[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
Andreas Hasenack
andreas at canonical.com
Wed Apr 18 20:56:20 UTC 2018
After a lot of experimentation, I got my samba server, with "security =
ads" but no winbind and no "net ads join" command, to authenticate an AD
user using kerberos.
What nailed it was to use setspn on the windows side to add
cifs/<hostname> to the computer account, like this (for a "bionic-sssd"
computer account):
setspn -S cifs/bionic-sssd bionic-sssd
After that, this worked:
testuser1 at lowtech.internal@bionic-sssd:~$ smbclient //bionic-sssd/myshare -k
WARNING: The "syslog" option is deprecated
Try "help" to get a list of possible commands.
smb: \> dir
. D 0 Wed Apr 18 20:29:20 2018
.. D 0 Wed Apr 18 20:50:25 2018
hello.txt N 13 Wed Apr 18 20:29:20 2018
7950756 blocks of size 1024. 6300604 blocks available
smb: \> testuser1 at lowtech.internal@bionic-sssd:~$ klist
Ticket cache: FILE:/tmp/krb5cc_45001119_1zpGGU
Default principal: testuser1 at LOWTECH.INTERNAL
Valid starting Expires Service principal
04/18/18 20:51:05 04/19/18 06:51:05 krbtgt/LOWTECH.INTERNAL at LOWTECH.INTERNAL
renew until 04/19/18 20:51:05
04/18/18 20:51:49 04/19/18 06:51:05 cifs/bionic-sssd at LOWTECH.INTERNAL
testuser1 at lowtech.internal@bionic-sssd:~$ id
uid=45001119(testuser1 at lowtech.internal) gid=45000513(domain users at lowtech.internal) groups=45000513(domain users at lowtech.internal)
testuser1 at lowtech.internal@bionic-sssd:~$ grep testuser /etc/passwd
testuser1 at lowtech.internal@bionic-sssd:~$
My smb.conf has:
[global]
workgroup = LOWTECH
realm = LOWTECH.INTERNAL
kerberos method = system keytab
server role = member server
security = ads
...
Ah, and I didn't have to use the updated packages from my ppa, because I
set "kerberos method = system keytab", so it wasn't trying "secrets"
which is where the crash happens.
At some point I also installed libwbclient-sssd, during the experimentation. I can't say if it was essential now.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] samba PANIC, INTERNAL ERROR: Signal 11
Status in samba:
Unknown
Status in samba package in Ubuntu:
Confirmed
Bug description:
Our Ubuntu clients are in an AD domain using realm. Accessing a samba share (SSO) with dolphin/nautilus (smb://HOST/share) is working on ubuntu clients where the host with the shared directory is ubuntu 16.04 or 17.10.
Accessing the shared folder on ubuntu 18.04 with same configuration as 16.04 or 17.10 clients throws a panic on the system with 18.04:
/var/log/samba/log.LOCALHOST on HOST with 18.04
===============================================
[2018/04/06 13:43:50.360655, 5] ../source3/smbd/reply.c:780(reply_special)
init msg_type=0x81 msg_flags=0x0
[2018/04/06 13:43:50.361179, 3] ../source3/smbd/process.c:1959(process_smb)
Transaction 0 of length 194 (0 toread)
[2018/04/06 13:43:50.361241, 5] ../source3/lib/util.c:184(show_msg)
[2018/04/06 13:43:50.361264, 5] ../source3/lib/util.c:194(show_msg)
size=190
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51267
smb_tid=0
smb_pid=65534
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=155
[2018/04/06 13:43:50.361467, 3] ../source3/smbd/process.c:1539(switch_message)
switch message SMBnegprot (pid 2538) conn 0x0
[2018/04/06 13:43:50.361554, 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/04/06 13:43:50.361617, 5] ../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/04/06 13:43:50.361667, 5] ../source3/auth/token_util.c:651(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/04/06 13:43:50.361766, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/04/06 13:43:50.363559, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2018/04/06 13:43:50.363638, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2018/04/06 13:43:50.363677, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2018/04/06 13:43:50.363712, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN1.0]
[2018/04/06 13:43:50.363747, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LM1.2X002]
[2018/04/06 13:43:50.363782, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [DOS LANMAN2.1]
[2018/04/06 13:43:50.363817, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN2.1]
[2018/04/06 13:43:50.363852, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [Samba]
[2018/04/06 13:43:50.363888, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LANMAN 1.0]
[2018/04/06 13:43:50.363924, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LM 0.12]
[2018/04/06 13:43:50.364019, 5] ../lib/dbwrap/dbwrap.c:160(dbwrap_check_lock_order)
check lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364077, 5] ../lib/dbwrap/dbwrap.c:128(dbwrap_lock_order_state_destructor)
release lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364259, 5] ../source3/auth/auth.c:537(make_auth3_context_for_ntlm)
Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2018/04/06 13:43:50.364282, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend trustdomain
[2018/04/06 13:43:50.364300, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'trustdomain'
[2018/04/06 13:43:50.364316, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend ntdomain
[2018/04/06 13:43:50.364334, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'ntdomain'
[2018/04/06 13:43:50.364352, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend guest
[2018/04/06 13:43:50.364364, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'guest'
[2018/04/06 13:43:50.364392, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam
[2018/04/06 13:43:50.364404, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam'
