samba4 multimaster DC setup - show stoppers

Stefan (metze) Metzmacher metze at samba.org
Fri Nov 14 12:06:49 GMT 2008 

Thorsten Trautwein-Veit schrieb:
> Dear all,
> i try to setup samba4 as multimaster DC. I am working with git,
> v4-0-test db2acaf46fdc38078b6b28b68909e289f6c9e0ec ( pulled today ).

Switch to the master branch (in source4/), we stopped using v4-0-test 2
month ago.

> I followed the instructions on :
> http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP
> http://www.archivum.info/samba-technical@lists.samba.org/2008-09/msg00283.html
> and http://wiki.samba.org/index.php/Samba4/LDAP_Backend/Fedora_DS
> 
> 2 Problems i encountered :
> on both machines
> ./setup/provision --realm=wzbgprn1.schuler.de --domain=wzbgp
> --server-role='domain controller' --ldap-backend=ldapi
> --ldap-backend-type=openldap --password=bluemoon --username=samba-admin
> 
> gave the following error :
> --------------------------------------------------------------------
> # ./setup/provision --realm=wzbgprn1.schuler.de --domain=wzbgp
> --server-role='domain controller' --ldap-backend=ldapi
> --ldap-backend-type=openldap --password=bluemoon --username=samba-admin
> Setting up secrets.ldb
> Setting up the registry
> Setting up templates db
> Setting up idmap db
> schema_fsmo_init: no schema dn present: (skip schema loading)
> naming_fsmo_init: no partitions dn present: (skip loading of naming
> contexts details)
> pdc_fsmo_init: no domain dn present: (skip loading of domain details)
> schema_fsmo_init: no schema dn present: (skip schema loading)
> naming_fsmo_init: no partitions dn present: (skip loading of naming
> contexts details)
> pdc_fsmo_init: no domain dn present: (skip loading of domain details)
> Setting up sam.ldb attributes
> Setting up sam.ldb rootDSE
> Erasing data from partitions
> schema_fsmo_init: no schema head present: (skip schema loading)
> naming_fsmo_init: no partitions dn present: (skip loading of naming
> contexts details)
> pdc_fsmo_init: no domain object present: (skip loading of domain details)
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=wzbgprn1,DC=schuler,DC=de (permitted to fail)
> Modifying DomainDN: DC=wzbgprn1,DC=schuler,DC=de
> Traceback (most recent call last):
>   File "./setup/provision", line 158, in ?
>     ldap_backend_type=opts.ldap_backend_type)
>   File "bin/python/samba/provision.py", line 1025, in provision
>     ldap_backend_type=ldap_backend_type)
>   File "bin/python/samba/provision.py", line 781, in setup_samdb
>     setup_modify_ldif(samdb, setup_path("provision_basedn_modify.ldif"), {
>   File "bin/python/samba/provision.py", line 175, in setup_modify_ldif
>     ldb.modify_ldif(data)
>   File "bin/python/samba/__init__.py", line 196, in modify_ldif
>     self.modify(msg)
> _ldb.LdbError: (21, 'LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - 
> <wellKnownObjects: value #0 invalid per syntax> <>')
> zsh: exit 1     ./setup/provision --realm=wzbgprn1.schuler.de --domain=wzbgp
> --------------------------------------------------------------------
> The backend provision worked and seems to be ok.
> I had an look into that _ldb.LdbError but did not find a point to bring
> it to success. I think it has something to do with
> provision_basedn_modify.ldif but i can not find any solution. Any help
> would be nice.
> 
> The second thing is wired ....
> on one machine the initial start of samba hangs. Here is a stack trace
> from gdb :
> --------------------------------------------------------------------
> (tgdb) info stack
> #0  0xffffe410 in __kernel_vsyscall ()
> #1  0xb7c8a0fd in select () from /lib/tls/i686/cmov/libc.so.6
> #2  0xb7b9be50 in gcry_random_bytes () from /usr/lib/libgcrypt.so.11
> #3  0xb7b766f9 in gcry_random_add_bytes () from /usr/lib/libgcrypt.so.11
> #4  0xb7b76af2 in gcry_random_add_bytes () from /usr/lib/libgcrypt.so.11
