wbinfo errors after upgrade to 12.2 - repost

I thought this error was fixed but it is not, so I am reposting. After upgrading from 12.1 to 12.2 we starting having errors with winbindd and wbinfo. Here are some examples of the wbinfo errrors:

webmailex1:/ # wbinfo -tchecking the trust secret for domain AD via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

webmailex1:/ # wbinfo --getdcname   AD.MILWAUKEE.GOV
Could not get dc name for AD.MILWAUKEE.GOV




However, these commands work:


webmailex1:/ # wbinfo --dsgetdcname   AD.MILWAUKEE.GOV
METRO2.ad.milwaukee.gov
\\199.196.68.2
1
357ab1fc-43b4-4b65-8629-594274944756
ad.milwaukee.gov
ad.milwaukee.gov
0xe00033fd
City_Net
City_Net

webmailex1:/ # net ads testjoin
Join is OK





I noticed that these errors are constantly being logged in /var/log/messages:

Oct 31 13:20:07 webmailex1 winbindd[2578]: [2012/10/31 13:20:07.361178,  0] winbindd/winbindd_cm.c:810(cm_prepare_connection)
Oct 31 13:20:07 webmailex1 winbindd[2578]:   cm_prepare_connection: mutex grab f
ailed for Metro.ad.milwaukee.gov
Oct 31 13:20:07 webmailex1 winbindd[2578]: [2012/10/31 13:20:07.363236,  0] liba
ds/kerberos.c:909(create_local_private_krb5_conf_for_domain)
Oct 31 13:20:07 webmailex1 winbindd[2578]:   create_local_private_krb5_conf_for_
domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.6YMTPu. Errno P
ermission denied
Oct 31 13:20:07 webmailex1 winbindd[2578]: [2012/10/31 13:20:07.366969,  0] liba
ds/kerberos.c:909(create_local_private_krb5_conf_for_domain)
Oct 31 13:20:07 webmailex1 winbindd[2578]:   create_local_private_krb5_conf_for_
domain: smb_mkstemp failed, for file /var/lib/samba/smb_tmp_krb5.3exjR6. Errno P
ermission denied



I tried a DVD upgrade on one server and an online upgrade on another and get the same results on both. A clean install using the same samba configuration does not have the errors.

On 10/31/2012 1:26 PM, chapan wrote:
>
> I thought this error was fixed but it is not, so I am reposting. After
> upgrading from 12.1 to 12.2 we starting having errors with winbindd and
> wbinfo. Here are some examples of the wbinfo errrors:
>
>
> Code:
> --------------------
> webmailex1:/ # wbinfo -tchecking the trust secret for domain AD via RPC calls failed
> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
> failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
> Could not check secret
>
> webmailex1:/ # wbinfo --getdcname AD.MILWAUKEE.GOV
> Could not get dc name for AD.MILWAUKEE.GOV
>
> --------------------
>
>
> However, these commands work:
<snip>
> I tried a DVD upgrade on one server and an online upgrade on another
> and get the same results on both. A clean install using the same samba
> configuration does not have the errors.
>
>
chapan;

You might try updating Samba to version 3.6.9. There was a bug in winbind that was
theoretically fixed with 3.6.9. See the release notes to check if this sounds like your
problem:

http://www.samba.org/samba/history/samba-3.6.9.html

Samba 3.6.9 appeared on the Opensuse mirrors today.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

I did a fresh install on a new server and am getting exactly the same errors. I tried to find samba 3.6.9 on the opensuse mirrors but I can’t seem to find it.

On 11/1/2012 12:36 PM, chapan wrote:
>
> I did a fresh install on a new server and am getting exactly the same
> errors. I tried to find samba 3.6.9 on the opensuse mirrors but I can’t
> seem to find it.
>

chapman;

Look in this directory:

http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_12.2/

However, you should be able to install directly with YaST. YaST>Software>Software
Management, under View choose Package Version, search for Samba and update the package.
(This is for ncurses but the GUI should be similar.) You may need to add the Samba update
repositories to YaST.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

On 11/1/2012 2:59 PM, PV wrote:
> On 11/1/2012 12:36 PM, chapan wrote:
>>
>> I did a fresh install on a new server and am getting exactly the same
>> errors. I tried to find samba 3.6.9 on the opensuse mirrors but I can’t
>> seem to find it.
>>
>
> chapman;
> <snip>
>
>
> http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_12.2/
>
>
<snip>
>
If I do not mark this up, it is:

http://download.opensuse.org/repositories/network:/samba:/STABLE/openSUSE_12.2/

P.V.
“We’re all in this together, I’m pulling for you” Red Green

I update samba to 3.6.9 but am getting exactly the same errors.

On 11/5/2012 11:26 AM, chapan wrote:
>
> I update samba to 3.6.9 but am getting exactly the same errors.
>
>
chapan;

Sorry that was my only idea, maybe someone else has a better idea.

You might try posting(or looking) on the Samba mailing list if no one else responds here.

http://www.samba.org/samba/archives.html


P.V.
“We’re all in this together, I’m pulling for you” Red Green

If I run winbindd with the -d10 parameter I notice all sorts of permission errors in the log.winbindd file:

[2012/11/05 13:11:44.408624,  0] ../lib/util/debug.c:571(reopen_logs_internal)  Unable to open new log file '/var/log/samba/log.winbindd-dc-connect': Permissi
on denied



[2012/11/05 13:11:44.421055,  0] libads/kerberos.c:909(create_local_private_krb5
_conf_for_domain)
  create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/l
ib/samba/smb_tmp_krb5.7bax0M. Errno Permission denied

[2012/11/05 13:11:44.455448,  2] ../lib/util/tdb_wrap.c:65(tdb_wrap_log)
  tdb(/var/lib/samba/mutex.tdb): tdb_open_ex: could not open file /var/lib/samba
/mutex.tdb: Permission denied







Since winbindd is running as root why would it get a permission denied error?

On 11/5/2012 3:16 PM, chapan wrote:
>
> If I run winbindd with the -d10 parameter I notice all sorts of
> permission errors in the log.winbindd file:
>
>
> Code:
> --------------------
> [2012/11/05 13:11:44.408624, 0] …/lib/util/debug.c:571(reopen_logs_internal) Unable to open new log file ‘/var/log/samba/log.winbindd-dc-connect’: Permissi
> on denied
>
>
>
> [2012/11/05 13:11:44.421055, 0] libads/kerberos.c:909(create_local_private_krb5
> _conf_for_domain)
> create_local_private_krb5_conf_for_domain: smb_mkstemp failed, for file /var/l
> ib/samba/smb_tmp_krb5.7bax0M. Errno Permission denied
>
> [2012/11/05 13:11:44.455448, 2] …/lib/util/tdb_wrap.c:65(tdb_wrap_log)
> tdb(/var/lib/samba/mutex.tdb): tdb_open_ex: could not open file /var/lib/samba
> /mutex.tdb: Permission denied
>
> --------------------
>
>
> Since winbindd is running as root why would it get a permission denied
> error?
>
<snip>

chapan;

Have you checked AppArmor? Look in the AppArmor logs. Have you enabled SELinux? Have you
changed your permissions to paranoid or secure?


P.V.
“We’re all in this together, I’m pulling for you” Red Green

Apparmor was the problem. After fixing the permissions everything worked ok.

On 11/6/2012 11:56 AM, chapan wrote:
>
> Apparmor was the problem. After fixing the permissions everything worked
> ok.
>

Chapan;
Thanks for posting back. Apparmore has never played well with Opensuse (or SuSe before
it). Glad I could help.

P.V.
“We’re all in this together, I’m pulling for you” Red Green