Mailstore directory sync fails since Upgrade to UCS 4.4 with Samba INTERNAL ERROR

ehc · May 29, 2019, 6:15am

Since the upgrade to UCS 4.4 our Mailstore server fails to synchronize directory users.

# ucr search --brief version/version version/patchlevel version/errata
version/erratalevel: 113
version/patchlevel: 0
version/version: 4.4
# samba --version
Version 4.10.1-Univention

It has always been setup to synchronize with an “Active Directory” type directory server and autodetect server and base DN while using Windows authentication itself. The Mailstore server is joined to the domain.

I have narrowed it down to selecting a group to limit the synchronized users. If I do not select a specific group and synchronize “all users” it works nicely but since Mailstore is licensed per user and “all users” also synchronizes all sorts of machine and service accounts we quickly hit our currently licensed user limit.

See an example of the settings page in Mailstore:

mailstore_ad_settings

And this is the error thrown if I select a specific group to synchronize:

mailstore_error

Meanwhile, this stack trace is thrown on the domain controller in /var/log/samba/log.samba, which looks like a serious error:

[2019/05/29 08:04:22.792009,  0, pid=113347] ../../lib/util/fault.c:79(fault_report)
  ===============================================================
[2019/05/29 08:04:22.792065,  0, pid=113347] ../../lib/util/fault.c:80(fault_report)
  INTERNAL ERROR: Signal 11 in pid 113347 (4.10.1-Univention)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2019/05/29 08:04:22.792082,  0, pid=113347] ../../lib/util/fault.c:82(fault_report)
  ===============================================================
[2019/05/29 08:04:22.792093,  0, pid=113347] ../../lib/util/fault.c:128(smb_panic_default)
  smb_panic_default: PANIC (pid 113347): internal error
[2019/05/29 08:04:22.793272,  0, pid=113347] ../../lib/util/fault.c:261(log_stack_trace)
  BACKTRACE: 41 stack frames:
   #0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x2d) [0x7f4639656f1d]
   #1 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) [0x7f463965703b]
   #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1a27d) [0x7f463965727d]
   #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0) [0x7f462b5b00e0]
   #4 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x1b7c) [0x7f461bf53b7c]
   #5 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x274b) [0x7f461bf5474b]
   #6 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x14c0) [0x7f462084d4c0]
   #7 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x1645) [0x7f462084d645]
   #8 /usr/lib/x86_64-linux-gnu/libldb.so.1(+0x1eae1) [0x7f462c25aae1]
   #9 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/acl.so(+0x4ccb) [0x7f461f1fbccb]
   #10 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/encrypted_secrets.so(+0x25f5) [0x7f461e1bc5f5]
   #11 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/extended_dn_out.so(+0x3302) [0x7f461ddb0302]
   #12 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x5a63) [0x7f4620235a63]
   #13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5) [0x7f462af74a45]
   #14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x5a) [0x7f462af74bca]
   #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdc9) [0x7f462af75dc9]
   #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #18 /usr/lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0x9b) [0x7f462c25c40b]
   #19 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(ldapsrv_do_call+0x1cbe) [0x7f462584a3ce]
   #20 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(+0x4f17) [0x7f4625845f17]
   #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_immediate_handler+0x111) [0x7f462af6ff11]
   #22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0x1e) [0x7f462af6ff5e]
   #23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdbd) [0x7f462af75dbd]
   #24 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
   #27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
   #28 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2926) [0x7f4625e5d926]
   #29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x80) [0x7f462af6fae0]
   #30 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcfe7) [0x7f462af75fe7]
   #31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #33 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
   #34 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
   #35 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2261) [0x7f4625e5d261]
   #36 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x5c) [0x7f463859f3bc]
   #37 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x96) [0x7f463859dd36]
   #38 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113347](+0x5781) [0x563101652781]
   #39 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f462a3542e1]
   #40 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113347](_start+0x2a) [0x563101650e1a]
[2019/05/29 08:04:22.829917,  0, pid=1313] ../../source4/smbd/process_standard.c:160(standard_child_pipe_handler)
