Bug#337070: winbind: same malfunction here
On Sun, Nov 06, 2005 at 08:20:31AM +0100, Christian Perrier wrote: So does this mean that winbindd can't be started on systems that are members of workgroups, rather than domains? Should we be splitting libnss_wins into My knowledge of winbind would answer yes to the above question. How about adding this to the init script then?: if [ `testparm -s --parameter-name='domain logons' 2/dev/null` = No ] \ [ `testparm -s --parameter-name='security' 2/dev/null` != DOMAIN ] then exit 0 fi This solves the problem with spurious errors for users for whom winbind won't work, without having to split packages. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#337070: winbind: same malfunction here
How about adding this to the init script then?: if [ `testparm -s --parameter-name='domain logons' 2/dev/null` = No ] \ [ `testparm -s --parameter-name='security' 2/dev/null` != DOMAIN ] then exit 0 fi I'm not completely sure that using winbindd is limited to security=domain. I have no experience of security=ads for instance. Same for security=server. But, again, I'm not sure of all this. I actually just feel it would be too restrictive maybe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337070: winbind: same malfunction here
On Sun, Nov 06, 2005 at 09:17:21AM +0100, Christian Perrier wrote: How about adding this to the init script then?: if [ `testparm -s --parameter-name='domain logons' 2/dev/null` = No ] \ [ `testparm -s --parameter-name='security' 2/dev/null` != DOMAIN ] then exit 0 fi I'm not completely sure that using winbindd is limited to security=domain. I have no experience of security=ads for instance. Same for security=server. True enough, I forgot that it would need to support security=ads as well. (security=server is a kludge, though, and I'd be fine with not supporting it all -- and I particularly think we don't need to be supporting winbind in that config, since if it *did* work, it would be a security risk.) I talked to Andrew Bartlett on IRC briefly about this, and am convinced that the right solution is to fix winbindd so that it exits with a specific error code in situations when it shouldn't be running. That spares us trying to do string comparisons that rely on the output of testparm. I'll bring this up for discussion on the samba-technical list. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#337070: winbind: same malfunction here
Package: winbind Version: 3.0.20b-2 Followup-For: Bug #337070 After upgrading from winbind (3.0.14a-6) to 3.0.20b-2 and samba (3.0.14a-6) to 3.0.20b-2 I have the same behaviour. Additonally here the contents of the /var/log/samba/log.winbind file: [2005/11/05 21:14:34, 1] nsswitch/winbindd.c:main(935) winbindd version 3.0.20b-Debian started. Copyright The Samba Team 2000-2004 [2005/11/05 21:14:34, 0] nsswitch/winbindd_util.c:winbindd_param_init(768) winbindd: idmap uid range missing or invalid [2005/11/05 21:14:34, 0] nsswitch/winbindd_util.c:winbindd_param_init(769) winbindd: cannot continue, exiting. [2005/11/05 21:14:34, 1] nsswitch/winbindd.c:main(968) Could not init idmap -- netlogon proxy only [2005/11/05 21:14:34, 0] lib/util.c:smb_panic2(1538) smb_panic(): calling panic action [/usr/share/samba/panic-action 8242] /etc/samba/gdbcommands:1: Error in sourced command file: Previous frame inner to this frame (corrupt stack?) [2005/11/05 21:14:34, 0] lib/util.c:smb_panic2(1546) smb_panic(): action returned status 0 [2005/11/05 21:14:34, 0] lib/util.c:smb_panic2(1548) PANIC: Could not fetch our SID - did we join? [2005/11/05 21:14:34, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 6 stack frames: #0 /usr/sbin/winbindd(smb_panic2+0x7b) [0x800a290b] #1 /usr/sbin/winbindd(smb_panic+0x11) [0x800a2b31] #2 /usr/sbin/winbindd(init_domain_list+0x13f) [0x80037d4f] #3 /usr/sbin/winbindd(main+0x481) [0x80030b71] #4 /lib/tls/libc.so.6(__libc_start_main+0xd0) [0xb7cc9ec0] #5 /usr/sbin/winbindd [0x8002f301] Before upgrading winbind works fine, the smb.conf is left unchanged. I use winbind only for host name resolution in a little network of three Windows and on Debian boxes. I hope my information makes it easier, to find the bug. Have a nice weekend -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages winbind depends on: ii libc6 2.3.5-6GNU C Library: Shared libraries an ii libcomerr21.38-2 common error description library ii libkrb53 1.3.6-5MIT Kerberos runtime libraries ii libldap2 2.1.30-12 OpenLDAP libraries ii libpam0g 0.79-3 Pluggable Authentication Modules l ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libroken16-kerberos4kth 1.2.2-11.3 Roken Libraries for Kerberos4 From winbind recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#337070: winbind: same malfunction here
On Sat, 2005-11-05 at 21:55 +0100, Axel Ludszuweit wrote: Package: winbind Version: 3.0.20b-2 Followup-For: Bug #337070 Before upgrading winbind works fine, the smb.conf is left unchanged. I use winbind only for host name resolution in a little network of three Windows and on Debian boxes. I hope my information makes it easier, to find the bug. I don't think nss_wins uses winbindd on linux. Due to the new structure of winbind, I think this is considered deliberate, but could be worked around by making your box think it is a PDC of it's own domain. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part
Bug#337070: winbind: same malfunction here
On Sun, Nov 06, 2005 at 08:59:12AM +1100, Andrew Bartlett wrote: On Sat, 2005-11-05 at 21:55 +0100, Axel Ludszuweit wrote: Package: winbind Version: 3.0.20b-2 Followup-For: Bug #337070 Before upgrading winbind works fine, the smb.conf is left unchanged. I use winbind only for host name resolution in a little network of three Windows and on Debian boxes. I hope my information makes it easier, to find the bug. I don't think nss_wins uses winbindd on linux. Due to the new structure of winbind, I think this is considered deliberate, but could be worked around by making your box think it is a PDC of it's own domain. So does this mean that winbindd can't be started on systems that are members of workgroups, rather than domains? Should we be splitting libnss_wins into a separate package from winbind, so that users who want the former don't get spurious errors from the latter? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#337070: winbind: same malfunction here
So does this mean that winbindd can't be started on systems that are members of workgroups, rather than domains? Should we be splitting libnss_wins into My knowledge of winbind would answer yes to the above question. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]