winbind (libnss_wins) calls openlog when it shouldn't

Bug #148459 reported by Gavin McCullagh on 2007-10-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: samba

I recently installed winbind and configured it in nssswitch.conf as follows:

hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4

I had previously had fetchmail running, which regularly (due to an misconfigured external pop3 server) spat out errors like:

Oct 2 07:50:53 brooks fetchmail[6314]: awakened at Tue 02 Oct 2007 07:50:53 IST
Oct 2 07:50:53 brooks fetchmail[6314]: Server CommonName mismatch: localhost != mail.mounttemple.ie
Oct 2 07:50:53 brooks fetchmail[6314]: Server certificate verification error: self signed certificate
Oct 2 07:50:53 brooks fetchmail[6314]: Server certificate verification error: certificate has expired
Oct 2 07:50:58 brooks fetchmail[6314]: sleeping at Tue 02 Oct 2007 07:50:58 IST for 180 seconds

Now that nss_wins is configured, the error has changed to:

Oct 3 08:03:54 brooks nss_wins[6343]: awakened at Wed 03 Oct 2007 08:03:54 IST
Oct 3 08:03:57 brooks nss_wins[6343]: Server certificate verification error: self signed certificate
Oct 3 08:03:57 brooks nss_wins[6343]: Server certificate verification error: certificate has expired
Oct 3 08:04:02 brooks nss_wins[6343]: sleeping at Wed 03 Oct 2007 08:04:02 IST for 180 seconds

apparently because nss_wins is calling openlog, overwriting the fetchmail process's existing syslog entry with its own name and data.

gavinmc@brooks:~$ strings -a /lib/libnss_mdns4_minimal.so.2 | grep openlog
gavinmc@brooks:~$ strings -a /lib/libnss_wins.so.2 | grep openlog
openlog

This causes confusion as it appears nss_wins is the author of the error when in fact fetchmail is.

Gavin McCullagh (gmccullagh) wrote :

This has now started to affect some other programs which link against nss_wins:

Oct 19 10:57:55 brooks nss_wins[20797]: authenticated mount request from patella.mt:872 for /opt/ltsp/i386 (/opt/ltsp)
Oct 19 10:58:44 brooks nss_wins[20797]: authenticated mount request from library5.mt:889 for /opt/ltsp-kiosk/i386 (/opt/ltsp-kiosk)

Mathias Gug (mathiaz) wrote :

It seems that there was a similar issue in pam_smbpass:
 https://bugzilla.samba.org/show_bug.cgi?id=4831
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372

To confirm the bug, a small testcase is needed.

Changed in samba:
importance: Undecided → Medium
status: New → Incomplete
Gavin McCullagh (gmccullagh) wrote :

Do you mean I need to give you steps to repeat the problem?

I guess that would be:

1. Edit the hosts line in /etc/nsswitch.conf
       hosts: files mdns4_minimal [NOTFOUND=return] wins dns mdns4

2. Set up samba, with /etc/samba/smb.conf including
       wins support = yes
       name resolve order = lmhosts host wins bcast dns
   I can supply a full smb.conf if needed.

3. Set up fetchmail as a daemon, logging to syslog.

4. On receipt of mail or other output from fetchmail, the log will be from nss_wins instead of fetchmail.

I imagine you can substitute fetchmail with other things which do similar DNS lookups, mountd for example seems to work, although ssh doesn't seem to trigger it and I would imagine it does dns lookups. Perhaps ssh doesn't read nsswitch.conf.

Chuck Short (zulcss) wrote :

Test case has been provided.

Changed in samba:
status: Incomplete → Triaged
Gavin McCullagh (gmccullagh) wrote :

Does anyone know has this been fixed upstream?

Gavin McCullagh (gmccullagh) wrote :

Has anyone any thoughts on this bug?

Was the test case repeatable?

Gavin

Thierry Carrez (ttx) wrote :

I'm pretty sure this hasn't been fixed upstream yet, since they still call setup_logging() in nsswitch/wins.c and setup_logging still calls openlog().

If you confirm you can still experience the issue with Jaunty beta (3.3.2), I'll forward the bug to the https://bugzilla.samba.org/. Or if you prefer, please file the issue yourself and add the bugwatch here.

Changed in samba:
importance: Medium → Low
status: Triaged → Incomplete
Gavin McCullagh (gmccullagh) wrote :

The server I see it on regularly is running Hardy and is pretty mission-critical. I'll see if I can work up a test on a laptop or something.

Thanks,
Gavin

Thierry Carrez (ttx) wrote :

@Gavin: any news ?

Gavin McCullagh (gmccullagh) wrote :

I'd been having some trouble repeating it but I'll have a go again.

Sorry I've been a bit busy of late.