  standard_child_pipe_handler: Child 113347 () terminated with signal 6
[2019/05/29 08:04:22.880695,  0, pid=113348] ../../lib/util/fault.c:79(fault_report)
  ===============================================================
[2019/05/29 08:04:22.880878,  0, pid=113348] ../../lib/util/fault.c:80(fault_report)
  INTERNAL ERROR: Signal 11 in pid 113348 (4.10.1-Univention)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2019/05/29 08:04:22.881035,  0, pid=113348] ../../lib/util/fault.c:82(fault_report)
  ===============================================================
[2019/05/29 08:04:22.881129,  0, pid=113348] ../../lib/util/fault.c:128(smb_panic_default)
  smb_panic_default: PANIC (pid 113348): internal error
[2019/05/29 08:04:22.882314,  0, pid=113348] ../../lib/util/fault.c:261(log_stack_trace)
  BACKTRACE: 41 stack frames:
   #0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x2d) [0x7f4639656f1d]
   #1 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) [0x7f463965703b]
   #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1a27d) [0x7f463965727d]
   #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0) [0x7f462b5b00e0]
   #4 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x1b7c) [0x7f461bf53b7c]
   #5 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x274b) [0x7f461bf5474b]
   #6 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x14c0) [0x7f462084d4c0]
   #7 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x1645) [0x7f462084d645]
   #8 /usr/lib/x86_64-linux-gnu/libldb.so.1(+0x1eae1) [0x7f462c25aae1]
   #9 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/acl.so(+0x4ccb) [0x7f461f1fbccb]
   #10 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/encrypted_secrets.so(+0x25f5) [0x7f461e1bc5f5]
   #11 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/extended_dn_out.so(+0x3302) [0x7f461ddb0302]
   #12 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x5a63) [0x7f4620235a63]
   #13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5) [0x7f462af74a45]
   #14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x5a) [0x7f462af74bca]
   #15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdc9) [0x7f462af75dc9]
   #16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #18 /usr/lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0x9b) [0x7f462c25c40b]
   #19 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(ldapsrv_do_call+0x1cbe) [0x7f462584a3ce]
   #20 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(+0x4f17) [0x7f4625845f17]
   #21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_immediate_handler+0x111) [0x7f462af6ff11]
   #22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0x1e) [0x7f462af6ff5e]
   #23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdbd) [0x7f462af75dbd]
   #24 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
   #27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
   #28 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2926) [0x7f4625e5d926]
   #29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x80) [0x7f462af6fae0]
   #30 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcfe7) [0x7f462af75fe7]
   #31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
   #32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
   #33 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
   #34 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
   #35 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2261) [0x7f4625e5d261]
   #36 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x5c) [0x7f463859f3bc]
   #37 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x96) [0x7f463859dd36]
   #38 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113348](+0x5781) [0x563101652781]
   #39 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f462a3542e1]
   #40 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113348](_start+0x2a) [0x563101650e1a]
[2019/05/29 08:04:22.915765,  0, pid=1313] ../../source4/smbd/process_standard.c:160(standard_child_pipe_handler)
  standard_child_pipe_handler: Child 113348 () terminated with signal 6

I have disabled the scheduled sync for now and managed to synchronize necessary users by juggling with the synchronized base DN. Any suggestions for further troubleshooting are welcome.

addendum: Configuring sync as a generic LDAP service works and can filter by group correctly. But this breaks the Kerberos based Windows authentication. Currently a logged-in user opening Mailstore does not need to re-enter her username and password to use Mailstore if she is among the synchronized users.

externa1 · May 30, 2019, 11:50am

Hi,

I can confirm the same on 4 different installations - meanwhile also removed the group filter - but that is no usable solution - seems to be a problem with getting group membership

rg
Christian

ulf.kosack · June 10, 2019, 3:45pm

Hi,

in one of my connected servers I had also problems with groups, based on DNs. Please check upper and lower case letters of the complete DN. UCS wrote lower case DNs since some times. The group name on my system is with upper and lower letters and in the past the DN was it too.

Perhaps it helps.

Ulf