self-signed keys generated OK /usr/sbin/samba_dnsupdate: 24-Jun-2013 12:10:27.027 dns_rdata_fromtext: buffer-0x7fd284f78620:1: near 'fe80::5246:5dff:fea3:7167%eth0': bad IPv6 address /usr/sbin/samba_dnsupdate: invalid rdata format: bad IPv6 address /usr/sbin/samba_dnsupdate: syntax error /usr/sbin/samba_dnsupdate: 24-Jun-2013 12:10:27.042 dns_rdata_fromtext: buffer-0x7fcd265c7620:1: near 'fe80::5246:5dff:fea3:7167%eth0': bad IPv6 address /usr/sbin/samba_dnsupdate: invalid rdata format: bad IPv6 address /usr/sbin/samba_dnsupdate: syntax error /usr/sbin/samba_dnsupdate: 24-Jun-2013 12:10:27.056 dns_rdata_fromtext: buffer-0x7fe2f8c00620:1: near 'fe80::5246:5dff:fea3:7167%eth0': bad IPv6 address /usr/sbin/samba_dnsupdate: invalid rdata format: bad IPv6 address /usr/sbin/samba_dnsupdate: syntax error ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_UNSUCCESSFUL best regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Saturday, June 22, 2013 9:09 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: sa...@samba.org; samba-techni...@samba.org Subject: Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) On Fri, 2013-06-21 at 08:10 +, philippe.simo...@swisscom.com wrote: I tried both, and I get still crashes : 0001-gensec-work-around-nested-event-loops-by-ensuring-th.patch 0002-s4-winbind-Add-special-case-for-BUILTIN-domain.patch - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model talloc: access after free error - first free may be at ../source4/kdc/db-glue.c:206 Bad talloc magic value - access after free PANIC: Bad talloc magic value - access after free Aborted philippe Does setting: interfaces = virbr0:0 lo bind interfaces only = yes help? Also, does reverting (with 'git revert HASH', where HASH is the commit id your bisect identified) help? Finally, can you run Samba under valgrind again? The error you show above doesn't seem quite right in the context, and I want to be sure we are not chasing an unrelated issue. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
Hi Andrew, you can find here output of valgrind . thanks and regards Philippe r...@gwnois03.test.ch ~/bisect/samba-master# valgrind samba -i -M single ==8110== Memcheck, a memory error detector ==8110== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==8110== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==8110== Command: samba -i -M single ==8110== samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model ==8110== Invalid read of size 8 ==8110==at 0xA1DDC5C: krb5_cc_store_cred (cache.c:684) ==8110==by 0xA1F261F: krb5_get_credentials_with_flags (get_cred.c:1207) ==8110==by 0xA1F266A: krb5_get_credentials (get_cred.c:1220) ==8110==by 0x953CDB7: gsskrb5_get_creds (init_sec_context.c:246) ==8110==by 0x953D366: init_auth (init_sec_context.c:455) ==8110==by 0x953E168: _gsskrb5_init_sec_context (init_sec_context.c:942) ==8110==by 0x9556619: gss_init_sec_context (gss_init_sec_context.c:187) ==8110==by 0x61370BD: gensec_gssapi_update (gensec_gssapi.c:464) ==8110==by 0x61308C9: gensec_update (gensec.c:220) ==8110==by 0x612E248: gensec_spnego_create_negTokenInit (spnego.c:644) ==8110==by 0x612EC6C: gensec_spnego_update (spnego.c:842) ==8110==by 0x61301F5: gensec_spnego_update_wrapper (spnego.c:1311) ==8110== Address 0x24924930 is 0 bytes inside a block of size 24 free'd ==8110==at 0x4C27D4E: free (vg_replace_malloc.c:427) ==8110==by 0xA1DDC3E: krb5_cc_close (cache.c:666) ==8110==by 0x954CD8E: _gsskrb5_release_cred (release_cred.c:65) ==8110==by 0x9555049: gss_release_cred (gss_release_cred.c:65) ==8110==by 0x548DAC0: free_gssapi_creds (credentials_krb5.c:443) ==8110==by 0x679C161: _talloc_free_internal (talloc.c:831) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110== ==8110== Invalid read of size 8 ==8110==at 0xA203B3D: mcc_store_cred (mcache.c:239) ==8110==by 0xA1DDC73: krb5_cc_store_cred (cache.c:684) ==8110==by 0xA1F261F: krb5_get_credentials_with_flags (get_cred.c:1207) ==8110==by 0xA1F266A: krb5_get_credentials (get_cred.c:1220) ==8110==by 0x953CDB7: gsskrb5_get_creds (init_sec_context.c:246) ==8110==by 0x953D366: init_auth (init_sec_context.c:455) ==8110==by 0x953E168: _gsskrb5_init_sec_context (init_sec_context.c:942) ==8110==by 0x9556619: gss_init_sec_context (gss_init_sec_context.c:187) ==8110==by 0x61370BD: gensec_gssapi_update (gensec_gssapi.c:464) ==8110==by 0x61308C9: gensec_update (gensec.c:220) ==8110==by 0x612E248: gensec_spnego_create_negTokenInit (spnego.c:644) ==8110==by 0x612EC6C: gensec_spnego_update (spnego.c:842) ==8110== Address 0x24924940 is 16 bytes inside a block of size 24 free'd ==8110==at 0x4C27D4E: free (vg_replace_malloc.c:427) ==8110==by 0xA1DDC3E: krb5_cc_close (cache.c:666) ==8110==by 0x954CD8E: _gsskrb5_release_cred (release_cred.c:65) ==8110==by 0x9555049: gss_release_cred (gss_release_cred.c:65) ==8110==by 0x548DAC0: free_gssapi_creds (credentials_krb5.c:443) ==8110==by 0x679C161: _talloc_free_internal (talloc.c:831) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110==by 0x679D1B8: _talloc_free_children_internal (talloc.c:1256) ==8110==by 0x679C304: _talloc_free_internal (talloc.c:851) ==8110== ==8110== Invalid read of size 4 ==8110==at 0xA203B49: mcc_store_cred (mcache.c:243) ==8110==by 0xA1DDC73: krb5_cc_store_cred (cache.c:684) ==8110==by 0xA1F261F: krb5_get_credentials_with_flags (get_cred.c:1207) ==8110==by 0xA1F266A: krb5_get_credentials (get_cred.c:1220) ==8110==by 0x953CDB7: gsskrb5_get_creds (init_sec_context.c:246) ==8110==by 0x953D366: init_auth (init_sec_context.c:455) ==8110==by 0x953E168: _gsskrb5_init_sec_context (init_sec_context.c:942) ==8110==by 0x9556619: gss_init_sec_context (gss_init_sec_context.c:187) ==8110==by 0x61370BD: gensec_gssapi_update (gensec_gssapi.c:464) ==8110==by 0x61308C9: gensec_update (gensec.c:220) ==8110==by 0x612E248: gensec_spnego_create_negTokenInit (spnego.c:644) ==8110==by 0x612EC6C: gensec_spnego_update (spnego.c:842) ==8110== Address 0x2199ed0c is 12 bytes inside a block of size 56 free'd ==8110==at 0x4C27D4E: free (vg_replace_malloc.c:427) ==8110==by 0xA1EC05D: krb5_data_free (data.c:66) ==8110==by 0xA2039E9: mcc_close (mcache.c:189)
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
Hi Andrew, many thanks for you patch, i tested it on 2 different systems but without success (the crash is always happening). before applying the patch, I had a strange problem : I couldn't reproduce the problem (with wbinfo --uid-info 300) on one of the machine. no chance even if I reinstall, re-provision, ...). I finally reboot the machine and after the reboot the crash was reproduceable again (...) on both machines, what I've done : (...untar...) cd samba-4.0.6 patch -p1 0001-s4-winbind-Add-special-case-for-BUILTIN-domain.patch ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs make make install rm /etc/samba/smb.conf samba-tool domain provision --dns-backend=BIND9_FLATFILE --server-role=dc --realm TEST.CH --domain TEST --adminpass=Pa$$w0rd samba -i -M single and - wbinfo --uid-info 300 I get : - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'WZ3.test3.ch' TLS self-signed keys generated OK === INTERNAL ERROR: Signal 11 in pid 4844 (4.0.6) Please read the Trouble-Shooting section of the Samba HOWTO === PANIC: internal error Aborted - Best regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Tuesday, June 18, 2013 4:50 AM To: Samba Technical Cc: sa...@samba.org; Alex Matthews; Simonet Philippe, ITS-OUS-OP-IFM- NW-IPE Subject: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) This patch attempts to address an issue some have reported where our nss_winbind is even slower than it's simple non-caching implementation needs to be. I think this comes from us not handling the BUILTIN domain properly, and so we constantly attempt to contact the DC, and then fail an internal validation step, throwing away that connection. I think this is also the cause of crashes folks have seen. Can I get some confirmation that this helps, so I can merge this into master (and then 4.0.x)? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 missing group membership with getent group
