[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
Alexander Fieroch
1761737 at bugs.launchpad.net
Thu Apr 19 08:33:04 UTC 2018
> Above when you said "it works" after trying "net ads join", did you
mean just the join, or that samba started to authenticate domain users
normally?
After additionally trying "net ads join" samba started to authenticate
domain users normally. I can access a shared directory with a domain
user without smb crash.
> check if "net ads join" creates another entry in the keytab file
Yes, "net ads join" additionally adds cifs/* entries in the keytab file.
I'm asking samba at lists.samba.org if an additional "net ads join" is
necessary when joining to AD by realm and use sssd for authentication.
> After a lot of experimentation, I got my samba server, with "security = ads" but no winbind and no "net ads join" command, to authenticate an AD user using kerberos.
> What nailed it was to use setspn on the windows side to add cifs/<hostname> to the computer account, like this (for a "bionic-sssd" computer account):
>
> setspn -S cifs/bionic-sssd bionic-sssd
Same here! It is also working with adding SPN host/ instead of cifs/.
Is there any linux tool that can rpc and create SPNs on the DC?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] samba PANIC, INTERNAL ERROR: Signal 11
Status in samba:
Unknown
Status in samba package in Ubuntu:
Confirmed
Bug description:
Our Ubuntu clients are in an AD domain using realm. Accessing a samba share (SSO) with dolphin/nautilus (smb://HOST/share) is working on ubuntu clients where the host with the shared directory is ubuntu 16.04 or 17.10.
Accessing the shared folder on ubuntu 18.04 with same configuration as 16.04 or 17.10 clients throws a panic on the system with 18.04:
/var/log/samba/log.LOCALHOST on HOST with 18.04
===============================================
[2018/04/06 13:43:50.360655, 5] ../source3/smbd/reply.c:780(reply_special)
init msg_type=0x81 msg_flags=0x0
[2018/04/06 13:43:50.361179, 3] ../source3/smbd/process.c:1959(process_smb)
Transaction 0 of length 194 (0 toread)
[2018/04/06 13:43:50.361241, 5] ../source3/lib/util.c:184(show_msg)
[2018/04/06 13:43:50.361264, 5] ../source3/lib/util.c:194(show_msg)
size=190
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51267
smb_tid=0
smb_pid=65534
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=155
[2018/04/06 13:43:50.361467, 3] ../source3/smbd/process.c:1539(switch_message)
switch message SMBnegprot (pid 2538) conn 0x0
[2018/04/06 13:43:50.361554, 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/04/06 13:43:50.361617, 5] ../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/04/06 13:43:50.361667, 5] ../source3/auth/token_util.c:651(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/04/06 13:43:50.361766, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/04/06 13:43:50.363559, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2018/04/06 13:43:50.363638, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2018/04/06 13:43:50.363677, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2018/04/06 13:43:50.363712, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN1.0]
[2018/04/06 13:43:50.363747, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LM1.2X002]
[2018/04/06 13:43:50.363782, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [DOS LANMAN2.1]
[2018/04/06 13:43:50.363817, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN2.1]
[2018/04/06 13:43:50.363852, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [Samba]
[2018/04/06 13:43:50.363888, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LANMAN 1.0]
[2018/04/06 13:43:50.363924, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LM 0.12]
[2018/04/06 13:43:50.364019, 5] ../lib/dbwrap/dbwrap.c:160(dbwrap_check_lock_order)
check lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364077, 5] ../lib/dbwrap/dbwrap.c:128(dbwrap_lock_order_state_destructor)
release lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364259, 5] ../source3/auth/auth.c:537(make_auth3_context_for_ntlm)
Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2018/04/06 13:43:50.364282, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend trustdomain
[2018/04/06 13:43:50.364300, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'trustdomain'
[2018/04/06 13:43:50.364316, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend ntdomain
[2018/04/06 13:43:50.364334, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'ntdomain'
[2018/04/06 13:43:50.364352, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend guest
[2018/04/06 13:43:50.364364, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'guest'
[2018/04/06 13:43:50.364392, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam
[2018/04/06 13:43:50.364404, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam'
[2018/04/06 13:43:50.364415, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2018/04/06 13:43:50.364427, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2018/04/06 13:43:50.364438, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_netlogon3
[2018/04/06 13:43:50.364450, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_netlogon3'
[2018/04/06 13:43:50.364461, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend winbind
