Vladimir Skubriev
2018-Feb-20 06:19 UTC
[Samba] Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
Sure. ``` [global] workgroup = EXAMPLE server string dns proxy = no interfaces = eth0 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 # new options log level = 5 netbios name = FILES #panic action = /usr/share/samba/panic-action %d server role = STANDALONE SERVER local master = no security = user encrypt passwords = true #passdb backend = tdbsam #obey pam restrictions = yes passdb backend = ldapsam:"ldap://ldap/" ldapsam:trusted=yes ldapsam:editposix=yes # Don't forget to update ldap admin password # use smbpasswd -w ldap admin dn = cn=smbadmadmin,ou=users,dc=example,dc=in ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap user suffix = ou=users ldap suffix = dc=example,dc=in # One of the general params!!! ldap ssl = no #ldap debug level = 1 #ldap debug level = 10 idmap config FILES : backend = ldap idmap config FILES : range = 5000-999999 # This option controls how unsuccessful authentication attempts are mapped # to anonymous connections map to guest = bad user load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # TODO # Add some performance socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true # For work with mac clients same as linux/windows clients (as permissions forcing by smb server) # ISSUE #1564 unix extensions = no [public] comment = Internal share for file exchange path = /public browseable = yes read only = no valid users = @"all", @"dirs" read list write list = @"all" admin users = @"dirs" force create mode = 0660 force directory mode = 0660 # for mac users and if sgid bit is ommited somewhere at older folder force group = all # for access markup folder outside of common follow symlinks = yes wide links = yes ``` When I am commented this `#panic action`. It's decreased number of segfaults processes to one process. Now smbd exits on the following step: ``` Primary group is 0 and contains 0 supplementary groups smbldap_search_ext: base => [sambaDomainName=FILES,dc=example,dc=in], filter => [(objectClass=sambaDomain)], scope => [0] smbldap_modify: dn => [sambaDomainName=FILES,dc=example,dc=in] pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 ==============================================================INTERNAL ERROR: Signal 11 in pid 9974 (4.7.5) Please read the Trouble-Shooting section of the Samba HOWTO ==============================================================PANIC (pid 9974): internal error BACKTRACE: 49 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f0dc796a64b] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7f0dc796a49c] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f0dc9e1139f] #3 /usr/local/samba/lib/libsamba-util.so.0(+0x2107d) [0x7f0dc9e1107d] #4 /usr/local/samba/lib/libsamba-util.so.0(+0x21092) [0x7f0dc9e11092] ``` I also tried stracing smbd. There is some trace log: ``` fcntl(22, F_SETLKW, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=28064, l_len=1}) = 0 fcntl(22, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=28064, l_len=1}) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 473048526}) = 0 write(1, "smbldap_search_ext: base => [sam"..., 123) = 123 clock_gettime(CLOCK_BOOTTIME, {84255, 473252973}) = 0 rt_sigaction(SIGALRM, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 alarm(16) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 473497017}) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 473578560}) = 0 write(13, "0r\2\1\21cm\4'sambaDomainName=EXAMPLE,d"..., 116) = 116 poll([{fd=13, events=POLLIN|POLLPRI}], 1, 15000) = 1 ([{fd=13, revents=POLLIN}]) read(13, "00\2\1\21d+\4", 8) = 8 read(13, "'sambaDomainName=EXAMPLE,dc=exampl"..., 42) = 42 poll([{fd=13, events=POLLIN|POLLPRI}], 1, 14999) = 1 ([{fd=13, revents=POLLIN}]) read(13, "0\f\2\1\21e\7\n", 8) = 8 read(13, "\1\0\4\0\4\0", 6) = 6 alarm(0) = 16 rt_sigaction(SIGALRM, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 474889992}) = 0 write(1, "smbldap_modify: dn => [sambaDoma"..., 64) = 64 clock_gettime(CLOCK_BOOTTIME, {84255, 475117112}) = 0 rt_sigaction(SIGALRM, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 alarm(16) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 475357737}) = 0 clock_gettime(CLOCK_BOOTTIME, {84255, 475443054}) = 0 