[2018/04/06 13:43:50.364415, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2018/04/06 13:43:50.364427, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2018/04/06 13:43:50.364438, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_netlogon3
[2018/04/06 13:43:50.364450, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_netlogon3'
[2018/04/06 13:43:50.364461, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend winbind
[2018/04/06 13:43:50.364473, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'winbind'
[2018/04/06 13:43:50.364484, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend unix
[2018/04/06 13:43:50.364502, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'unix'
[2018/04/06 13:43:50.364514, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2018/04/06 13:43:50.364527, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method guest has a valid init
[2018/04/06 13:43:50.364539, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2018/04/06 13:43:50.364551, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method sam_ignoredomain has a valid init
[2018/04/06 13:43:50.365880, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2018/04/06 13:43:50.365916, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2018/04/06 13:43:50.365930, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2018/04/06 13:43:50.365942, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2018/04/06 13:43:50.365954, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2018/04/06 13:43:50.365967, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2018/04/06 13:43:50.365979, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2018/04/06 13:43:50.365992, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2018/04/06 13:43:50.366004, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2018/04/06 13:43:50.366017, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2018/04/06 13:43:50.366029, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2018/04/06 13:43:50.366042, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2018/04/06 13:43:50.366055, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2018/04/06 13:43:50.366109, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/06 13:43:50.366144, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gse_krb5
[2018/04/06 13:43:50.366323, 0] ../lib/util/fault.c:78(fault_report)
===============================================================
[2018/04/06 13:43:50.366346, 0] ../lib/util/fault.c:79(fault_report)
INTERNAL ERROR: Signal 11 in pid 2538 (4.7.6-Ubuntu)
Please read the Trouble-Shooting section of the Samba HOWTO
[2018/04/06 13:43:50.366368, 0] ../lib/util/fault.c:81(fault_report)
===============================================================
[2018/04/06 13:43:50.366387, 0] ../source3/lib/util.c:815(smb_panic_s3)
PANIC (pid 2538): internal error
[2018/04/06 13:43:50.366896, 0] ../source3/lib/util.c:926(log_stack_trace)
BACKTRACE: 33 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f738c2bd9cf]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f738c2bdaa0]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f738e3a65af]
#3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x197c6) [0x7f738e3a67c6]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12890) [0x7f738e817890]
#5 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x8070) [0x7f73866c5070]
#6 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x95) [0x7f73866c5ac5]
#7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xac89) [0x7f73866c7c89]
#8 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0x187a5) [0x7f73864ab7a5]
#9 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xa2a7) [0x7f738649d2a7]
#10 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xb7fe) [0x7f738649e7fe]
#11 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_update_ev+0x64) [0x7f73864aafa4]
#12 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(negprot_spnego+0xa8) [0x7f738df764f8]
#13 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12ba3b) [0x7f738df76a3b]
#14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_negprot+0x4e3) [0x7f738df771f3]
#15 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1814ca) [0x7f738dfcc4ca]
#16 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x183aee) [0x7f738dfceaee]
#17 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1849fc) [0x7f738dfcf9fc]
#18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#20 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#23 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7f738dfd0d78]
#24 /usr/sbin/smbd(+0xcfcc) [0x55a15e207fcc]
#25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#28 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#30 /usr/sbin/smbd(main+0x1d0a) [0x55a15e20334a]
#31 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f738ab16b97]
#32 /usr/sbin/smbd(_start+0x2a) [0x55a15e20345a]
[2018/04/06 13:43:50.367078, 0] ../source3/lib/util.c:827(smb_panic_s3)
smb_panic(): calling panic action [/usr/share/samba/panic-action 2538]
30 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory.
mail: cannot send message: Process exited with a non-zero status
[2018/04/06 13:43:51.587520, 0] ../source3/lib/util.c:835(smb_panic_s3)
smb_panic(): action returned status 36
[2018/04/06 13:43:51.587618, 0] ../source3/lib/dumpcore.c:318(dump_core)
coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern[2018/04/06 13:43:52.153171, 5]
client
======
HOST: Ubuntu 18.04RC (2018-04-06), amd64
samba: 4.7.6+dfsg~ubuntu-0ubuntu1
krb5: 1.16-2build1
sssd: 1.16.0-5ubuntu2
This is a blocker for us to upgrade from 16.04 to 18.04 after release. :-(
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions
More information about the foundations-bugs
mailing list