winbind (libnss_wins) calls openlog when it shouldn't
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | samba (Ubuntu) |
Low
|
Unassigned | ||
Bug Description
Binary package hint: samba
I recently installed winbind and configured it in nssswitch.conf as follows:
hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4
I had previously had fetchmail running, which regularly (due to an misconfigured external pop3 server) spat out errors like:
Oct 2 07:50:53 brooks fetchmail[6314]: awakened at Tue 02 Oct 2007 07:50:53 IST
Oct 2 07:50:53 brooks fetchmail[6314]: Server CommonName mismatch: localhost != mail.mounttemple.ie
Oct 2 07:50:53 brooks fetchmail[6314]: Server certificate verification error: self signed certificate
Oct 2 07:50:53 brooks fetchmail[6314]: Server certificate verification error: certificate has expired
Oct 2 07:50:58 brooks fetchmail[6314]: sleeping at Tue 02 Oct 2007 07:50:58 IST for 180 seconds
Now that nss_wins is configured, the error has changed to:
Oct 3 08:03:54 brooks nss_wins[6343]: awakened at Wed 03 Oct 2007 08:03:54 IST
Oct 3 08:03:57 brooks nss_wins[6343]: Server certificate verification error: self signed certificate
Oct 3 08:03:57 brooks nss_wins[6343]: Server certificate verification error: certificate has expired
Oct 3 08:04:02 brooks nss_wins[6343]: sleeping at Wed 03 Oct 2007 08:04:02 IST for 180 seconds
apparently because nss_wins is calling openlog, overwriting the fetchmail process's existing syslog entry with its own name and data.
gavinmc@brooks:~$ strings -a /lib/libnss_
gavinmc@brooks:~$ strings -a /lib/libnss_
openlog
This causes confusion as it appears nss_wins is the author of the error when in fact fetchmail is.
| Gavin McCullagh (gmccullagh) wrote : | #1 |
| Mathias Gug (mathiaz) wrote : | #2 |
It seems that there was a similar issue in pam_smbpass:
https:/
http://
To confirm the bug, a small testcase is needed.
| Changed in samba: | |
| importance: | Undecided → Medium |
| status: | New → Incomplete |
| Gavin McCullagh (gmccullagh) wrote : | #3 |
Do you mean I need to give you steps to repeat the problem?
I guess that would be:
1. Edit the hosts line in /etc/nsswitch.conf
hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4
2. Set up samba, with /etc/samba/smb.conf including
wins support = yes
name resolve order = lmhosts host wins bcast dns
I can supply a full smb.conf if needed.
3. Set up fetchmail as a daemon, logging to syslog.
4. On receipt of mail or other output from fetchmail, the log will be from nss_wins instead of fetchmail.
I imagine you can substitute fetchmail with other things which do similar DNS lookups, mountd for example seems to work, although ssh doesn't seem to trigger it and I would imagine it does dns lookups. Perhaps ssh doesn't read nsswitch.conf.
| Chuck Short (zulcss) wrote : | #4 |
Test case has been provided.
| Changed in samba: | |
| status: | Incomplete → Triaged |
| Gavin McCullagh (gmccullagh) wrote : | #5 |
Does anyone know has this been fixed upstream?
| Gavin McCullagh (gmccullagh) wrote : | #6 |
Has anyone any thoughts on this bug?
Was the test case repeatable?
Gavin
| Thierry Carrez (ttx) wrote : | #7 |
I'm pretty sure this hasn't been fixed upstream yet, since they still call setup_logging() in nsswitch/wins.c and setup_logging still calls openlog().
If you confirm you can still experience the issue with Jaunty beta (3.3.2), I'll forward the bug to the https:/
| Changed in samba: | |
| importance: | Medium → Low |
| status: | Triaged → Incomplete |
| Gavin McCullagh (gmccullagh) wrote : | #8 |
The server I see it on regularly is running Hardy and is pretty mission-critical. I'll see if I can work up a test on a laptop or something.
