Since the upgrade to UCS 4.4 our Mailstore server fails to synchronize directory users.
# ucr search --brief version/version version/patchlevel version/errata
version/erratalevel: 113
version/patchlevel: 0
version/version: 4.4
# samba --version
Version 4.10.1-Univention
It has always been setup to synchronize with an “Active Directory” type directory server and autodetect server and base DN while using Windows authentication itself. The Mailstore server is joined to the domain.
I have narrowed it down to selecting a group to limit the synchronized users. If I do not select a specific group and synchronize “all users” it works nicely but since Mailstore is licensed per user and “all users” also synchronizes all sorts of machine and service accounts we quickly hit our currently licensed user limit.
See an example of the settings page in Mailstore:
And this is the error thrown if I select a specific group to synchronize:
Meanwhile, this stack trace is thrown on the domain controller in /var/log/samba/log.samba
, which looks like a serious error:
[2019/05/29 08:04:22.792009, 0, pid=113347] ../../lib/util/fault.c:79(fault_report)
===============================================================
[2019/05/29 08:04:22.792065, 0, pid=113347] ../../lib/util/fault.c:80(fault_report)
INTERNAL ERROR: Signal 11 in pid 113347 (4.10.1-Univention)
Please read the Trouble-Shooting section of the Samba HOWTO
[2019/05/29 08:04:22.792082, 0, pid=113347] ../../lib/util/fault.c:82(fault_report)
===============================================================
[2019/05/29 08:04:22.792093, 0, pid=113347] ../../lib/util/fault.c:128(smb_panic_default)
smb_panic_default: PANIC (pid 113347): internal error
[2019/05/29 08:04:22.793272, 0, pid=113347] ../../lib/util/fault.c:261(log_stack_trace)
BACKTRACE: 41 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x2d) [0x7f4639656f1d]
#1 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) [0x7f463965703b]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1a27d) [0x7f463965727d]
#3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0) [0x7f462b5b00e0]
#4 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x1b7c) [0x7f461bf53b7c]
#5 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x274b) [0x7f461bf5474b]
#6 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x14c0) [0x7f462084d4c0]
#7 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x1645) [0x7f462084d645]
#8 /usr/lib/x86_64-linux-gnu/libldb.so.1(+0x1eae1) [0x7f462c25aae1]
#9 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/acl.so(+0x4ccb) [0x7f461f1fbccb]
#10 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/encrypted_secrets.so(+0x25f5) [0x7f461e1bc5f5]
#11 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/extended_dn_out.so(+0x3302) [0x7f461ddb0302]
#12 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x5a63) [0x7f4620235a63]
#13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5) [0x7f462af74a45]
#14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x5a) [0x7f462af74bca]
#15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdc9) [0x7f462af75dc9]
#16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#18 /usr/lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0x9b) [0x7f462c25c40b]
#19 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(ldapsrv_do_call+0x1cbe) [0x7f462584a3ce]
#20 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(+0x4f17) [0x7f4625845f17]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_immediate_handler+0x111) [0x7f462af6ff11]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0x1e) [0x7f462af6ff5e]
#23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdbd) [0x7f462af75dbd]
#24 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
#27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
#28 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2926) [0x7f4625e5d926]
#29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x80) [0x7f462af6fae0]
#30 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcfe7) [0x7f462af75fe7]
#31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#33 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
#34 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
#35 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2261) [0x7f4625e5d261]
#36 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x5c) [0x7f463859f3bc]
#37 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x96) [0x7f463859dd36]
#38 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113347](+0x5781) [0x563101652781]
#39 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f462a3542e1]
#40 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113347](_start+0x2a) [0x563101650e1a]
