nas rebooted can now cannot auth users (AD 2003)

[mygeeknc]

I have a 9.2.1.5 install that rebooted, the data is intact but there is an issue with Directory Services, the service will not start. Here are the contents of /var/log/messages. Most conceringing to me are the "pdbedit" and "testparam" core dumps.

Has anyone seen this before?

Code:

Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: trying mcdc01.srv_domain.local:3268
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: Okay
Jul  7 12:24:19 nas ActiveDirectory: AD_init: gchost = mcdc01.srv_domain.local, gcport = 3268
Jul  7 12:24:19 nas ActiveDirectory: AD_locate_kerberos_servers: domain=srv_domain.local, proto=, site=
Jul  7 12:24:19 nas ActiveDirectory: AD_locate_kerberos_servers: record=_kerberos._udp.srv_domain.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_records: host=_kerberos._udp.srv_domain.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_records: dig -t srv +short +nocomments _kerberos._udp.mountca              stle.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: trying mcdc01.srv_domain.local:88
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: Okay
Jul  7 12:24:19 nas ActiveDirectory: AD_init: krbhost = mcdc01.srv_domain.local, krbport = 88
Jul  7 12:24:19 nas ActiveDirectory: AD_locate_kpasswd_servers: domain=srv_domain.local, proto=, site=
Jul  7 12:24:19 nas ActiveDirectory: AD_locate_kpasswd_servers: record=_kpasswd._udp.srv_domain.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_records: host=_kpasswd._udp.srv_domain.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_records: dig -t srv +short +nocomments _kpasswd._udp.mountcas              tle.local
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: trying mcdc01.srv_domain.local:464
Jul  7 12:24:19 nas ActiveDirectory: __AD_get_SRV_host: Okay
Jul  7 12:24:19 nas ActiveDirectory: AD_init: kpwdhost = mcdc01.srv_domain.local, kpwdport = 464
Jul  7 12:24:19 nas ActiveDirectory: activedirectory_stop: leaving domain
Jul  7 12:24:19 nas ActiveDirectory: AD_leave_domain: net -k ads leave srv_domain.local
Jul  7 12:24:20 nas kernel: pid 60202 (net), uid 0: exited on signal 11 (core dumped)
Jul  7 12:24:20 nas ActiveDirectory: AD_leave_domain: Failed
Jul  7 12:24:20 nas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Jul  7 12:24:21 nas ActiveDirectory: /usr/sbin/service samba_server forcestop
Jul  7 12:24:21 nas kernel: pid 60282 (testparm), uid 0: exited on signal 11 (core dumped)
Jul  7 12:24:21 nas kernel: pid 60286 (testparm), uid 0: exited on signal 11 (core dumped)
Jul  7 12:24:21 nas kernel: pid 60287 (testparm), uid 0: exited on signal 11 (core dumped)
Jul  7 12:24:22 nas ActiveDirectory: /usr/sbin/service ix-samba start
Jul  7 12:24:23 nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Jul  7 12:24:23 nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jul  7 12:24:23 nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jul  7 12:24:23 nas last message repeated 3 times
Jul  7 12:24:23 nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpwrCMzo -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Jul  7 12:24:23 nas kernel: pid 60428 (pdbedit), uid 0: exited on signal 11 (core dumped)

 

[mygeeknc]

Just to update, issuing a "net ads info -U Administrator" seg faults as well.

 

[cyberjock]

Why did it reboot? Your choice of words makes me think that your FreeNAS box spontaneously rebooted. signal 11 is almost always a hardware problem (usually bad RAM).

Can you post your hardware specs for your FreeNAS box?

 

[mygeeknc]

It may be hardware, but the specs is a PowerEdge C2100, a Single Xeon L5520, 24GB of ECC RAM, 6 WD Red 2.0TB, and a 60GB SSD ZIL.

If I can get the box up and going again, I will start with the RAM tonight.

 

[mygeeknc]

I rebooted once more and started Directory Services again. It failed the first time, and then I tried again since I noticed in the logs that it was not throwing the seg faults any more. The second time is up and going for the time being. I'm not sure what happened, but I'll be double checking the RAM tonight.

 

[mygeeknc]

Another update, everything seems to be running ok now though I'm getting ALOT of the following errors in /var/log/samba4/log.smbd

Code:

[2014/07/07 13:28:52.238578,  1] ../auth/gensec/spnego.c:573(gensec_spnego_parse_negTokenInit)
  SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2014/07/07 13:28:52.289276,  1] ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token)
  gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/nas.srv_domain.local@srv_domain.LOCAL(kvno 4) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
[2014/07/07 13:28:52.289410,  1] ../auth/gensec/spnego.c:573(gensec_spnego_parse_negTokenInit)
  SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE

 

[cyberjock]

It is possible that your USB stick is corrupted and you just need a fresh install of FreeNAS on a new USB stick and a restore of your current config file.

 

[mygeeknc]

I'm sure it's possible, but it's a new drive, just pulled it out of the pack Friday.

 

[cyberjock]

I'm sure it's possible, but it's a new drive, just pulled it out of the pack Friday.

Sounds like even more reason to question it... infant mortality at its finest.

 

[mygeeknc]

Is it possible to burn the 9.2.1.6 image to a new USB drive and then import the config (9.2.1.5)? Are there any other steps that I would need to take? And I'm assuming the data isn't touched in this sense?

 

[survive]

Hi mygeeknc,

Sure you can do that. A fresh install & config upload is a perfectly reasonable solution.

-Will

 

[kuruption]

I'm seeing the same message. Upgraded from .2 to .6 and now Samba doesn't work (Again). It's not bad hardware, it's bad QA.

 

[DataMover]

Somethings got out of gear. Try to rejoin the domain - but only if everything else is running again, like mygeeknc states.

If simple steps don't fix it, leave the domain, clear up all left over of FreeNAS / Samba in AD and make sure FreeNAS/Samba is also clear. (Someone should describe here, how to remove leftover config files on FreeNAS, to get a clean start again. Exporting the FreeNAS config, doing a clean FreeNAS install and importing the config, will bring back junk stuff you'd like to get rid of, doesn't it?!)

Try to rejoin then and verify, that everything gets created right in AD (DNS entry for FreeNAS box, account object, HOST and CIFS SPN (NetBIOS and FQDN).

If it is still complainig about KVNO, get back here or figure out for yourself how to manually build a keytab with a correct KVNO for Samba.

 

[DataMover]

BTW: you know that using .local in a FQDN should be avoided?