Samba4 beta 7 and beta 8 git, talloc and enctype errors

Andrew Bartlett abartlet at samba.org
Wed Aug 29 00:23:41 MDT 2012 

On Wed, 2012-08-29 at 08:05 +0200, steve wrote:
> Hi
> 
> Single DC upgraded from a working beta 7 git to a beta 8 git crashes 
> with a talloc error
> 
> Error 1 talloc error
> 

> #8  0xb7e676ce in _talloc_free (ptr=0xb7f73ff4,
>      location=0xb7f70e9c "../auth/credentials/credentials_secrets.c:239")
>      at ../lib/talloc/talloc.c:1349
>          tc = 0x89318f8
> #9  0xb7f6d8c4 in cli_credentials_set_machine_account (cred=0x8244d50,
>      lp_ctx=0x805bf78) at ../auth/credentials/credentials_secrets.c:239
>          dbuf = {dptr = 0xb7f73ff4 "(\016\001", dsize = 3221220872}
>          status = {v = 3221226021}
>          filter = 0x7 <Address 0x7 out of bounds>
>          error_string = 0xb7f6b5db 
> <cli_credentials_invalidate_ccache+118> 
> "\203\304\024[]\303U\211\345S\203\354$\350\023\277\377\377\201\303\a\212"
>          domain = 0x867b408 "ALTEA"
>          realm = 0x8e54380 "HH3.SITE"
>          secrets_tdb_password_more_recent = 8
>          secrets_tdb_lct = 0
>          secrets_tdb_password = 0x0
>          keystr = 0x0
>          keystr_upper = 0x0
>          secrets_tdb = 0x82e3d08 "/usr/local/samba/private/secrets.tdb"
>          db_ctx = 0x87ba0d0
>          __FUNCTION__ = "cli_credentials_set_machine_account"

The fix for this was verified by David Rivera <rivera.david87 at gmail.com>
earlier today an is in master already. 

> 
> Error 2, spn enctype and authentication error
> On a new install of beta 7 updated to a beta 8 git
> 
> Error a: Creating an spn for nfs creates only one key:
> 
> hh30:/home/steve # samba-tool spn delete nfs/hh30.hh3.site
> hh30:/home/steve # rm /etc/krb5.keytab
> hh30:/home/steve # samba-tool spn add nfs/hh30.hh3.site nfs-user
> hh30:/home/steve # samba-tool domain exportkeytab /etc/krb5.keytab 
> --principal=nfs/hh30.hh3.site
> hh30:/home/steve # klist -ke /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- 
> --------------------------------------------------------------------------
>     1 nfs/hh30.hh3.site at HH3.SITE (des-cbc-crc)
> 
> Previous versions created the arcfour key as well as the other des key.

I do apologise, I seem to have had a particularly bad run of code yesterday.  The attached patch should fix it, and is in autobuild.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
Type: text/x-patch
Size: 1116 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120829/f10a6ec2/attachment.bin>

More information about the samba-technical mailing list