> #5  0xb7b7730e in gcry_create_nonce () from /usr/lib/libgcrypt.so.11
> #6  0xb7ba263c in gcry_mpi_randomize () from /usr/lib/libgcrypt.so.11
> #7  0xb7b7469c in gcry_prime_release_factors () from
> /usr/lib/libgcrypt.so.11
> #8  0xb7b75716 in gcry_prime_release_factors () from
> /usr/lib/libgcrypt.so.11
> #9  0xb7b91bd9 in gcry_random_bytes () from /usr/lib/libgcrypt.so.11
> #10 0xb7b6fcf6 in gcry_pk_genkey () from /usr/lib/libgcrypt.so.11
> #11 0xb7d56403 in _gnutls_rsa_generate_params (resarr=0x8bf37b0,
> resarr_len=0xbfee9bc8, bits=1024) at gnutls_rsa_export.c:77
> #12 0xb7d70543 in gnutls_x509_privkey_generate (key=0x8bf37b0,
> algo=GNUTLS_PK_RSA, bits=0, flags=0) at privkey.c:1368
> #13 0x08692f0c in tls_cert_generate (mem_ctx=0x8bd8d28,
> keyfile=0x8bd8c08 "/usr/local/samba-4/private/tls/key.pem",
> certfile=0x8bd8c68 "/usr/local/samba-4/private/tls/cert.pem",
> cafile=0x8bd8cc8 "/usr/local/samba-4/private/tls/ca.pem") at
> lib/tls/tlscert.c:74
> #14 0x08691ec9 in tls_initialise (mem_ctx=0x8bd7bc8, lp_ctx=0x8b823e8)
> at lib/tls/tls.c:379
> #15 0x08458acb in ldapsrv_task_init (task=0x8bcccc8) at
> ldap_server/ldap_server.c:536
> #16 0x085b3362 in task_server_callback (event_ctx=0x8b930e0,
> lp_ctx=0x8b823e8, server_id={id = 1, id2 = 4, node = 0},
> private=0x8bd82c8) at smbd/service_task.c:80
> #17 0x08989dda in single_new_task (ev=0x8b930e0, lp_ctx=0x8b823e8,
> service_name=0x8a58537 "ldap", new_task=0x85b323c
> <task_server_callback>, private=0x8bd82c
> 8) at smbd/process_single.c:93
> #18 0x085b33f1 in task_server_startup (event_ctx=0x8b930e0,
> lp_ctx=0x8b823e8, service_name=0x8a58537 "ldap", model_ops=0x8b90460,
> task_init=0x84589e3 <ldapsrv_task_init>) at smbd/service_task.c:100
> #19 0x085b1485 in server_service_init (name=0x8b83c68 "ldap",
> event_context=0x8b930e0, lp_ctx=0x8b823e8, model_ops=0x8b90460) at
> smbd/service.c:63
> #20 0x085b15f4 in server_service_startup (event_ctx=0x8b930e0,
> lp_ctx=0x8b823e8, model=0x8b838f0 "single", server_services=0x8b83ce8)
> at smbd/service.c:95
> #21 0x080dd8b4 in binary_smbd_main (binary_name=0x89b4fc7 "smbd",
> argc=6, argv=0xbfeeb1d4) at smbd/server.c:352
> #22 0x080dd996 in main (argc=0, argv=0x40000) at smbd/server.c:372
> --------------------------------------------------------------------
> The first machine were samba starts ok is a domU in xen with an Linux
> version 2.6.21-xen (root at sctgc2) (gcc version 4.1.1 (Gentoo 4.1.1)) #6
> SMP Sat Jun 21 17:24:52 DFT 2008.
> 
> The second machine where the problem is is : Linux version
> 2.6.24-etchnhalf.1-686 (Debian 2.6.24-6~etchnhalf.6) (dannf at debian.org)
> (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Mon
> Oct 13 07:27:05 UTC 2008.
> 
> All libraries are identical.
> 
> I belive it is an problem gathering enthropy by libgnutls13. I installed :
> --------------------------------------------------------------------
> root at wzbgprn1 /usr/src/samba-master/source4
>  # dpkg -l | grep tls
> ii  gnutls-bin             1.4.4-3+etch1                            the
> GNU TLS library - commandline utilities
> ii  libcurl3-gnutls        7.15.5-1etch1                           
> Multi-protocol file transfer library
> ii  libgnutls-dev          1.4.4-3+etch1                            the
> GNU TLS library - development files
> ii  libgnutls11            1.0.16-13.2sarge2                        GNU
> TLS library - runtime library
> ii  libgnutls13            1.4.4-3+etch1                            the
> GNU TLS library - runtime library
> --------------------------------------------------------------------
> on both machines.
> 
> Is there a way to get around this issue ? Or may i create the certs by
> hand ?

./configure --enable-gnutls=no

metze





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20081114/d982eeb3/signature.bin

More information about the samba-technical mailing list