[Bug 1761737] Re: [bionic] samba PANIC, INTERNAL ERROR: Signal 11
Alexander Fieroch
1761737 at bugs.launchpad.net
Fri Apr 13 07:41:18 UTC 2018
> Ok, so to summarize:
> - sssd is providing user and groups from AD (via /etc/nsswitch.conf)
> - realmd was used to join the machine to AD for the above
> - local user authentication is done via pam_sss and using kerberos. Shell users get a ticket upon login
> - samba is not using winbind
that's right
> I have a feeling samba is missing it's account with the AD server.
The machine account on the AD server does exist.
> I don't know if the sssd join works for samba's "security = ADS", I
have never tested that.
Up to 17.10 it is working using realm to join the client to the AD and
smb is working too.
> I always used net ads join. Is this how you configured the non-18.04
samba member servers? With just sssd, no "net ads join"?
Yes, all our clients and servers are not joined to AD by "net ads join".
These are all joined by realm and use sssd.
> The crash also seems to indicate that the "secrets" bit of "secrets and keytab" is returning a null pointer to the code, so maybe samba isn't finding the secret.
> Do you have a populated /etc/krb5.keytab?
local /etc/krb5.keytab is generated by realm when AD machine account is
created on the server.
> Can you try these commands:
> net ads testjoin -k
Join to domain is not valid: NT code 0xfffffff6
I also get this message on 17.10, where smb is not crashing.
> net ads status -k
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: m15015-vm-lin3
distinguishedName: CN=m15015-vm-lin3,OU=Linux-Clients,OU=Client Computer,OU=alle Computer,DC=mpi-dortmund,DC=mpg,DC=de
instanceType: 4
whenCreated: 20180412075138.0Z
whenChanged: 20180413071746.0Z
uSNCreated: 99733897
uSNChanged: 99802204
name: m15015-vm-lin3
objectGUID: cc30fbce-545d-4dfb-b28c-e973059857a0
userAccountControl: 69632
codePage: 0
countryCode: 0
lastLogon: 131680786856152060
localPolicyFlags: 0
pwdLastSet: 131679930989191696
primaryGroupID: 515
objectSid: S-1-5-21-3772173984-4185860275-536710523-2741741
accountExpires: 9223372036854775807
logonCount: 148
sAMAccountName: m15015-vm-lin3$
sAMAccountType: 805306369
operatingSystem: Ubuntu
operatingSystemVersion: 18.04
dNSHostName: m15015-vm-lin3
userPrincipalName: host/m15015-vm-lin3 at MPI-DORTMUND.MPG.DE
servicePrincipalName: host/m15015-vm-lin3
servicePrincipalName: host/m15015-vm-lin3.client.mpi-dortmund.mpg.de
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=mpi-dortmund,DC=mpg,DC=de
isCriticalSystemObject: FALSE
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131679931011068668
msDS-SupportedEncryptionTypes: 31
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1761737
Title:
[bionic] samba PANIC, INTERNAL ERROR: Signal 11
Status in samba:
Unknown
Status in samba package in Ubuntu:
Confirmed
Bug description:
Our Ubuntu clients are in an AD domain using realm. Accessing a samba share (SSO) with dolphin/nautilus (smb://HOST/share) is working on ubuntu clients where the host with the shared directory is ubuntu 16.04 or 17.10.
