Ubuntu
samba package

When using Samba authenticating via Kerberos against a windows AD, winbind hangs on boot

Bug #723755 reported by Paul Elliott
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Expired
Low
Unassigned

Bug Description

Binary package hint: samba

Hi all,

I recently set about making a linux box (Ubuntu Server LTS 10.04) authenticate against a windows based AD via Kerberos, in order to provide shares which would accept domain logins. Everything (eventually) went fine with this, until I rebooted the box.

The first thing I noticed was that the share was inaccessible until smbd, nmbd and winbind were restarted. It was at this point that I noticed that while smbd and nmbd had been converted to upstart, winbind had not, and I presumed that it was something to do with startup order.

It was at this point I put a head back on the box, and noticed something else. Although I had been able to log in via ssh, the screen was still stuck at the point of starting winbind. The local user was able to switch to another TTY and log in, but the startup sequence was stuck for some reason.

I then renamed the init.d script for winbind, and replaced it with the upstart script suggested in a bug here (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/612958), however this did not solve the problem. I also noticed at this point that the winbind process seemed to be running, but fully hung, unresponsive to either its init script or upstart. The only way to deal with this was to kill -9 it, and then it seemed to behave. It still took the restarting of smbd in order for the share to become accessible however.

The final solution I found was to change the winbind upstart script AND the samba upstart script to start so that they would only start on networking up (net-device-up IFACE!=lo) in addition to their original start on stanza, looking very much in this respect the same as nmdb already does.

In summary:

If you start winbind attempting to authenticate against an AD before the networking is up, then it seems to hang permanently.
If you start smbd (also attempting to authenticate against an AD) before the networking is up, then the AD authentication will not work until both smbd and winbind are restarted.

Revision history for this message
Chuck Short (zulcss) wrote :

Please attach your log files so we can see what is going on.

Thanks
chuck

Changed in samba (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Paul Elliott (paul-niburu) wrote :

Hi Chuck - what logs would you like and from what point? The point being I wasn't getting a lot of logs - samba would fail with a rather obscure failure to connect if you attempted to access the shares at that point, and obviously winbind was not logging anything as it had hung. The fix was purely guesswork on my behalf, there wasn't really any help in the logs.

I fail to see the low importance decision as well, as anyone attempting to authenticate a Ubuntu LTS server samba / kerberos box against an AD domain will hit this, guaranteed - I'm not running anything not taken from Apt, and this isn't an uncommon application for samba, at least until 4 is released anyway.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for samba (Ubuntu) because there has been no activity for 60 days.]

Changed in samba (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.