write(13, "0S\2\1\22fN\4'sambaDomainName=EXAMPLE,d"..., 85) = 85 poll([{fd=13, events=POLLIN|POLLPRI}], 1, -1) = 1 ([{fd=13, revents=POLLIN}]) read(13, "0\f\2\1\22g\7\n", 8) = 8 read(13, "\0012\4\0\4\0", 6) = 6 alarm(0) = 16 rt_sigaction(SIGALRM, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 geteuid() = 0 getegid() = 0 setgroups(0, []) = 0 setresgid(-1, 0, -1) = 0 getegid() = 0 setresuid(0, 0, -1) = 0 geteuid() = 0 getegid() = 0 geteuid() = 0 write(1, "pop_sec_ctx (0, 0) - sec_ctx_sta"..., 43) = 43 --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} --- write(1, "================================"..., 64) = 64 write(1, "INTERNAL ERROR: Signal 11 in pid"..., 46) = 46 write(1, "Please read the Trouble-Shooting"..., 60) = 60 write(1, "================================"..., 64) = 64 write(1, "PANIC (pid 9974): internal error"..., 33) = 33 ``` Hope this can help. 2018-02-19 15:04 GMT+03:00 Rowland Penny via samba <samba at lists.samba.org>:> On Mon, 19 Feb 2018 14:49:48 +0300 > Vladimir Skubriev via samba <samba at lists.samba.org> wrote: > > > Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend > > ldapsam > > > > Hi. > > > > I tried to migrate my storage(smb) server to more newer version, but > > faced with 'segfaults", after(in progress) client authenticating, > > when samba tries to start a new smbd instance (as i understand). I > > saw client authentication success, which interrupts in following > > places: > > > > In case with 4.3.11+dfsg-0ubuntu0.16.04.12 from ubuntu xenial there is > > error in > > `/usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_ > stack_trace+0x1a) > > [0x7f2bc30a17aa]` > > > > In case with 4.7.5-1 from .../stable/samba-4.7.5.tar.gz there is > > error in `/usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) > > [0x7f111922a64b]` > > > > What should be my further actions? > > > > As described in logs: "Please read the Trouble-Shooting section of the > > Samba HOWTO". I would like to avoid a deep debugging. > > > > I would like to solve the problem more easily than to do an in-depth > > analysis. > > > > Thank you for your help. > > > > Bit hard to say what the problem could be from what you have posted, > can you post your smb.conf? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Faithfully yours, CVision Lab System Administrator Vladimir Skubriev
Vladimir Skubriev
2018-Feb-20 10:29 UTC
[Samba] Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
I got more information ,after enable log_level to 10: ``` push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 push_conn_ctx(0) : conn_ctx_stack_ndx = 2 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 Security token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Adding cache entry with key=[ACCT_POL/password history] and timeout=[Thu Jan 1 03:00:00 AM 1970 MSK] (-1519122085 seconds in the past) ldapsam_get_account_policy_from_ldap smbldap_search_ext: base => [sambaDomainName=EXAMPLE,dc=example,dc=in], filter => [(objectClass=sambaDomain)], scope => [0] ldapsam_get_account_policy: failed to retrieve from ldap ldapsam_set_account_policy_in_ldap smbldap_modify: dn => [sambaDomainName=EXAMPLE,dc=example,dc=in] Failed to modify dn: sambaDomainName=EXAMPLE,dc=example,dc=in, error: 50 (Insufficient access) (unknown) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 attribute sambaBadPasswordCount does not exist attribute sambaBadPasswordTime does not exist attribute sambaLogonHours does not exist attribute gecos does not exist ==============================================================INTERNAL ERROR: Signal 11 in pid 10426 (4.7.5) Please read the Trouble-Shooting section of the Samba HOWTO ==============================================================PANIC (pid 10426): internal error BACKTRACE: 49 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f478e94264b] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7f478e94249c] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7f4790de939f] #3 /usr/local/samba/lib/libsamba-util.so.0(+0x2107d) [0x7f4790de907d] ``` 2018-02-20 9:19 GMT+03:00 Vladimir Skubriev <skubriev at cvisionlab.com>:> Sure. > > ``` > [global] > > workgroup = EXAMPLE > server string > dns proxy = no > > interfaces = eth0 > bind interfaces only = yes > > log file = /var/log/samba/log.