Hi Samba users using samba 4.0.6, having /etc/nsswitch.conf that use winbind, getent group does not display the group members. to reproduce that : (my domain is test3.ch) samba-tool user add u1 samba-tool group add g1 samba-tool group addmembers g1 u1 id u1 returns : uid=326(TEST3\u1) gid=100(users) groups=100(users),327(TEST3\g1) but getent group does not return group/user membership : TEST3\g1:*:327: any advices ? Philippe Simonet -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
Hi Andrew, sorry (my English...) I was not clear. I tried to say that the patch does not change anything for me, the crash is still here. best regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Friday, June 21, 2013 9:18 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: samba-techni...@samba.org; sa...@samba.org; qoole.sa...@lillimoth.com Subject: Re: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) On Fri, 2013-06-21 at 05:58 +, philippe.simo...@swisscom.com wrote: Hi Andrew, many thanks for you patch, i tested it on 2 different systems but without success (the crash is always happening). before applying the patch, I had a strange problem : I couldn't reproduce the problem (with wbinfo --uid-info 300) on one of the machine. no chance even if I reinstall, re-provision, ...). I finally reboot the machine and after the reboot the crash was reproduceable again (...) Thank you for finally getting back to me on this. After seeing it once, I was also unable to reproduce the crash, and so was patching blind. This remains illusive. Does this alternative patch help? on both machines, what I've done : (...untar...) cd samba-4.0.6 patch -p1 0001-s4-winbind-Add-special-case-for-BUILTIN-domain.patch ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs make make install rm /etc/samba/smb.conf samba-tool domain provision --dns-backend=BIND9_FLATFILE --server-role=dc --realm TEST.CH --domain TEST --adminpass=Pa$$w0rd samba -i -M single and - wbinfo --uid-info 300 I get : - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'WZ3.test3.ch' TLS self-signed keys generated OK == = INTERNAL ERROR: Signal 11 in pid 4844 (4.0.6) Please read the Trouble-Shooting section of the Samba HOWTO == = PANIC: internal error Aborted - Best regards Philippe Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
I tried both, and I get still crashes : 0001-gensec-work-around-nested-event-loops-by-ensuring-th.patch 0002-s4-winbind-Add-special-case-for-BUILTIN-domain.patch - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model talloc: access after free error - first free may be at ../source4/kdc/db-glue.c:206 Bad talloc magic value - access after free PANIC: Bad talloc magic value - access after free Aborted philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Friday, June 21, 2013 9:35 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: samba-techni...@samba.org; sa...@samba.org; qoole.sa...@lillimoth.com Subject: Re: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) On Fri, 2013-06-21 at 07:23 +, philippe.simo...