[2018/04/06 13:43:50.364473, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'winbind'
[2018/04/06 13:43:50.364484, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend unix
[2018/04/06 13:43:50.364502, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'unix'
[2018/04/06 13:43:50.364514, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2018/04/06 13:43:50.364527, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method guest has a valid init
[2018/04/06 13:43:50.364539, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2018/04/06 13:43:50.364551, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method sam_ignoredomain has a valid init
[2018/04/06 13:43:50.365880, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2018/04/06 13:43:50.365916, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2018/04/06 13:43:50.365930, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2018/04/06 13:43:50.365942, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2018/04/06 13:43:50.365954, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2018/04/06 13:43:50.365967, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2018/04/06 13:43:50.365979, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2018/04/06 13:43:50.365992, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2018/04/06 13:43:50.366004, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2018/04/06 13:43:50.366017, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2018/04/06 13:43:50.366029, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2018/04/06 13:43:50.366042, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2018/04/06 13:43:50.366055, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2018/04/06 13:43:50.366109, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/06 13:43:50.366144, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gse_krb5
[2018/04/06 13:43:50.366323, 0] ../lib/util/fault.c:78(fault_report)
===============================================================
[2018/04/06 13:43:50.366346, 0] ../lib/util/fault.c:79(fault_report)
INTERNAL ERROR: Signal 11 in pid 2538 (4.7.6-Ubuntu)
Please read the Trouble-Shooting section of the Samba HOWTO
[2018/04/06 13:43:50.366368, 0] ../lib/util/fault.c:81(fault_report)
===============================================================
[2018/04/06 13:43:50.366387, 0] ../source3/lib/util.c:815(smb_panic_s3)
PANIC (pid 2538): internal error
[2018/04/06 13:43:50.366896, 0] ../source3/lib/util.c:926(log_stack_trace)
BACKTRACE: 33 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f738c2bd9cf]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f738c2bdaa0]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f738e3a65af]
#3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x197c6) [0x7f738e3a67c6]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12890) [0x7f738e817890]
#5 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x8070) [0x7f73866c5070]
#6 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x95) [0x7f73866c5ac5]
#7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xac89) [0x7f73866c7c89]
#8 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0x187a5) [0x7f73864ab7a5]
#9 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xa2a7) [0x7f738649d2a7]
#10 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xb7fe) [0x7f738649e7fe]
#11 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_update_ev+0x64) [0x7f73864aafa4]
#12 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(negprot_spnego+0xa8) [0x7f738df764f8]
#13 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12ba3b) [0x7f738df76a3b]
#14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_negprot+0x4e3) [0x7f738df771f3]
#15 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1814ca) [0x7f738dfcc4ca]
#16 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x183aee) [0x7f738dfceaee]
#17 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1849fc) [0x7f738dfcf9fc]
#18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#20 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#23 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7f738dfd0d78]
#24 /usr/sbin/smbd(+0xcfcc) [0x55a15e207fcc]
#25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#28 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#30 /usr/sbin/smbd(main+0x1d0a) [0x55a15e20334a]
#31 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f738ab16b97]
#32 /usr/sbin/smbd(_start+0x2a) [0x55a15e20345a]
[2018/04/06 13:43:50.367078, 0] ../source3/lib/util.c:827(smb_panic_s3)
smb_panic(): calling panic action [/usr/share/samba/panic-action 2538]
30 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory.
mail: cannot send message: Process exited with a non-zero status
[2018/04/06 13:43:51.587520, 0] ../source3/lib/util.c:835(smb_panic_s3)
smb_panic(): action returned status 36
[2018/04/06 13:43:51.587618, 0] ../source3/lib/dumpcore.c:318(dump_core)
coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern[2018/04/06 13:43:52.153171, 5]
client
======
HOST: Ubuntu 18.04RC (2018-04-06), amd64
samba: 4.7.6+dfsg~ubuntu-0ubuntu1
krb5: 1.16-2build1
sssd: 1.16.0-5ubuntu2
This is a blocker for us to upgrade from 16.04 to 18.04 after release. :-(
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions
More information about the foundations-bugs
mailing list