Martin Hochreiter
2009-Oct-15 12:51 UTC
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks
Hi! We are using Samba 3.4.2 from sernet on a centos 5.3 box with ldap 2.4.11 as db. I have very heavy problems with the smbd daemon. If I set the smb.conf to the local ldap via ldapsam:ldap://127.0.0.1 or just ldapsam # LDAP SETTINGS ldap admin dn="uid=Admin,ou=Users,dc=xxx,dc=xxx" ldap ssl = no passdb backend = ldapsam:ldap://127.0.0.1 ldap delete dn = no ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Clients ldap suffix = dc=fh-stpoelten,dc=ac.at ldap passwd sync = yes the smbd daemon stucks while connecting to it (see "non working log") I have to kill -9 the daemons If I use the same 3.4.2 ldap externally from a similar centos 5.3 machine the the connection works without problems (see "working log") You can query the local ldap with the ldaptools in various ways and you get the correct response (with the credentials stored to the .tdb) - does anyone has a hint for me? regards Maritn Non working log (debug 2): [2009/10/15 14:42:59, 2] smbd/server.c:676(smbd_parent_loop) waiting for connections [2009/10/15 14:43:02, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/15 14:43:02, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nsc [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1003 [2009/10/15 14:43:02, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] succeeded Working log (debug 2): [2009/10/15 14:45:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/15 14:45:41, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nsc [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1003 [2009/10/15 14:45:41, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] succeeded [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 998 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Admin [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Admin [2009/10/15 14:45:41, 1] smbd/service.c:1047(make_connection_snum) 10.222.0.240 (10.222.0.240) connect to service netlogon initially as user nsc (uid=1746, gid=999) (pid 3061)
I have the same setup Centos5.3, Samba3.4.2, OpenLDAP 2.4.11 (running on 127.0.0.1). Those entries show up in individual machine logs, there are no problems that I can see between OpenLDAP and Samba. smb.conf: ... log file = /opt/samba-3.4.2/var/log/samba.%m ... Kent ----- Original Message ----- From: "Martin Hochreiter" <linuxbox at wavenet.at> To: samba at lists.samba.org Sent: Thursday, October 15, 2009 8:51:25 AM GMT -05:00 US/Canada Eastern Subject: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks Hi! We are using Samba 3.4.2 from sernet on a centos 5.3 box with ldap 2.4.11 as db. I have very heavy problems with the smbd daemon. If I set the smb.conf to the local ldap via ldapsam:ldap://127.0.0.1 or just ldapsam # LDAP SETTINGS ldap admin dn="uid=Admin,ou=Users,dc=xxx,dc=xxx" ldap ssl = no passdb backend = ldapsam:ldap://127.0.0.1 ldap delete dn = no ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Clients ldap suffix = dc=fh-stpoelten,dc=ac.at ldap passwd sync = yes the smbd daemon stucks while connecting to it (see "non working log") I have to kill -9 the daemons If I use the same 3.4.2 ldap externally from a similar centos 5.3 machine the the connection works without problems (see "working log") You can query the local ldap with the ldaptools in various ways and you get the correct response (with the credentials stored to the .tdb) - does anyone has a hint for me? regards Maritn Non working log (debug 2): [2009/10/15 14:42:59, 2] smbd/server.c:676(smbd_parent_loop) waiting for connections [2009/10/15 14:43:02, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/15 14:43:02, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nsc [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1003 [2009/10/15 14:43:02, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] succeeded Working log (debug 2): [2009/10/15 14:45:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/10/15 14:45:41, 2] lib/smbldap.c:856(smbldap_open_connection) smbldap_open_connection: connection opened [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: nsc [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 999 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 1003 [2009/10/15 14:45:41, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] succeeded [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) init_group_from_ldap: Entry found for group: 998 [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Admin [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: Admin [2009/10/15 14:45:41, 1] smbd/service.c:1047(make_connection_snum) 10.222.0.240 (10.222.0.240) connect to service netlogon initially as user nsc (uid=1746, gid=999) (pid 3061) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Martin Hochreiter
