KDC tests failing since this week

Andrew Bartlett abartlet at samba.org
Fri Jun 17 06:04:41 UTC 2016 

On Thu, 2016-06-16 at 13:51 +0200, Andreas Schneider wrote:
> On Thursday, 16 June 2016 10:44:39 CEST Andrew Bartlett wrote:
> > 
> > On Wed, 2016-06-15 at 15:15 +0200, Andreas Schneider wrote:
> > > 
> > > Hi Andrew,
> > > 
> > > I'm working on refactoring the KDC code. Last week
> > > 
> > > 	make -j test TESTS="samba4.krb5.kdc"
> > > 
> > > worked just fine for me, this week if I run it the fl2008r2dc
> > > tests
> > > runs into 
> > > a timeout. The changes which went into master are mostly your
> > > code.
> > > 
> > > auth_check_password_recv: sam_ignoredomain authentication for
> > > user 
> > > [SAMBA2008R2\Administrator] succeeded
> > > NTLMSSP Sign/Seal - Initialising with flags:
> > > Got NTLMSSP neg_flags=0x62088235
> > >   NTLMSSP_NEGOTIATE_UNICODE
> > >   NTLMSSP_REQUEST_TARGET
> > >   NTLMSSP_NEGOTIATE_SIGN
> > >   NTLMSSP_NEGOTIATE_SEAL
> > >   NTLMSSP_NEGOTIATE_NTLM
> > >   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > >   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > >   NTLMSSP_NEGOTIATE_VERSION
> > >   NTLMSSP_NEGOTIATE_128
> > >   NTLMSSP_NEGOTIATE_KEY_EXCH
> > > Terminating connection - 'ldapsrv_call_loop:
> > > tstream_read_pdu_blob_recv() - 
> > > NT_STATUS_INVALID_BUFFER_SIZE'
> > > single_terminate: reason[ldapsrv_call_loop:
> > > tstream_read_pdu_blob_recv() - 
> > > NT_STATUS_INVALID_BUFFER_SIZE]
> > > Timed out (60 sec) waiting for working LDAP and a RID Set to be
> > > allocated by 
> > > DC7 PID 32142 at
> > > /home/asn/workspace/projects/samba/selftest/target/Samba4.pm 
> > > line 222.
> > > Samba 32142 failed to start up at
> > > /home/asn/workspace/projects/samba/selftest/
> > > target/Samba4.pm line 165.
> > > failed to start up environment 'fl2008r2dc' at
> > > /home/asn/workspace/projects/
> > > samba/selftest/target/Samba.pm line 49.
> > > samba can't start up known environment 'fl2008r2dc' at
> > > /home/asn/workspace/
> > > projects/samba/selftest/selftest.pl line 898
> > > 
> > > 
> > > This is what I get. I'm not sure what is really going wrong. Help
> > > would be 
> > > much appreciated. I will continue digging ...
> > G'Day,
> Hi Andrew,
> 
> I played around a bit.
> 
> in source4/selftest/tests.py line 696
> 
> for env in ["rodc", "promoted_dc", "ad_dc", "fl2000dc",
> "fl2008r2dc"]:
> 
> which sets the targets for the test. If I remove the fl2000dc target,
> the 
> fl2008r2dc works just fine.
> 
> If I change the line to:
> 
> for env in ["rodc", "promoted_dc", "fl2000dc", "ad_dc"]:
> 
> sefltest fails to provision the ad_dc target.
> 
> So the fl2000dc taints the environment!
> 
> 
> I need to investigate further but the questions which comes to my
> mind is: Why 
> do we still support fl2000?

It has different behaviour on linked attributes and ACLs that we have
code for, so we wanted to keep tests for.  Because it doesn't have DNS
in an application partition it also happens to be a good test for some
of the fsmo commands.  I agree with your instinct however that it is
odd to still support it in 2016.  

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

More information about the samba-technical mailing list