Thomas Fleischmann
2007-Jan-05 09:13 UTC
[Samba] troubles with telnet sessions under Solaris8 as AD member with winbind V3.0.23d
Hi guys,
I've a problem with telnet sessions under Solaris 8 with samba 3.0.23d
winbind.
If I have the winbind authorization active for telnet in my pam.conf I got
a kick out of the system after exactly 300 sec, no mather if I do or do
not activity on the telnet session. The same behavior is for AD and for
local users.
I've trussed a telnet session a the only thing I see is that my process is
killed with a signal 14 (SIGALRM).
Do anybody have an idea from where the kick out of the system is coming?
Any other Samba Parts are running fine:
net ads testjoin -> OK
net ads info -> OK
net ads status -Uxxx -> OK
net ads user -Uxxx -> OK
getent passwd, group -> OK
all shares can be accessed as wanted by the AD users
all ACL's of the AD are working
Here are the relevant parts from the trussed telnet session
19091: getgid() = 10513 [6]
19091: getgid() = 10513 [6]
19091: setegid(10513) = 0
19091: open("/var/mail/fleischm", O_RDONLY) Err#2 ENOENT
19091: setegid(6) = 0
19091: lstat64("", 0xFFBEF888) Err#2 ENOENT
19091: llseek(0, 0, SEEK_CUR) = 140
19091: _exit(1)
19083: waitid(P_PID, 19091, 0xFFBEF660, WEXITED|WTRAPPED|WNOWAIT) = 0
19083: ioctl(0, TIOCGPGRP, 0xFFBEF61C) = 0
19083: ioctl(0, TCGETS, 0x000391C0) = 0
19083: waitid(P_PID, 19091, 0xFFBEF660, WEXITED|WTRAPPED) = 0
19083: brk(0x0003B118) = 0
19083: brk(0x0003AF18) = 0
...skipping...
19083: Received signal #14, SIGALRM, in read() [caught]
19083: read(0, 0x000394E0, 128) Err#4 EINTR
19083: sigfillset(0xFF3428D0) = 0
19083: sigprocmask(SIG_UNBLOCK, 0xFFBEF738, 0x00000000) = 0
19083: sigaction(SIGALRM, 0xFFBEF618, 0xFFBEF698) = 0
19083: kill(19083, SIGALRM) = 0
19083: Received signal #14, SIGALRM [default]
19083: siginfo: SIGALRM pid=19083 uid=36237
19083: *** process killed ***
19080: Received signal #18, SIGCLD, in poll() [caught]
19080: siginfo: SIGCLD CLD_KILLED pid=19083 status=0x000E
19080: poll(0xFFBEF558, 1, -1) Err#4 EINTR
19080: sigaction(SIGCLD, 0xFFBEEEB0, 0xFFBEEF30) = 0
19080: open("/var/adm/utmpx", O_RDWR|O_CREAT, 0644) = 7
19080: open("/var/adm/utmpx", O_RDWR) = 8
19080: fstat64(8, 0xFFBEED58) = 0
19080: ioctl(8, TCGETA, 0xFFBEECE4) Err#25 ENOTTY
19080: read(8, "\0\0\0\0\0\0\0\0\0\0\0\0".., 8192) = 6696
19080: open("/etc/pam_debug", O_RDONLY) Err#2 ENOENT
19080: stat64("/etc/pam.conf", 0xFFBEEDF8) = 0
19080: open("/etc/pam.conf", O_RDONLY) = 9
19080: mmap(0x00000000, 3769, PROT_READ, MAP_PRIVATE, 9, 0) = 0xFF1E0000
19080: munmap(0xFF1E0000, 3769) = 0
19080: close(9) = 0
19080: stat64("/usr/lib/security/pam_unix_session.so.1", 0xFFBEEE00)
= 0
19080: stat("/usr/lib/security/pam_unix_session.so.1", 0xFFBEE930) =
0
19080: resolvepath("/usr/lib/security/pam_unix_session.so.1",
"/usr/lib/securit
y/pam_unix_session.so.1", 1023) = 39
19080: open("/usr/lib/security/pam_unix_session.so.1", O_RDONLY) = 9
19080: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) 0xFF1E0
000
19080: mmap(0x00000000, 81920, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON, -
1, 0) = 0xFF0C0000
19080: mmap(0xFF0C0000, 3782, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED,
9, 0)
= 0xFF0C0000
19080: mmap(0xFF0D2000, 1796, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_F
IXED, 9, 8192) = 0xFF0D2000
19080: munmap(0xFF0C2000, 65536) = 0
19080: memcntl(0xFF0C0000, 2616, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
19080: close(9) = 0
19080: munmap(0xFF1E0000, 8192) = 0
19080: stat64("/usr/local/lib/security/pam_winbind.so.1", 0xFFBEEE00)
