Help with Samba4 as a DC
Matthieu Patou
mat at samba.org
Sun Aug 21 15:22:42 MDT 2011
Hi here,
Seems that you have a couple of problems.
I guess you can keep your windows DNS, samba4 should be able to work
with it, but you'll need nsupdate on the samba4 server so that it can
update its DNS record.
It's not impossible that it will not work still as you might not have
the correct ACLs to do so but it's worth a try.
Concerning winbind ... It used to work correctly not long time ago (max
1.5 month), with a fairly recent build (3/4 days old) I'm able to
reproduce your problem but not in the debugger !
I have this trace in valgrind:
==6943== Invalid write of size 1
==6943== at 0x1AE63D17: ltdb_request_destructor (ldb_tdb.c:1333)
==6943== by 0x677B132: _talloc_free_internal (talloc.c:826)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== Address 0x1f120810 is 96 bytes inside a block of size 152 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C706: _talloc_free (talloc.c:1371)
==6943== by 0x1AE63CDE: ltdb_callback (ldb_tdb.c:1325)
==6943== by 0x65732CD: tevent_common_loop_timer_delay
(tevent_timed.c:254)
==6943== by 0x65728F3: std_event_loop_once (tevent_standard.c:558)
==6943== by 0x656DC0F: _tevent_loop_once (tevent.c:505)
==6943== by 0x50728C2: ldb_wait (ldb.c:610)
==6943== by 0x721BAE7: dsdb_search_dn (util.c:3820)
==6943== by 0x721D61D: dsdb_expand_nested_groups (util_groups.c:113)
==6943== by 0x7BF566B: auth_generate_session_info (session.c:134)
==6943== by 0x69876CD: auth_generate_session_info_wrapper (auth.c:419)
==6943==
==6943== Invalid read of size 1
==6943== at 0x611D33E: gensec_start_mech (gensec_start.c:641)
==6943== by 0x611D4A4: gensec_start_mech_by_ops (gensec_start.c:670)
==6943== by 0x6117881: gensec_spnego_create_negTokenInit (spnego.c:610)
==6943== by 0x61182DA: gensec_spnego_update (spnego.c:817)
==6943== by 0x6125CB4: gensec_update (gensec.c:198)
==6943== by 0x76C5798: dcerpc_bind_auth_send (dcerpc_auth.c:336)
==6943== by 0x76C791C: dcerpc_pipe_auth_send (dcerpc_util.c:621)
==6943== by 0x76CDC02: dcerpc_secondary_auth_connection_bind
(dcerpc_secondary.c:299)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76CD95B: continue_pipe_open (dcerpc_secondary.c:191)
==6943== by 0x76CD7E4: continue_open_smb (dcerpc_secondary.c:140)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== Address 0x1db584a4 is 132 bytes inside a block of size 184 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943==
==6943== Invalid read of size 8
==6943== at 0x611789C: gensec_spnego_create_negTokenInit (spnego.c:613)
==6943== by 0x61182DA: gensec_spnego_update (spnego.c:817)
==6943== by 0x6125CB4: gensec_update (gensec.c:198)
==6943== by 0x76C5798: dcerpc_bind_auth_send (dcerpc_auth.c:336)
==6943== by 0x76C791C: dcerpc_pipe_auth_send (dcerpc_util.c:621)
==6943== by 0x76CDC02: dcerpc_secondary_auth_connection_bind
(dcerpc_secondary.c:299)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76CD95B: continue_pipe_open (dcerpc_secondary.c:191)
==6943== by 0x76CD7E4: continue_open_smb (dcerpc_secondary.c:140)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76C914F: pipe_open_recv (dcerpc_smb.c:553)
==6943== by 0xB936E08: smbcli_transport_finish_recv (clitransport.c:499)
==6943== Address 0x1d9cb498 is 88 bytes inside a block of size 128 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943==
==6943== Invalid read of size 4
==6943== at 0x677A296: talloc_chunk_from_ptr (talloc.c:349)
==6943== by 0x677C63A: _talloc_free (talloc.c:1349)
==6943== by 0x61178AE: gensec_spnego_create_negTokenInit (spnego.c:613)
==6943== by 0x61182DA: gensec_spnego_update (spnego.c:817)
==6943== by 0x6125CB4: gensec_update (gensec.c:198)
==6943== by 0x76C5798: dcerpc_bind_auth_send (dcerpc_auth.c:336)
==6943== by 0x76C791C: dcerpc_pipe_auth_send (dcerpc_util.c:621)
