[Bug 503402] [NEW] winbind crashes on authentication (winbind_pam_auth)

John Shearar john.shearar at gmail.com
Tue Jan 5 15:06:23 GMT 2010 

Public bug reported:

Binary package hint: samba

This box was configured as a domain member on a window2k8 Active
Directory domain. It was recently upgraded from Intrepid 9.04 , running
samba 2:3.2.3-1ubuntu3.6, to Jaunty 9.10, running 2:3.3.2-1ubuntu3.2,
and now the winbind daemon frequently crashes on authentication (but
occasionally it will work for several auths with no problem).

# lsb_release -rd
Description:    Ubuntu 9.04
Release:        9.04

# apt-cache policy winbind
winbind:
  Installed: 2:3.3.2-1ubuntu3.2
  Candidate: 2:3.3.2-1ubuntu3.2
  Version table:
 *** 2:3.3.2-1ubuntu3.2 0
        500 http://za.archive.ubuntu.com jaunty-updates/main Packages
        500 http://za.archive.ubuntu.com jaunty-security/main Packages
        100 /var/lib/dpkg/status
     2:3.3.2-1ubuntu3 0
        500 http://za.archive.ubuntu.com jaunty/main Packages

To reproduce the problem:

# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -a john
Enter john's password:
plaintext password authentication succeeded
Enter john's password:^C
Interupted by signal.

/var/log/auth.log shows the authentication as successful...
Jan  5 09:56:24 havelock sshd[8729]: pam_winbind(sshd:auth): user 'john' granted access

... but  /var/log/samba/log.winbindd: (debug 4) indicates the crash

[2010/01/05 09:56:24,  3] winbindd/winbindd_pam.c:winbindd_pam_auth(827)
  [ 8729]: pam auth john
*** glibc detected *** /usr/sbin/winbindd: double free or corruption (!prev): 0x00007faef5b91d90 ***
======= Backtrace: =========
/lib/libc.so.6[0x7faef1465cb8]
/lib/libc.so.6(cfree+0x76)[0x7faef1468276]
/usr/lib/libtalloc.so.1[0x7faef196f888]
/usr/lib/libtalloc.so.1(talloc_free+0xd8)[0x7faef1971b38]
/usr/sbin/winbindd[0x7faef37dacd7]
/usr/sbin/winbindd[0x7faef37db443]
/usr/sbin/winbindd(main+0xd6a)[0x7faef37dc299]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7faef140c5a6]
/usr/sbin/winbindd[0x7faef37da249]


I have duplicated the box as a vm, and upgraded that to Karmic, which
has the same symptom, although with a slightly different error. I
-think- the problems are related, so I'll include it :

Description:    Ubuntu 9.10
Release:        9.10

winbind:
  Installed: 2:3.4.0-3ubuntu5.1
  Candidate: 2:3.4.0-3ubuntu5.1
  Version table:
 *** 2:3.4.0-3ubuntu5.1 0
        500 http://za.archive.ubuntu.com karmic-updates/main Packages
        100 /var/lib/dpkg/status
     2:3.4.0-3ubuntu5 0
        500 http://za.archive.ubuntu.com karmic/main Packages

On any winbind authentication: ssh, console login, wbinfo -a

/var/log/auth.log: pam_winbind.so debug

Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:auth): Verify user 'john'
Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:auth): request wbcLogonUser succeeded
Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:auth): user 'john' granted access
Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:auth): Returned user was 'john'
Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:auth): [pamh: 0x7f59513206c0] LEAVE: pam_sm_authenticate returning 0 (PAM_SUCCESS)
Jan  5 10:40:23 testhavelock sshd[3306]: pam_winbind(sshd:account): [pamh: 0x7f59513206c0] ENTER: pam_sm_acct_mgmt (flags: 0x0000)

/var/log/samba/log.winbindd: (debug 10)

[2010/01/05 10:40:23,  3] winbindd/winbindd_pam.c:827(winbindd_pam_auth)
  [ 3306]: pam auth john
[2010/01/05 10:40:23, 10] winbindd/winbindd_cache.c:492(refresh_sequence_number)
  refresh_sequence_number: FFAD time ok
[2010/01/05 10:40:23, 10] winbindd/winbindd_cache.c:537(refresh_sequence_number)
  refresh_sequence_number: FFAD seq number is now 207165758
[2010/01/05 10:40:23,  5] winbindd/winbindd_cache.c:1161(resolve_alias_to_username)
  resolve_alias_to_username: backend query returned NT_STATUS_NOT_IMPLEMENTED
[2010/01/05 10:40:23, 10] winbindd/winbindd_dual.c:125(async_request)
  Sending request to child pid 3296 (domain=FFAD)
[2010/01/05 10:40:23, 10] winbindd/winbindd_cache.c:2667(cache_retrieve_response)
  Retrieving response for pid 3296
[2010/01/05 10:40:23, 10] winbindd/winbindd_cache.c:2689(cache_retrieve_response)
  Retrieving extra data length=222
[2010/01/05 10:40:23,  6] winbindd/winbindd.c:834(new_connection)
  accepted socket 21
*** glibc detected *** /usr/sbin/winbindd: corrupted double-linked list: 0x00007fe687b142b0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fe68401fdd6]
/lib/libc.so.6[0x7fe6840201f2]
/lib/libc.so.6[0x7fe6840224c9]
/lib/libc.so.6(__libc_malloc+0x6e)[0x7fe6840247ee]
/usr/lib/libtalloc.so.1(_talloc_zero+0x16d)[0x7fe68474166d]
/usr/sbin/winbindd[0x7fe6863b8b8b]
/usr/sbin/winbindd(run_events+0x139)[0x7fe68647bd99]
/usr/sbin/winbindd(main+0xb5b)[0x7fe6863ba04b]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7fe683fc8abd]
/usr/sbin/winbindd[0x7fe6863b7a69]


More detailed logs and GDB backtraces are attached.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
winbind crashes on authentication (winbind_pam_auth)
https://bugs.launchpad.net/bugs/503402
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

More information about the Ubuntu-server-bugs mailing list