Samba4 beta 7 and beta 8 git, talloc and enctype errors

steve steve at steve-ss.com
Wed Aug 29 01:47:04 MDT 2012 

On 29/08/12 09:05, Alexander Bokovoy wrote:
> On Wed, Aug 29, 2012 at 10:01 AM, steve <steve at steve-ss.com> wrote:
>> On 29/08/12 08:23, Andrew Bartlett wrote:
>>>
>>> On Wed, 2012-08-29 at 08:05 +0200, steve wrote:
>>>>
>>>> Hi
>>>>
>>>> Single DC upgraded from a working beta 7 git to a beta 8 git crashes
>>>> with a talloc error
>>>>
>>>> Error 1 talloc error
>>>>
>>>
>>>> #8  0xb7e676ce in _talloc_free (ptr=0xb7f73ff4,
>>>>        location=0xb7f70e9c
>>>> "../auth/credentials/credentials_secrets.c:239")
>>>>        at ../lib/talloc/talloc.c:1349
>>>>            tc = 0x89318f8
>>>> #9  0xb7f6d8c4 in cli_credentials_set_machine_account (cred=0x8244d50,
>>>>        lp_ctx=0x805bf78) at ../auth/credentials/credentials_secrets.c:239
>>>>            dbuf = {dptr = 0xb7f73ff4 "(\016\001", dsize = 3221220872}
>>>>            status = {v = 3221226021}
>>>>            filter = 0x7 <Address 0x7 out of bounds>
>>>>            error_string = 0xb7f6b5db
>>>> <cli_credentials_invalidate_ccache+118>
>>>> "\203\304\024[]\303U\211\345S\203\354$\350\023\277\377\377\201\303\a\212"
>>>>            domain = 0x867b408 "ALTEA"
>>>>            realm = 0x8e54380 "HH3.SITE"
>>>>            secrets_tdb_password_more_recent = 8
>>>>            secrets_tdb_lct = 0
>>>>            secrets_tdb_password = 0x0
>>>>            keystr = 0x0
>>>>            keystr_upper = 0x0
>>>>            secrets_tdb = 0x82e3d08 "/usr/local/samba/private/secrets.tdb"
>>>>            db_ctx = 0x87ba0d0
>>>>            __FUNCTION__ = "cli_credentials_set_machine_account"
>>>
>>>
>>> The fix for this was verified by David Rivera <rivera.david87 at gmail.com>
>>> earlier today an is in master already.
>>>
>>>>
>>>> Error 2, spn enctype and authentication error
>>>> On a new install of beta 7 updated to a beta 8 git
>>>>
>>>> Error a: Creating an spn for nfs creates only one key:
>>>>
>>>> hh30:/home/steve # samba-tool spn delete nfs/hh30.hh3.site
>>>> hh30:/home/steve # rm /etc/krb5.keytab
>>>> hh30:/home/steve # samba-tool spn add nfs/hh30.hh3.site nfs-user
>>>> hh30:/home/steve # samba-tool domain exportkeytab /etc/krb5.keytab
>>>> --principal=nfs/hh30.hh3.site
>>>> hh30:/home/steve # klist -ke /etc/krb5.keytab
>>>> Keytab name: FILE:/etc/krb5.keytab
>>>> KVNO Principal
>>>> ----
>>>>
>>>> --------------------------------------------------------------------------
>>>>       1 nfs/hh30.hh3.site at HH3.SITE (des-cbc-crc)
>>>>
>>>> Previous versions created the arcfour key as well as the other des key.
>>>
>>>
>>> I do apologise, I seem to have had a particularly bad run of code
>>> yesterday.  The attached patch should fix it, and is in autobuild.
>>>
>>> Andrew Bartlett
>>>
>> Problem with patch:
>> steve at hh1:~/samba-master> patch -pl
>> /home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
>> patch: **** strip count l is not a number
>
> because -p asks for a number, not a letter l. -p1 (dash p one).
>
>
Hi
Thanks, but still no good. After:
steve at hh1:~/samba-master> patch -p1 
/home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch

It sits there forever, never terminating.

Here is the patch:

 >From d683b48e784e4a9e47883563d90837ff1fb2db3b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Wed, 29 Aug 2012 16:22:24 +1000
Subject: [PATCH] s4-libnet: Fix passing samba_all_enctypes as a fn rather
  than the encrypt array it returns

---
  source4/libnet/libnet_export_keytab.c |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/source4/libnet/libnet_export_keytab.c 
b/source4/libnet/libnet_export_keytab.c
index 9763726..16165b8 100644
--- a/source4/libnet/libnet_export_keytab.c
+++ b/source4/libnet/libnet_export_keytab.c
@@ -63,7 +63,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context 
*ctx, TALLOC_CTX *mem_ctx, s
  	}

  	if (r->in.principal) {
-		ret = kt_copy_one_principal(smb_krb5_context->krb5_context, 
from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes);
+		ret = kt_copy_one_principal(smb_krb5_context->krb5_context, 
from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes());
  	} else {
  		unlink(r->in.keytab_name);
  		ret = kt_copy(smb_krb5_context->krb5_context, from_keytab, 
r->in.keytab_name);
-- 
1.7.7.6

Am I running this from the correct directory (my samba-master)?
Cheers,
Steve

More information about the samba-technical mailing list