==6943== by 0x76CDC02: dcerpc_secondary_auth_connection_bind
(dcerpc_secondary.c:299)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76CD95B: continue_pipe_open (dcerpc_secondary.c:191)
==6943== by 0x76CD7E4: continue_open_smb (dcerpc_secondary.c:140)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== Address 0x1db58460 is 64 bytes inside a block of size 184 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943==
==6943== Invalid read of size 4
==6943== at 0x677A2B0: talloc_chunk_from_ptr (talloc.c:355)
==6943== by 0x677C63A: _talloc_free (talloc.c:1349)
==6943== by 0x61178AE: gensec_spnego_create_negTokenInit (spnego.c:613)
==6943== by 0x61182DA: gensec_spnego_update (spnego.c:817)
==6943== by 0x6125CB4: gensec_update (gensec.c:198)
==6943== by 0x76C5798: dcerpc_bind_auth_send (dcerpc_auth.c:336)
==6943== by 0x76C791C: dcerpc_pipe_auth_send (dcerpc_util.c:621)
==6943== by 0x76CDC02: dcerpc_secondary_auth_connection_bind
(dcerpc_secondary.c:299)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76CD95B: continue_pipe_open (dcerpc_secondary.c:191)
==6943== by 0x76CD7E4: continue_open_smb (dcerpc_secondary.c:140)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== Address 0x1db58460 is 64 bytes inside a block of size 184 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943==
==6943== Invalid read of size 8
==6943== at 0x677A2BE: talloc_chunk_from_ptr (talloc.c:356)
==6943== by 0x677C63A: _talloc_free (talloc.c:1349)
==6943== by 0x61178AE: gensec_spnego_create_negTokenInit (spnego.c:613)
==6943== by 0x61182DA: gensec_spnego_update (spnego.c:817)
==6943== by 0x6125CB4: gensec_update (gensec.c:198)
==6943== by 0x76C5798: dcerpc_bind_auth_send (dcerpc_auth.c:336)
==6943== by 0x76C791C: dcerpc_pipe_auth_send (dcerpc_util.c:621)
==6943== by 0x76CDC02: dcerpc_secondary_auth_connection_bind
(dcerpc_secondary.c:299)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== by 0x76CD95B: continue_pipe_open (dcerpc_secondary.c:191)
==6943== by 0x76CD7E4: continue_open_smb (dcerpc_secondary.c:140)
==6943== by 0xACEA1BC: composite_done (composite.c:143)
==6943== Address 0x1db58450 is 48 bytes inside a block of size 184 free'd
==6943== at 0x4C282ED: free (vg_replace_malloc.c:366)
==6943== by 0x677B55E: _talloc_free_internal (talloc.c:876)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943== by 0x677C30D: _talloc_free_children_internal (talloc.c:1256)
==6943== by 0x677B2DB: _talloc_free_internal (talloc.c:846)
==6943==
talloc: access after free error - first free may be at
../source4/smbd/service_stream.c:82
Bad talloc magic value - access after free
PANIC: Bad talloc magic value - access after free
==6943==
==6943== HEAP SUMMARY:
==6943== in use at exit: 6,258,028 bytes in 34,663 blocks
==6943== total heap usage: 761,163 allocs, 726,500 frees, 128,226,896
bytes allocated
==6943==
==6943== LEAK SUMMARY:
==6943== definitely lost: 48 bytes in 1 blocks
==6943== indirectly lost: 0 bytes in 0 blocks
==6943== possibly lost: 481,590 bytes in 825 blocks
==6943== still reachable: 5,776,390 bytes in 33,837 blocks
==6943== suppressed: 0 bytes in 0 blocks
==6943== Rerun with --leak-check=full to see details of leaked memory
==6943==
==6943== For counts of detected and suppressed errors, rerun with: -v
==6943== Use --track-origins=yes to see where uninitialised values come from
==6943== ERROR SUMMARY: 546 errors from 42 contexts (suppressed: 192 from 6)
Andrew: can you have a look on this ? it looks like something related to
gensec maybe you are more familiar than me with the code ?
Can you try to start your samba4 in single mode and use valgrind (ie.
valgrind /usr/local/sbin/samba -i -M single), then wait for the python
related errors to appear (they are harmless) and then after 2/3 minutes
run wbinfo -u
Matthieu.
