Samba4 beta 7 and beta 8 git, talloc and enctype errors

steve steve at steve-ss.com
Wed Aug 29 01:58:30 MDT 2012


On 29/08/12 09:47, steve wrote:
> On 29/08/12 09:05, Alexander Bokovoy wrote:
>> On Wed, Aug 29, 2012 at 10:01 AM, steve <steve at steve-ss.com> wrote:
>>> On 29/08/12 08:23, Andrew Bartlett wrote:
>>>>
>>>> On Wed, 2012-08-29 at 08:05 +0200, steve wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> Single DC upgraded from a working beta 7 git to a beta 8 git crashes
>>>>> with a talloc error
>>>>>
>>>>> Error 1 talloc error
>>>>>
>>>>
>>>>> #8  0xb7e676ce in _talloc_free (ptr=0xb7f73ff4,
>>>>>        location=0xb7f70e9c
>>>>> "../auth/credentials/credentials_secrets.c:239")
>>>>>        at ../lib/talloc/talloc.c:1349
>>>>>            tc = 0x89318f8
>>>>> #9  0xb7f6d8c4 in cli_credentials_set_machine_account (cred=0x8244d50,
>>>>>        lp_ctx=0x805bf78) at
>>>>> ../auth/credentials/credentials_secrets.c:239
>>>>>            dbuf = {dptr = 0xb7f73ff4 "(\016\001", dsize = 3221220872}
>>>>>            status = {v = 3221226021}
>>>>>            filter = 0x7 <Address 0x7 out of bounds>
>>>>>            error_string = 0xb7f6b5db
>>>>> <cli_credentials_invalidate_ccache+118>
>>>>> "\203\304\024[]\303U\211\345S\203\354$\350\023\277\377\377\201\303\a\212"
>>>>>
>>>>>            domain = 0x867b408 "ALTEA"
>>>>>            realm = 0x8e54380 "HH3.SITE"
>>>>>            secrets_tdb_password_more_recent = 8
>>>>>            secrets_tdb_lct = 0
>>>>>            secrets_tdb_password = 0x0
>>>>>            keystr = 0x0
>>>>>            keystr_upper = 0x0
>>>>>            secrets_tdb = 0x82e3d08
>>>>> "/usr/local/samba/private/secrets.tdb"
>>>>>            db_ctx = 0x87ba0d0
>>>>>            __FUNCTION__ = "cli_credentials_set_machine_account"
>>>>
>>>>
>>>> The fix for this was verified by David Rivera
>>>> <rivera.david87 at gmail.com>
>>>> earlier today an is in master already.
>>>>
>>>>>
>>>>> Error 2, spn enctype and authentication error
>>>>> On a new install of beta 7 updated to a beta 8 git
>>>>>
>>>>> Error a: Creating an spn for nfs creates only one key:
>>>>>
>>>>> hh30:/home/steve # samba-tool spn delete nfs/hh30.hh3.site
>>>>> hh30:/home/steve # rm /etc/krb5.keytab
>>>>> hh30:/home/steve # samba-tool spn add nfs/hh30.hh3.site nfs-user
>>>>> hh30:/home/steve # samba-tool domain exportkeytab /etc/krb5.keytab
>>>>> --principal=nfs/hh30.hh3.site
>>>>> hh30:/home/steve # klist -ke /etc/krb5.keytab
>>>>> Keytab name: FILE:/etc/krb5.keytab
>>>>> KVNO Principal
>>>>> ----
>>>>>
>>>>> --------------------------------------------------------------------------
>>>>>
>>>>>       1 nfs/hh30.hh3.site at HH3.SITE (des-cbc-crc)
>>>>>
>>>>> Previous versions created the arcfour key as well as the other des
>>>>> key.
>>>>
>>>>
>>>> I do apologise, I seem to have had a particularly bad run of code
>>>> yesterday.  The attached patch should fix it, and is in autobuild.
>>>>
>>>> Andrew Bartlett
>>>>
>>> Problem with patch:
>>> steve at hh1:~/samba-master> patch -pl
>>> /home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
>>>
>>> patch: **** strip count l is not a number
>>
>> because -p asks for a number, not a letter l. -p1 (dash p one).
>>
>>
> Hi
> Thanks, but still no good. After:
> steve at hh1:~/samba-master> patch -p1
> /home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
>
>
> It sits there forever, never terminating.
>
> Here is the patch:
>
>  >From d683b48e784e4a9e47883563d90837ff1fb2db3b Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Wed, 29 Aug 2012 16:22:24 +1000
> Subject: [PATCH] s4-libnet: Fix passing samba_all_enctypes as a fn rather
>   than the encrypt array it returns
>
> ---
>   source4/libnet/libnet_export_keytab.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/source4/libnet/libnet_export_keytab.c
> b/source4/libnet/libnet_export_keytab.c
> index 9763726..16165b8 100644
> --- a/source4/libnet/libnet_export_keytab.c
> +++ b/source4/libnet/libnet_export_keytab.c
> @@ -63,7 +63,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context
> *ctx, TALLOC_CTX *mem_ctx, s
>       }
>
>       if (r->in.principal) {
> -        ret = kt_copy_one_principal(smb_krb5_context->krb5_context,
> from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes);
> +        ret = kt_copy_one_principal(smb_krb5_context->krb5_context,
> from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes());
>       } else {
>           unlink(r->in.keytab_name);
>           ret = kt_copy(smb_krb5_context->krb5_context, from_keytab,
> r->in.keytab_name);

Hi
I think I just need to change
  samba_all_enctypes
to
  samba_all_enctypes()

in  source4/libnet/libnet_export_keytab.c

Would that do it?
Cheers,
Steve



More information about the samba-technical mailing list