I also have this problem an can repeat it though.
I have set up samba the same way and also have the same values for the hosts: entry in /etc/nsswitch.conf

My syslog now shows the following:
Aug 5 13:39:44 gate nss_wins[3485]: awakened at Wed Aug 5 13:39:44 2009
Aug 5 13:44:47 gate nss_wins[3485]: 1 message for [...] at [...] (1861 octets).
Aug 5 13:44:48 gate nss_wins[3485]: reading message [...]:1 of 1 (1861 octets) flushed
Aug 5 13:39:45 gate nss_wins[3485]: sleeping at Wed Aug 5 13:39:45 2009 for 150 seconds

the process name fetchmail is replaced by nss_wins, resulting in the fact that the logcheck fetchmail rules do no longer filter out these messages from the logcheck generated mails.

If you need more information, don't hesitate to ask.

Chuck Short (zulcss) wrote :

@Stefan,

Which version is this with?

REgards
chuck

Chuck Short (zulcss) on 2009-11-23
Changed in samba (Ubuntu):
status: Incomplete → Confirmed
Download full text (4.2 KiB)

Hi,

I have the same problem in Lucid.

in "/etc/nsswitch.conf" I have (more important)
===================
passwd: files ldap winbind
group: files ldap winbind
shadow: files ldap

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
networks: files dns
===================

my smb.conf (from testparm output)

======================
[global]
 workgroup = MYDOMAIN
 realm = MYDOMAIN.COM
 server string = %h server (Servidor de Archivos - Samba %v, Ubuntu)
 security = ADS
 allow trusted domains = No
 obey pam restrictions = Yes
 password server = otherserver.mydomain.com
 log level = 2
 log file = /var/log/samba/log.%m
 max log size = 1000
 name resolve order = host wins bcast
 time server = Yes
 unix extensions = No
 printcap name = cups
 dns proxy = No
 wins server = 192.168.1.22
 idmap uid = 10000-33554431
 idmap gid = 10000-33554431
 template shell = /bin/bash
 winbind enum users = Yes
 winbind enum groups = Yes
 invalid users = "@MYDOMAIN\equipos del dominio"
 admin users = admin_user
 cups options = raw
 wide links = Yes
 delete readonly = Yes
 dos filetime resolution = Yes
 fake directory create times = Yes
======================

and in the syslog, I have many errors from different daemons (samba, snmpd and ntp), but with "nss_wins" ident, for example:

================
nss_wins[XXX]: call_nt_transact_ioctl(0x90078): Currently not implemented.
nss_wins[XXX]: check_usershare_stat: file /var/lib/samba/usershares/. owned by uid 0 is not a regular file
nss_wins[XXX]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected)
nss_wins[XXX]: /etc/snmp/snmpd.conf: line 3: Error: bad source address
nss_wins[XXX]: gbahamonde (192.168.1.188) couldn't find service abastecimiento
nss_wins[XXX]: getpeername failed. Error was Transport endpoint is not connected
nss_wins[XXX]: last message repeated 2 times
nss_wins[XXX]: last message repeated 3 times
nss_wins[XXX]: last message repeated 4 times
nss_wins[XXX]: libsmb/nmblib.c:834(send_udp)
nss_wins[XXX]: lib/util_sock.c:1491(get_peer_addr_internal)
nss_wins[XXX]: lib/util_sock.c:539(read_fd_with_timeout)
nss_wins[XXX]: lib/util_sock.c:738(write_data)
nss_wins[XXX]: nb-informatica (192.168.1.197) couldn't find service .
nss_wins[XXX]: net-snmp: 1 error(s) in config file(s)
nss_wins[XXX]: NET-SNMP version 5.4.2.1
nss_wins[XXX]: Packet send failed to 192.168.1.22(137) ERRNO=Network is unreachable
nss_wins[XXX]: param/loadparm.c:8328(check_usershare_stat)
nss_wins[XXX]: param/loadparm.c:8555(process_usershare_file)
nss_wins[XXX]: param/loadparm.c:8569(process_usershare_file)
nss_wins[XXX]: process_usershare_file: share name ::{2227a280-3aea-1069-a2de-XXXXXXXXX} contains invalid characters (any of %<>*?|/\+=;:",)
nss_wins[XXX]: process_usershare_file: stat of /var/lib/samba/usershares/astecimiento failed. No such file or directory
nss_wins[XXX]: process_usershare_file: stat of /var/lib/samba/usershares/nzalez failed. Permission denied
nss_wins[XXX]: process_usershare_file: stat of /var/lib/samba/usershares/bholmes failed. Permission denied
nss_wins[XXX]: process_usershare_file: stat of /var/lib/samba/usershares/arria failed. Permission denied
nss_w...

Read more...

Hello

Any news about this problem ??

Suse team publish a patch to resolv this problem
https://qa.mandriva.com/show_bug.cgi?id=59677

commentaries ??

bye

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.