Accessing the shared folder on ubuntu 18.04 with same configuration as 16.04 or 17.10 clients throws a panic on the system with 18.04:
/var/log/samba/log.LOCALHOST on HOST with 18.04
===============================================
[2018/04/06 13:43:50.360655, 5] ../source3/smbd/reply.c:780(reply_special)
init msg_type=0x81 msg_flags=0x0
[2018/04/06 13:43:50.361179, 3] ../source3/smbd/process.c:1959(process_smb)
Transaction 0 of length 194 (0 toread)
[2018/04/06 13:43:50.361241, 5] ../source3/lib/util.c:184(show_msg)
[2018/04/06 13:43:50.361264, 5] ../source3/lib/util.c:194(show_msg)
size=190
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=51267
smb_tid=0
smb_pid=65534
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=155
[2018/04/06 13:43:50.361467, 3] ../source3/smbd/process.c:1539(switch_message)
switch message SMBnegprot (pid 2538) conn 0x0
[2018/04/06 13:43:50.361554, 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/04/06 13:43:50.361617, 5] ../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/04/06 13:43:50.361667, 5] ../source3/auth/token_util.c:651(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/04/06 13:43:50.361766, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/04/06 13:43:50.363559, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2018/04/06 13:43:50.363638, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2018/04/06 13:43:50.363677, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2018/04/06 13:43:50.363712, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN1.0]
[2018/04/06 13:43:50.363747, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LM1.2X002]
[2018/04/06 13:43:50.363782, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [DOS LANMAN2.1]
[2018/04/06 13:43:50.363817, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [LANMAN2.1]
[2018/04/06 13:43:50.363852, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [Samba]
[2018/04/06 13:43:50.363888, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LANMAN 1.0]
[2018/04/06 13:43:50.363924, 3] ../source3/smbd/negprot.c:612(reply_negprot)
Requested protocol [NT LM 0.12]
[2018/04/06 13:43:50.364019, 5] ../lib/dbwrap/dbwrap.c:160(dbwrap_check_lock_order)
check lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364077, 5] ../lib/dbwrap/dbwrap.c:128(dbwrap_lock_order_state_destructor)
release lock order 2 for /var/run/samba/serverid.tdb
[2018/04/06 13:43:50.364259, 5] ../source3/auth/auth.c:537(make_auth3_context_for_ntlm)
Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2018/04/06 13:43:50.364282, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend trustdomain
[2018/04/06 13:43:50.364300, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'trustdomain'
[2018/04/06 13:43:50.364316, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend ntdomain
[2018/04/06 13:43:50.364334, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'ntdomain'
[2018/04/06 13:43:50.364352, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend guest
[2018/04/06 13:43:50.364364, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'guest'
[2018/04/06 13:43:50.364392, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam
[2018/04/06 13:43:50.364404, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam'
[2018/04/06 13:43:50.364415, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_ignoredomain
[2018/04/06 13:43:50.364427, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_ignoredomain'
[2018/04/06 13:43:50.364438, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend sam_netlogon3
[2018/04/06 13:43:50.364450, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'sam_netlogon3'
[2018/04/06 13:43:50.364461, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend winbind
[2018/04/06 13:43:50.364473, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'winbind'
[2018/04/06 13:43:50.364484, 5] ../source3/auth/auth.c:48(smb_register_auth)
Attempting to register auth backend unix
[2018/04/06 13:43:50.364502, 5] ../source3/auth/auth.c:60(smb_register_auth)
Successfully added auth method 'unix'
[2018/04/06 13:43:50.364514, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2018/04/06 13:43:50.364527, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method guest has a valid init
[2018/04/06 13:43:50.364539, 5] ../source3/auth/auth.c:400(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2018/04/06 13:43:50.364551, 5] ../source3/auth/auth.c:425(load_auth_module)
load_auth_module: auth method sam_ignoredomain has a valid init
[2018/04/06 13:43:50.365880, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2018/04/06 13:43:50.365916, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2018/04/06 13:43:50.365930, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2018/04/06 13:43:50.365942, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'spnego' registered