Thanks,
Gavin
| Thierry Carrez (ttx) wrote : | #9 |
@Gavin: any news ?
| Gavin McCullagh (gmccullagh) wrote : | #10 |
I'd been having some trouble repeating it but I'll have a go again.
Sorry I've been a bit busy of late.
I also have this problem an can repeat it though.
I have set up samba the same way and also have the same values for the hosts: entry in /etc/nsswitch.conf
My syslog now shows the following:
Aug 5 13:39:44 gate nss_wins[3485]: awakened at Wed Aug 5 13:39:44 2009
Aug 5 13:44:47 gate nss_wins[3485]: 1 message for [...] at [...] (1861 octets).
Aug 5 13:44:48 gate nss_wins[3485]: reading message [...]:1 of 1 (1861 octets) flushed
Aug 5 13:39:45 gate nss_wins[3485]: sleeping at Wed Aug 5 13:39:45 2009 for 150 seconds
the process name fetchmail is replaced by nss_wins, resulting in the fact that the logcheck fetchmail rules do no longer filter out these messages from the logcheck generated mails.
If you need more information, don't hesitate to ask.
| Chuck Short (zulcss) wrote : | #12 |
@Stefan,
Which version is this with?
REgards
chuck
| Changed in samba (Ubuntu): | |
| status: | Incomplete → Confirmed |
Hi,
I have the same problem in Lucid.
in "/etc/nsswitch.
===================
passwd: files ldap winbind
group: files ldap winbind
shadow: files ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
networks: files dns
===================
my smb.conf (from testparm output)
=======
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
server string = %h server (Servidor de Archivos - Samba %v, Ubuntu)
security = ADS
allow trusted domains = No
obey pam restrictions = Yes
password server = otherserver.
log level = 2
log file = /var/log/
max log size = 1000
name resolve order = host wins bcast
time server = Yes
unix extensions = No
printcap name = cups
dns proxy = No
wins server = 192.168.1.22
idmap uid = 10000-33554431
idmap gid = 10000-33554431
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
invalid users = "@MYDOMAIN\equipos del dominio"
admin users = admin_user
cups options = raw
wide links = Yes
delete readonly = Yes
dos filetime resolution = Yes
fake directory create times = Yes
=======
and in the syslog, I have many errors from different daemons (samba, snmpd and ntp), but with "nss_wins" ident, for example:
================
nss_wins[XXX]: call_nt_
nss_wins[XXX]: check_usershare
nss_wins[XXX]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
nss_wins[XXX]: /etc/snmp/
nss_wins[XXX]: gbahamonde (192.168.1.188) couldn't find service abastecimiento
nss_wins[XXX]: getpeername failed. Error was Transport endpoint is not connected
nss_wins[XXX]: last message repeated 2 times
nss_wins[XXX]: last message repeated 3 times
nss_wins[XXX]: last message repeated 4 times
nss_wins[XXX]: libsmb/
nss_wins[XXX]: lib/util_
nss_wins[XXX]: lib/util_
nss_wins[XXX]: lib/util_
nss_wins[XXX]: nb-informatica (192.168.1.197) couldn't find service .
nss_wins[XXX]: net-snmp: 1 error(s) in config file(s)
nss_wins[XXX]: NET-SNMP version 5.4.2.1
nss_wins[XXX]: Packet send failed to 192.168.1.22(137) ERRNO=Network is unreachable
nss_wins[XXX]: param/loadparm.
nss_wins[XXX]: param/loadparm.
nss_wins[XXX]: param/loadparm.
nss_wins[XXX]: process_
nss_wins[XXX]: process_
nss_wins[XXX]: process_
nss_wins[XXX]: process_
nss_wins[XXX]: process_
nss_w...
Hello
Any news about this problem ??
Suse team publish a patch to resolv this problem
https:/
commentaries ??
bye
This has now started to affect some other programs which link against nss_wins:
Oct 19 10:57:55 brooks nss_wins[20797]: authenticated mount request from patella.mt:872 for /opt/ltsp/i386 (/opt/ltsp)
Oct 19 10:58:44 brooks nss_wins[20797]: authenticated mount request from library5.mt:889 for /opt/ltsp-