[2019/05/29 08:04:22.829917, 0, pid=1313] ../../source4/smbd/process_standard.c:160(standard_child_pipe_handler)
standard_child_pipe_handler: Child 113347 () terminated with signal 6
[2019/05/29 08:04:22.880695, 0, pid=113348] ../../lib/util/fault.c:79(fault_report)
===============================================================
[2019/05/29 08:04:22.880878, 0, pid=113348] ../../lib/util/fault.c:80(fault_report)
INTERNAL ERROR: Signal 11 in pid 113348 (4.10.1-Univention)
Please read the Trouble-Shooting section of the Samba HOWTO
[2019/05/29 08:04:22.881035, 0, pid=113348] ../../lib/util/fault.c:82(fault_report)
===============================================================
[2019/05/29 08:04:22.881129, 0, pid=113348] ../../lib/util/fault.c:128(smb_panic_default)
smb_panic_default: PANIC (pid 113348): internal error
[2019/05/29 08:04:22.882314, 0, pid=113348] ../../lib/util/fault.c:261(log_stack_trace)
BACKTRACE: 41 stack frames:
#0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x2d) [0x7f4639656f1d]
#1 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) [0x7f463965703b]
#2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1a27d) [0x7f463965727d]
#3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0) [0x7f462b5b00e0]
#4 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x1b7c) [0x7f461bf53b7c]
#5 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/paged_results.so(+0x274b) [0x7f461bf5474b]
#6 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x14c0) [0x7f462084d4c0]
#7 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/asq.so(+0x1645) [0x7f462084d645]
#8 /usr/lib/x86_64-linux-gnu/libldb.so.1(+0x1eae1) [0x7f462c25aae1]
#9 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/acl.so(+0x4ccb) [0x7f461f1fbccb]
#10 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/encrypted_secrets.so(+0x25f5) [0x7f461e1bc5f5]
#11 /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/extended_dn_out.so(+0x3302) [0x7f461ddb0302]
#12 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x5a63) [0x7f4620235a63]
#13 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5) [0x7f462af74a45]
#14 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x5a) [0x7f462af74bca]
#15 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdc9) [0x7f462af75dc9]
#16 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#18 /usr/lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0x9b) [0x7f462c25c40b]
#19 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(ldapsrv_do_call+0x1cbe) [0x7f462584a3ce]
#20 /usr/lib/x86_64-linux-gnu/samba/service/ldap.so(+0x4f17) [0x7f4625845f17]
#21 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_immediate_handler+0x111) [0x7f462af6ff11]
#22 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_immediate+0x1e) [0x7f462af6ff5e]
#23 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcdbd) [0x7f462af75dbd]
#24 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
#27 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
#28 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2926) [0x7f4625e5d926]
#29 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_fd_handler+0x80) [0x7f462af6fae0]
#30 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xcfe7) [0x7f462af75fe7]
#31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xafd7) [0x7f462af73fd7]
#32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0xbd) [0x7f462af6f23d]
#33 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f462af6f49b]
#34 /usr/lib/x86_64-linux-gnu/libtevent.so.0(+0xaf77) [0x7f462af73f77]
#35 /usr/lib/x86_64-linux-gnu/samba/process_model/standard.so(+0x2261) [0x7f4625e5d261]
#36 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(task_server_startup+0x5c) [0x7f463859f3bc]
#37 /usr/lib/x86_64-linux-gnu/samba/libservice.so.0(server_service_startup+0x96) [0x7f463859dd36]
#38 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113348](+0x5781) [0x563101652781]
#39 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7f462a3542e1]
#40 samba: conn[ldap] c[ipv6:REDACTED] s[ipv6:REDACTED] server_id[113348](_start+0x2a) [0x563101650e1a]
[2019/05/29 08:04:22.915765, 0, pid=1313] ../../source4/smbd/process_standard.c:160(standard_child_pipe_handler)
standard_child_pipe_handler: Child 113348 () terminated with signal 6
I have disabled the scheduled sync for now and managed to synchronize necessary users by juggling with the synchronized base DN. Any suggestions for further troubleshooting are welcome.
addendum: Configuring sync as a generic LDAP service works and can filter by group correctly. But this breaks the Kerberos based Windows authentication. Currently a logged-in user opening Mailstore does not need to re-enter her username and password to use Mailstore if she is among the synchronized users.