On 21/08/2011 22:18, Scott Jordahl wrote:
> Thanks Marco:
>
> I did watch the videos when they first came out. I have existing
> setups of Samba4 acting as a PDC with no problems. Where I am
> struggling is trying to get Samba4 to act as a BDC. I have folder
> structures on the Samba4 server requiring restrictive ownerships for
> access. I am able to set the access via the Win2k3 server. When I go
> to the Ubuntu server with Samba4, all the ownerships show as
> "30000xx" (where xx is a unique identifier), which of course, is how
> it is suppose to be. However, I am not able to "see" who the owner is
> by name. If I try to do a "/usr/local/samba/bin/wbinfo -u", it hangs,
> finally times out, and the RPC part of the samba process dies (or it
> could be just one of the spawn child processes dies). The same thing
> is true if I try using any wbinfo options.
>
> When the RPC part of samba process dies (or the child), users can
> still access file shares, but when you go to make a chance to file
> owership/access in the windows environment, you get the message: "The
> program cannot open the required dialog box because it cannot
> determine whether the computer named "server01" is joined to a domain.
> Close this message and try again". When you close that pop-up, you get
> another pop-up with: "Unable to display the user selection dialog. The
> RPC server is unavailable.". Closing the messages and trying again has
> no effect of course. You must restart the samba process(es). A user
> not previously logged in will not be able to log onto the domain while
> samba is in the broken state.
>
> If I run samba in single instance mode (samba -i -M single) and run
> wbinfo -u, wbinfo times out and the samba process dies with: "PANIC:
> internal error, Aborted". BTW - Before running the wbinfo command, I
> have many successful "Replicated" debug messages displayed, so things
> are working fine up to this point.
>
> I've used alpha11 to alpha16 to the GIT from 2 weeks ago with the same
> issue. I've also tried re-joining to the domain using a new
> /usr/local/samba filesystem with no change (except all the UIDs
> changed and I had to re-map all the user files: 500Gb worth).
>
> -- Scott
>
> On 08/21/2011 11:13 AM, Marco Rojas wrote:
>> Watch this video: http://samba.org/tridge/DRS-demo/s4-DRS-demo.ogv
>>
>> I have struggled with Ubuntu 10.04 so I would advice to use Debian or
>> Ubuntu 11.04.
>>
>> On Sun, Aug 21, 2011 at 1:02 PM, Scott Jordahl <scott at jordahl.com
>> <mailto:scott at jordahl.com>> wrote:
>>
>> Really?? No one can help me out here? Please at least answer the
>> question regarding DNS being required on the secondary DC
>> (Samba4). I'll go from there and will provide the additional
>> documentation for the "Samba4 as a DC". Now, if DNS is NOT
>> mandatory, then I have some bug reporting to do. Actually, I'll
>> need to submit a bug regardless. The samba process should not
>> PANIC but exit gracefully or generate a reasonable error message
>> if DNS is missing.
>>
>> -- Scott
>>
>>
>> I'm confused on how the "Samba4 as a DC" setup is suppose to be
>> configured. I have an existing Win2k3 server acting as the
>> main AD
>> (along with DHCP+DNS), I have installed samba4 alpha16 on a
>> Ubuntu
>> 10.04LTS x64 based system. Since the Win2k3 system is
>> providing DNS, I
>> figured I didn't need to worry about DNS on the Ubuntu system.
>> This,
>> apparently, is not the case as I get PANICS in talloc any time
>> I try to
>> do a wbinfo and samba's RPC dies. Actually, samba's RPC dies
>> randomly
>> without notice and things "kind-of" work (eg - file share are
>> still
>> accessible, but you cannot modify file/folder security
>> settings).
>>
>> Following the instructions on "Samba4/HOWTO/Join a domain as a
>> DC", none
>> of the needed bind9 component are generated (eg - dns.keytab,
>> named.conf, etc). I'm not clear on how to generate these from
>> scratch
>> and what the named.conf file should look like on the Ubuntu
>> server. Any
>> help would be appreciated. Of course, I'm hoping that this is
>> what the
>> issue is and that I don't have some other problem going on.
>>
>> Thanks,
>>
>> -- Scott
>>
>>
>>
>>
>>
>>
>> --
>> Live free, live Linux!
>
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
More information about the samba-technical
mailing list