[2018/04/06 13:43:50.365954, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'schannel' registered
[2018/04/06 13:43:50.365967, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2018/04/06 13:43:50.365979, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2018/04/06 13:43:50.365992, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp' registered
[2018/04/06 13:43:50.366004, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2018/04/06 13:43:50.366017, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_basic' registered
[2018/04/06 13:43:50.366029, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'http_ntlm' registered
[2018/04/06 13:43:50.366042, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'krb5' registered
[2018/04/06 13:43:50.366055, 3] ../auth/gensec/gensec_start.c:977(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2018/04/06 13:43:50.366109, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/06 13:43:50.366144, 5] ../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gse_krb5
[2018/04/06 13:43:50.366323, 0] ../lib/util/fault.c:78(fault_report)
===============================================================
[2018/04/06 13:43:50.366346, 0] ../lib/util/fault.c:79(fault_report)
INTERNAL ERROR: Signal 11 in pid 2538 (4.7.6-Ubuntu)
Please read the Trouble-Shooting section of the Samba HOWTO
[2018/04/06 13:43:50.366368, 0] ../lib/util/fault.c:81(fault_report)
===============================================================
[2018/04/06 13:43:50.366387, 0] ../source3/lib/util.c:815(smb_panic_s3)
PANIC (pid 2538): internal error
[2018/04/06 13:43:50.366896, 0] ../source3/lib/util.c:926(log_stack_trace)
BACKTRACE: 33 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f738c2bd9cf]
#1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f738c2bdaa0]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f738e3a65af]
#3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x197c6) [0x7f738e3a67c6]
#4 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12890) [0x7f738e817890]
#5 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x8070) [0x7f73866c5070]
#6 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0x95) [0x7f73866c5ac5]
#7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xac89) [0x7f73866c7c89]
#8 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0x187a5) [0x7f73864ab7a5]
#9 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xa2a7) [0x7f738649d2a7]
#10 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(+0xb7fe) [0x7f738649e7fe]
#11 /usr/lib/x86_64-linux-gnu/samba/libgensec.so.0(gensec_update_ev+0x64) [0x7f73864aafa4]
#12 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(negprot_spnego+0xa8) [0x7f738df764f8]
#13 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12ba3b) [0x7f738df76a3b]
#14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_negprot+0x4e3) [0x7f738df771f3]
#15 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1814ca) [0x7f738dfcc4ca]
#16 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x183aee) [0x7f738dfceaee]
#17 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1849fc) [0x7f738dfcf9fc]
#18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#19 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#20 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#23 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7f738dfd0d78]
#24 /usr/sbin/smbd(+0xcfcc) [0x55a15e207fcc]
#25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x9ed0) [0x7f738aeefed0]
#26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x8357) [0x7f738aeee357]
#27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x9d) [0x7f738aeea7cd]
#28 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f738aeea9eb]
#29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0x82f7) [0x7f738aeee2f7]
#30 /usr/sbin/smbd(main+0x1d0a) [0x55a15e20334a]
#31 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7) [0x7f738ab16b97]
#32 /usr/sbin/smbd(_start+0x2a) [0x55a15e20345a]
[2018/04/06 13:43:50.367078, 0] ../source3/lib/util.c:827(smb_panic_s3)
smb_panic(): calling panic action [/usr/share/samba/panic-action 2538]
30 ../sysdeps/unix/sysv/linux/waitpid.c: No such file or directory.
mail: cannot send message: Process exited with a non-zero status
[2018/04/06 13:43:51.587520, 0] ../source3/lib/util.c:835(smb_panic_s3)
smb_panic(): action returned status 36
[2018/04/06 13:43:51.587618, 0] ../source3/lib/dumpcore.c:318(dump_core)
coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern[2018/04/06 13:43:52.153171, 5]
client
======
HOST: Ubuntu 18.04RC (2018-04-06), amd64
samba: 4.7.6+dfsg~ubuntu-0ubuntu1
krb5: 1.16-2build1
sssd: 1.16.0-5ubuntu2
This is a blocker for us to upgrade from 16.04 to 18.04 after release. :-(
To manage notifications about this bug go to:
https://bugs.launchpad.net/samba/+bug/1761737/+subscriptions
More information about the foundations-bugs
mailing list