= 0
19080: stat("/usr/local/lib/security/pam_winbind.so.1", 0xFFBEE930) =
0
19080: resolvepath("/usr/local/lib/security/pam_winbind.so.1",
"/usr/local/lib/
security/pam_winbind.so", 1023) = 38
19080: open("/usr/local/lib/security/pam_winbind.so.1", O_RDONLY) = 9
19080: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 9, 0) 0xFF1E0
000
19080: mmap(0xFF0C0000, 114688, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON,
-1, 0) = 0xFF0A0000
19080: mmap(0xFF0A0000, 39594, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 9, 0
) = 0xFF0A0000
19080: mmap(0xFF0B8000, 9156, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_F
IXED, 9, 32768) = 0xFF0B8000
19080: munmap(0xFF0AA000, 57344) = 0
19080: memcntl(0xFF0A0000, 9180, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
19080: close(9) = 0
19080: stat("/lib/libthread.so.1", 0xFFBEE7F8) = 0
19080: resolvepath("/lib/libthread.so.1",
"/usr/lib/libthread.so.1",
1023) = 23
19080: open("/lib/libthread.so.1", O_RDONLY) = 9
19080: mmap(0xFF1E0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED,
9, 0)
= 0xFF1E0000
19080: mmap(0x2C9EFD28, 237568, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON,
-1, 0) = 0xFF060000
19080: mmap(0xFF060000, 114192, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED, 9,
0) = 0xFF060000
19080: mmap(0xFF08C000, 6596, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_F
IXED, 9, 114688) = 0xFF08C000
19080: mmap(0xFF08E000, 45624, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_
FIXED|MAP_ANON, -1, 0) = 0xFF08E000
19080: munmap(0xFF07C000, 65536) = 0
bash-2.03# less /var/tmp/truss.telnetd
19080: execve("/usr/sbin/in.telnetd", 0xFFBEFD34, 0xFFBEFD3C) argc =
1
19080: resolvepath("/usr/lib/ld.so.1", "/usr/lib/ld.so.1",
1023) = 16
19080: open("/var/ld/ld.config", O_RDONLY) = 3
19080: fstat(3, 0xFFBEF590) = 0
19080: mmap(0x00000000, 5404, PROT_READ, MAP_SHARED, 3, 0) = 0xFF390000
19080: close(3) = 0
19080: stat("/lib/libdl.so.1", 0xFFBEF618) = 0
19080: resolvepath("/lib/libdl.so.1",
"/usr/lib/libdl.so.1", 1023) = 19
19080: open("/lib/libdl.so.1", O_RDONLY) = 3
19080: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) 0xFF380
000
19080: mmap(0x17C05A50, 8192, PROT_NONE,
MAP_PRIVATE|MAP_NORESERVE|MAP_ANON, -1
, 0) = 0xFF370000
19080: mmap(0xFF370000, 2302, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_PRIVATE|MAP_F
IXED, 3, 0) = 0xFF370000
19080: close(3) = 0
the complete file is under http://www.itl-net.at/download/truss.telnetd
the relevant parts for telnet from my /etc/pam.conf are:
other auth requisite pam_authtok_get.so.1
other auth sufficient pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth sufficient /usr/local/lib/security/pam_winbind.so.1
try_first_pass debug
other account requisite pam_roles.so.1
other account sufficient pam_projects.so.1
other account sufficient pam_unix_account.so.1
other account sufficient /usr/local/lib/security/pam_winbind.so.1
debug
other session sufficient pam_unix_session.so.1 debug
other session sufficient /usr/local/lib/security/pam_winbind.so.1
debug
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
other password sufficient /usr/local/lib/security/pam_winbind.so.1
telnet auth requisite pam_authtok_get.so.1
telnet auth sufficient pam_dhkeys.so.1
telnet auth sufficient pam_unix_auth.so.1
telnet auth sufficient
/usr/local/lib/security/pam_winbind.so.1 try_first_pass debug
regards
__tom
--
Ing. Thomas Fleischmann
Sterngasse 14, 2483 Ebreichsdorf/Austria
tel: +43 2254 72333; mobil: +43 664 4538672
Maybe Matching Threads
Wisdom of the Ancients