@swisscom.com wrote: Hi Andrew, sorry (my English...) I was not clear. I tried to say that the patch does not change anything for me, the crash is still here. Which (named) patch did you try? I've attached both patches which I proposed. Each attempts to solve the problem in a different way. Please try each of them, and tell me if you still get the crash. Thanks, Andrew Bartlett best regards Philippe -Original Message- From: Andrew Bartlett [mailto:abart...@samba.org] Sent: Friday, June 21, 2013 9:18 AM To: Simonet Philippe, ITS-OUS-OP-IFM-NW-IPE Cc: samba-techni...@samba.org; sa...@samba.org; qoole.sa...@lillimoth.com Subject: Re: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups) On Fri, 2013-06-21 at 05:58 +, philippe.simo...@swisscom.com wrote: Hi Andrew, many thanks for you patch, i tested it on 2 different systems but without success (the crash is always happening). before applying the patch, I had a strange problem : I couldn't reproduce the problem (with wbinfo --uid-info 300) on one of the machine. no chance even if I reinstall, re-provision, ...). I finally reboot the machine and after the reboot the crash was reproduceable again (...) Thank you for finally getting back to me on this. After seeing it once, I was also unable to reproduce the crash, and so was patching blind. This remains illusive. Does this alternative patch help? on both machines, what I've done : (...untar...) cd samba-4.0.6 patch -p1 0001-s4-winbind-Add-special-case-for-BUILTIN-domain.patch ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs make make install rm /etc/samba/smb.conf samba-tool domain provision --dns-backend=BIND9_FLATFILE --server-role=dc --realm TEST.CH --domain TEST --adminpass=Pa$$w0rd samba -i -M single and - wbinfo --uid-info 300 I get : - samba version 4.0.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 samba: using 'single' process model Attempting to autogenerate TLS self-signed keys for https for hostname 'WZ3.test3.ch' TLS self-signed keys generated OK == = INTERNAL ERROR: Signal 11 in pid 4844 (4.0.6) Please read the Trouble-Shooting section of the Samba HOWTO == = PANIC: internal error Aborted - Best regards Philippe Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 missing group membership with getent group
Hi Steve getent group TEST3\g1 give an empty result, and getent group TEST3\\g1 with the same result as getent group g1, without user/group membership. in fact my problem goes further : shares access control (write list, ...) does not work for @g1, only with u1 ... Philippe -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of steve Sent: Friday, June 21, 2013 9:31 AM To: samba@lists.samba.org Subject: Re: [Samba] samba4 missing group membership with getent group On Fri, 2013-06-21 at 06:23 +, philippe.simo...@swisscom.com wrote: Hi Samba users but getent group does not return group/user membership : TEST3\g1:*:327: any advices ? It doesn't work for groups:( use: getent group TEST\g1 hth Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.6 Available for Download : crash of winbind after ls -la ...sysvol
Hi Steve i'm not sure about that : I tried with btrfs and ext4 with the same behavior. and wbinfo should not something to do with fs acl support, or ? Philippe -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of steve Sent: Saturday, May 25, 2013 8:42 AM To: samba@lists.samba.org Subject: Re: [Samba] [Announce] Samba 4.0.6 Available for Download : crash of winbind after ls -la ...sysvol On Fri, 2013-05-24 at 19:02 +0200, Michael Wood wrote: Hi You might try getting hold of one of the Samba developers on IRC and asking them about this. Hi It fails when the file system doesn't support acl's. It's one of those were it's both a uid and a gid: wbinfo --sid-to-name=S-1-5-32-544 BUILTIN\Administrators 4 wbinfo --sid-to-uid=S-1-5-32-544 300 wbinfo --sid-to-gid=S-1-5-32-544 300 ls -la /usr/local/samba/var/locks/sysvol total 20 drwxrwx---+ 3 root 300 4096 Apr 20 22:01 . drwxr-xr-x 3 root root4096 Apr 20 