2009-Oct-15 14:10 UTC
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks
Hi Kent, yes - our PDC is running the same combination - without any problems, and on that BDC machine (that I have completely reinstalled to eliminate other errors) I have that confusing daemon problems ... regard> I have the same setup Centos5.3, Samba3.4.2, OpenLDAP 2.4.11 (running on 127.0.0.1). Those entries show up in individual machine logs, there are no problems that I can see between OpenLDAP and Samba. > > smb.conf: > ... > log file = /opt/samba-3.4.2/var/log/samba.%m > ... > > Kent > > ----- Original Message ----- > From: "Martin Hochreiter" <linuxbox at wavenet.at> > To: samba at lists.samba.org > Sent: Thursday, October 15, 2009 8:51:25 AM GMT -05:00 US/Canada Eastern > Subject: [Samba] samba 3.4.2 centos with ldap 2.4.11 stucks > > Hi! > > We are using Samba 3.4.2 from sernet on a centos 5.3 box with > ldap 2.4.11 as db. > > I have very heavy problems with the smbd daemon. > If I set the smb.conf to the local ldap > via ldapsam:ldap://127.0.0.1 or just ldapsam > > # LDAP SETTINGS > ldap admin dn="uid=Admin,ou=Users,dc=xxx,dc=xxx" > ldap ssl = no > passdb backend = ldapsam:ldap://127.0.0.1 > ldap delete dn = no > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap machine suffix = ou=Clients > ldap suffix = dc=fh-stpoelten,dc=ac.at > ldap passwd sync = yes > > the smbd daemon stucks while connecting to it (see "non working log") > I have to kill -9 the daemons > > If I use the same 3.4.2 ldap externally from a similar centos 5.3 machine > the the connection works without problems (see "working log") > > You can query the local ldap with the ldaptools in various ways and you > get the correct response (with the credentials stored to the .tdb) > > - does anyone has a hint for me? > > regards > Maritn > > > > > > Non working log (debug 2): > > > [2009/10/15 14:42:59, 2] smbd/server.c:676(smbd_parent_loop) > waiting for connections > [2009/10/15 14:43:02, 2] smbd/sesssetup.c:1360(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2009/10/15 14:43:02, 2] lib/smbldap.c:856(smbldap_open_connection) > smbldap_open_connection: connection opened > [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: nsc > [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:43:02, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1003 > [2009/10/15 14:43:02, 2] auth/auth.c:310(check_ntlm_password) > check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] > succeeded > > > > > > > Working log (debug 2): > > > [2009/10/15 14:45:41, 2] smbd/sesssetup.c:1360(setup_new_vc_session) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close > all old resources. > [2009/10/15 14:45:41, 2] lib/smbldap.c:856(smbldap_open_connection) > smbldap_open_connection: connection opened > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: nsc > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 999 > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 1003 > [2009/10/15 14:45:41, 2] auth/auth.c:310(check_ntlm_password) > check_ntlm_password: authentication for user [nsc] -> [nsc] -> [nsc] > succeeded > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:2353(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 998 > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Admin > [2009/10/15 14:45:41, 2] passdb/pdb_ldap.c:571(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: Admin > [2009/10/15 14:45:41, 1] smbd/service.c:1047(make_connection_snum) > 10.222.0.240 (10.222.0.240) connect to service netlogon initially as > user nsc (uid=1746, gid=999) (pid 3061) >
Martin Hochreiter
2009-Oct-16 13:07 UTC
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks
It is definitly a problem only related to the BDC role of samba. If I switch the centos/samba/ldap to PDC for testing purpose it works ... Are we the only ones who facing that problem? regards
Martin Hochreiter
2009-Oct-21 05:53 UTC
[Samba] samba 3.4.2 centos with ldap 2.4.11 stucks - The workaround
Hi! As I said, I the smbd daemon stucks if you use Samba 3.4.2 on CentOS 5.3 with ldap 2.4.11. (You start the smb daemons, then you have to wait a few minutes before the daemon states "waiting for connections" and then after you try to connect to a network share the daemon stucks" - all that behaviour when you use the local ldap) I found a workaround - if I use winbind nested groups=no then it works. Can someone give me a hint what is wrong? regards Martin