%m > max log size = 1000 > > # new options > log level = 5 > netbios name = FILES > #panic action = /usr/share/samba/panic-action %d > server role = STANDALONE SERVER > > local master = no > > security = user > encrypt passwords = true > > #passdb backend = tdbsam > #obey pam restrictions = yes > passdb backend = ldapsam:"ldap://ldap/" > ldapsam:trusted=yes > ldapsam:editposix=yes > > # Don't forget to update ldap admin password > # use smbpasswd -w > ldap admin dn = cn=smbadmadmin,ou=users,dc=example,dc=in > ldap group suffix = ou=groups > ldap idmap suffix = ou=idmap > ldap machine suffix = ou=computers > ldap user suffix = ou=users > ldap suffix = dc=example,dc=in > > # One of the general params!!! > ldap ssl = no > #ldap debug level = 1 > #ldap debug level = 10 > > idmap config FILES : backend = ldap > idmap config FILES : range = 5000-999999 > > > # This option controls how unsuccessful authentication attempts are mapped > # to anonymous connections > map to guest = bad user > > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > # TODO > # Add some performance > > socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072 > use sendfile = true > > # For work with mac clients same as linux/windows clients (as permissions > forcing by smb server) > # ISSUE #1564 > unix extensions = no > > [public] > comment = Internal share for file exchange > path = /public > browseable = yes > read only = no > valid users = @"all", @"dirs" > read list > write list = @"all" > admin users = @"dirs" > force create mode = 0660 > force directory mode = 0660 > > # for mac users and if sgid bit is ommited somewhere at older folder > force group = all > > # for access markup folder outside of common > follow symlinks = yes > wide links = yes > ``` > > When I am commented this `#panic action`. It's decreased number of > segfaults processes to one process. > > Now smbd exits on the following step: > > ``` > Primary group is 0 and contains 0 supplementary groups > smbldap_search_ext: base => [sambaDomainName=FILES,dc=example,dc=in], > filter => [(objectClass=sambaDomain)], scope => [0] > smbldap_modify: dn => [sambaDomainName=FILES,dc=example,dc=in] > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 > ==============================================================> INTERNAL ERROR: Signal 11 in pid 9974 (4.7.5) > Please read the Trouble-Shooting section of the Samba HOWTO > ==============================================================> PANIC (pid 9974): internal error > BACKTRACE: 49 stack frames: > #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) > [0x7f0dc796a64b] > #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) > [0x7f0dc796a49c] > #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) > [0x7f0dc9e1139f] > #3 /usr/local/samba/lib/libsamba-util.so.0(+0x2107d) [0x7f0dc9e1107d] > #4 /usr/local/samba/lib/libsamba-util.so.0(+0x21092) [0x7f0dc9e11092] > ``` > > I also tried stracing smbd. There is some trace log: > > ``` > fcntl(22, F_SETLKW, {l_type=F_RDLCK, l_whence=SEEK_SET, l_start=28064, > l_len=1}) = 0 > fcntl(22, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=28064, > l_len=1}) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 473048526}) = 0 > write(1, "smbldap_search_ext: base => [sam"..., 123) = 123 > clock_gettime(CLOCK_BOOTTIME, {84255, 473252973}) = 0 > rt_sigaction(SIGALRM, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, > 0x7f0dca289390}, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 > alarm(16) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 473497017}) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 473578560}) = 0 > write(13, "0r\2\1\21cm\4'sambaDomainName=EXAMPLE,d"..., 116) = 116 > poll([{fd=13, events=POLLIN|POLLPRI}], 1, 15000) = 1 ([{fd=13, > revents=POLLIN}]) > read(13, "00\2\1\21d+\4", 8) = 8 > read(13, "'sambaDomainName=EXAMPLE,dc=exampl"..., 42) = 42 > poll([{fd=13, events=POLLIN|POLLPRI}], 1, 14999) = 1 ([{fd=13, > revents=POLLIN}]) > read(13, "0\f\2\1\21e\7\n", 8) = 8 > read(13, "\1\0\4\0\4\0", 6) = 6 > alarm(0) = 16 > rt_sigaction(SIGALRM, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, > {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 474889992}) = 0 > write(1, "smbldap_modify: dn => [sambaDoma"..., 64) = 64 > clock_gettime(CLOCK_BOOTTIME, {84255, 475117112}) = 0 > rt_sigaction(SIGALRM, {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, > 0x7f0dca289390}, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 > alarm(16) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 475357737}) = 0 > clock_gettime(CLOCK_BOOTTIME, {84255, 475443054}) = 0 > write(13, "0S\2\1\22fN\4'sambaDomainName=EXAMPLE,d"..., 85) = 85 > poll([{fd=13, events=POLLIN|POLLPRI}], 1, -1) = 1 ([{fd=13, > revents=POLLIN}]) > read(13, "0\f\2\1\22g\7\n", 8) = 8 > read(13, "\0012\4\0\4\0", 6) = 6 > alarm(0) = 16 > rt_sigaction(SIGALRM, {SIG_IGN, [ALRM], SA_RESTORER, 0x7f0dca289390}, > {0x7f0dbfabd4ee, [ALRM], SA_RESTORER, 0x7f0dca289390}, 8) = 0 > geteuid() = 0 > getegid() = 0 > setgroups(0, []) = 0 > setresgid(-1, 0, -1) = 0 > getegid() = 0 > setresuid(0, 0, -1) = 0 > geteuid() = 0 > getegid() = 0 > geteuid() = 0 > write(1, "pop_sec_ctx (0, 0) - sec_ctx_sta"..., 43) = 43 > --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} --- > write(1, "================================"..., 64) = 64 > write(1, "INTERNAL ERROR: Signal 11 in pid"..., 46) = 46 > write(1, "Please read the Trouble-Shooting"..., 60) = 60 > write(1, "================================"..., 64) = 64 > write(1, "PANIC (pid 9974): internal error"..., 33) = 33 > ``` > > Hope this can help. > > 2018-02-19 15:04 GMT+03:00 Rowland Penny via samba <samba at lists.samba.org> > : > >> On Mon, 19 Feb 2018 14:49:48 +0300 >> Vladimir Skubriev via samba <samba at lists.samba.org> wrote: >> >> > Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend >> > ldapsam >> > >> > Hi. >> > >> > I tried to migrate my storage(smb) server to more newer version, but >> > faced with 'segfaults", after(in progress) client authenticating, >> > when samba tries to start a new smbd instance (as i understand). I >> > saw client authentication success, which interrupts in following >> > places: >> > >> > In case with 4.3.11+dfsg-0ubuntu0.16.04.12 from ubuntu xenial there is >> > error in >> > `/usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_sta >> ck_trace+0x1a) >> > [0x7f2bc30a17aa]` >> > >> > In case with 4.7.5-1 from .../stable/samba-4.7.5.tar.gz there is >> > error in `/usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) >> > [0x7f111922a64b]` >> > >> > What should be my further actions? >> > >> > As described in logs: "Please read the Trouble-Shooting section of the >> > Samba HOWTO". I would like to avoid a deep debugging. >> > >> > I would like to solve the problem more easily than to do an in-depth >> > analysis. >> > >> > Thank you for your help. >> > >> >> Bit hard to say what the problem could be from what you have posted, >> can you post your smb.conf? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > > -- > Faithfully yours, > > CVision Lab System Administrator > Vladimir Skubriev > >-- Faithfully yours, CVision Lab System Administrator Vladimir Skubriev
Rowland Penny
2018-Feb-20 11:25 UTC
[Samba] Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
On Tue, 20 Feb 2018 13:29:56 +0300 Vladimir Skubriev via samba <samba at lists.samba.org> wrote:> > ``` > > [global] > > > > workgroup = EXAMPLE > > server string > > dns proxy = no > > > > interfaces = eth0 > > bind interfaces only = yes > > > > log file = /var/log/samba/log.%m > > max log size = 1000 > > > > # new options > > log level = 5 > > netbios name = FILES > > #panic action = /usr/share/samba/panic-action %d > > server role = STANDALONE SERVER > > > > local master = no > > > > security = user > > encrypt passwords = true > > > > #passdb backend = tdbsam > > #obey pam restrictions = yes > > passdb backend = ldapsam:"ldap://ldap/" > > ldapsam:trusted=yes > > ldapsam:editposix=yes > >OK, took a bit of time, but I think I understand what your problem is, you want a standalone server with an ldap backend, BUT you have these lines in smb.conf: ldapsam:editposix = yes ldapsam:trusted = yes These lines make Samba expect ldap to be set up as a PDC, it expects 'Domain Users' etc to exist, which they wont be on a standalone server. see here for an ldap/standalone server: http://lapsz.eu/blog/2013/09/04/standalone-samba-server-with-ldap-authentication/ Rowland
Possibly Parallel Threads
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam
- Migration from 3.6.25-0ubuntu0.12.04.10 to 4.x with passdb backend = ldapsam