22:02 .. drwxrwx---+ 4 root 300 4096 Apr 20 22:01 hh3.site getfacl /usr/local/samba/var/locks/sysvol getfacl: Removing leading '/' from absolute path names # file: usr/local/samba/var/locks/sysvol # owner: root # group: 300 user::rwx user:root:rwx group::rwx group:300:rwx group:301:r-x group:302:rwx group:303:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:300:rwx default:group:301:r-x default:group:302:rwx default:group:303:r-x default:mask::rwx HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.0.6 Available for Download : crash of winbind after ls -la ...sysvol
Hi all, with this version, as in 4.0.5, i have always the windbind crash after wbinfo --uid-info 300 or ls -la sysvol/ my system 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2+deb7u2 x86_64 GNU/Linux I already post here some information (no problem with 4.0.4, found last stable patch with bisect), could someone help me ? thanks and regards philippe -Original Message- From: samba-announce-boun...@lists.samba.org [mailto:samba-announce- boun...@lists.samba.org] On Behalf Of Karolin Seeger Sent: Tuesday, May 21, 2013 9:31 AM To: samba-annou...@samba.org; sa...@samba.org; samba- techni...@samba.org Subject: [Announce] Samba 4.0.6 Available for Download == === It's kind of fun to do the impossible. Walt Disney == === Release Announcements - This is is the latest stable release of Samba 4.0. Major enhancements in Samba 4.0.6 include: o Fix crash during Win8 sync (bug #9822). o Fix segfault when loging in with wrong password from w2k8r2 (bug #9834). Changes since 4.0.5: o Jeremy Allison j...@samba.org * BUG 9412: SMB2 server doesn't support recvfile. * BUG 9722: Properly handle oplock breaks in compound requests. * BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading. * BUG 9811: Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem. * BUG 9822: Fix crash during Win8 sync. o Anand Avati av...@redhat.com * BUG 9833: Function called in unix_convert() path can overwrite errno. o Andrew Bartlett abart...@samba.org * BUG 9785: Use specified python for runtime installation of Samba. * BUG 9834: Fix segfault when loging in with wrong password from w2k8r2. o Alexander Bokovoy a...@samba.org * BUG 9767: Fix 'net ads join' when called via stdin. o David Disseldorp dd...@samba.org * BUG 9807: wbinfo: Fix segfault in wbinfo_pam_logon. * BUG 9830: Fix panic in nt_printer_publish_ads. o Volker Lendecke v...@samba.org * BUG 9775: Fix segfault for artificial conn_structs in vfs_fake_perms. * BUG 9809: Package new dbwrap_tool man page. * BUG 9824: SMB signing and the async echo responder don't work together. * BUG 9832: talloc use after free in winbind4. * BUG 9854: Fix NULL pointer dereference in Winbind. * BUG 9868: Fix making LIBNDR_PREG_OBJ. o Stefan Metzmacher me...@samba.org * BUG 9545: Fix the build of vfs_notify_fam. * BUG 9803: Change '--with-dmapi' to 'default=auto' to match the autoconf build. * BUG 9804: wafsamba: Display the default value in help for SAMBA3_ADD_OPTION. * BUG 9382: Add support for PFC_FLAG_OBJECT_UUID when parsing packets. o Andreas Schneider a...@samba.org * BUG 9139: Fix the username map optimization. * BUG 9699: Fix adding case sensitive spn. * BUG 9766: Cache name_to_sid/sid_to_name correctly. * BUG 9817: Fix 'map untrusted to domain' with NTLMv2. o Richard Sharpe realrichardsha...@gmail.com * BUG 9722: Properly handle oplock breaks in compound requests. o Ralph Wuerthner ralph.wuerth...@de.ibm.com * BUG 9782: Fix panic when running 'smbtorture smb.base'. ### Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.0 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/stable/ The release notes are available online at: http://www.samba.org/samba/history/samba-4.0.6.html Binary packages will be made available on a volunteer basis from http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -- To
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
Many thanks Michae for your answer,l here the results of bisect and some samba 'strange' console output. I hope this can help best regards Philippe - to produce the problem : - ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs make install samba -i -M single wbinfo --uid-info 300 - last bisect : - git bisect good f77d5d6479c879c8770fbc9a6ca5656ef3e41019 is the first bad commit commit f77d5d6479c879c8770fbc9a6ca5656ef3e41019 Author: Timur Bakeyev ti...@freebsd.org Date: Wed Feb 27 16:25:07 2013 -0800 Fix bug # 9666 - Broken filtering of link-local addresses. This patch should address the problem with Link Local addresses on FreeBSD and Linux. Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Mar 1 18:21:19 CET 2013 on sn-devel-104 :04 04 e022079ce7298f5cfa9d99e51e7afedb35048b02 164c1aba055b0179d3b47f415f6e3e5b3cd7 M lib - and interesting : the samba console log when the wbinfo is working well is MUCH shorter : wbinfo ok : - Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 interpret_string_addr_internal: getaddrinfo failed for name (null) (flags 4) [Name or service not known] not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 interpret_addr: host address is invalid for host fe80::5246:5dff:fea3:7167%eth0 Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] wbinfo doing samba crash :: - Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 interpret_string_addr_internal: getaddrinfo failed for name (null) (flags 4) [Name or service not known] not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 not adding non-broadcast interface tun0 not adding non-broadcast interface tun1 /usr/sbin/smbd: Allowed connection from 192.168.1.113 (192.168.1.113) /usr/sbin/smbd: init_oplocks: initializing messages. /usr/sbin/smbd: Transaction 0 of length 194 (0 toread) /usr/sbin/smbd: switch message SMBnegprot (pid 14995) conn 0x0 /usr/sbin/smbd: Requested protocol [PC NETWORK PROGRAM 1.0] /usr/sbin/smbd: Requested protocol [MICROSOFT NETWORKS 1.03] /usr/sbin/smbd: Requested protocol [MICROSOFT NETWORKS 3.0] /usr/sbin/smbd: Requested protocol [LANMAN1.0] /usr/sbin/smbd: Requested protocol [LM1.2X002] /usr/sbin/smbd: Requested protocol [DOS LANMAN2.1] /usr/sbin/smbd: Requested protocol [LANMAN2.1] /usr/sbin/smbd: Requested protocol [Samba] /usr/sbin/smbd: Requested protocol [NT LANMAN 1.0] /usr/sbin/smbd: Requested protocol [NT LM 0.12] /usr/sbin/smbd: GENSEC backend 'gssapi_spnego' registered /usr/sbin/smbd: GENSEC backend 'gssapi_krb5' registered /usr/sbin/smbd: GENSEC backend 'gssapi_krb5_sasl' registered /usr/sbin/smbd: GENSEC backend 'schannel' registered /usr/sbin/smbd: GENSEC backend 'spnego' registered /usr/sbin/smbd: GENSEC backend 'ntlmssp' registered /usr/sbin/smbd: GENSEC backend 'krb5' registered /usr/sbin/smbd: GENSEC backend 'fake_gssapi_krb5' registered /usr/sbin/smbd: ldb_wrap open
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
Hi all, just as info, i also have the same crash with debian wheezy and samba 4.0.5, by just doing wbinfo --uid-info 300 and also only when the nssswitch.conf have compat winbind but i didn't have this crash with 4.0.4, in this case NO problem. best regards philippe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
Hi all, just as info, i can reproduce this crash with debian wheezy with 4.0.5, by just doing wbinfo --uid-info 300 and only when the nssswitch.conf have compat winbind i didn't have this crash with 4.0.4. best regards philippe -- View this message in context: http://samba.2283325.n4.nabble.com/samba4-crash-of-winbind-after-ls-l-usr-local-samba-var-locks-sysvol-tp4646715p4647257.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba