KDC tests failing since this week
Andreas Schneider
asn at samba.org
Fri Jun 17 10:29:29 UTC 2016
On Friday, 17 June 2016 18:04:41 CEST Andrew Bartlett wrote:
> On Thu, 2016-06-16 at 13:51 +0200, Andreas Schneider wrote:
> > On Thursday, 16 June 2016 10:44:39 CEST Andrew Bartlett wrote:
> > > On Wed, 2016-06-15 at 15:15 +0200, Andreas Schneider wrote:
> > > > Hi Andrew,
> > > >
> > > > I'm working on refactoring the KDC code. Last week
> > > >
> > > > make -j test TESTS="samba4.krb5.kdc"
> > > >
> > > > worked just fine for me, this week if I run it the fl2008r2dc
> > > > tests
> > > > runs into
> > > > a timeout. The changes which went into master are mostly your
> > > > code.
> > > >
> > > > auth_check_password_recv: sam_ignoredomain authentication for
> > > > user
> > > > [SAMBA2008R2\Administrator] succeeded
> > > > NTLMSSP Sign/Seal - Initialising with flags:
> > > > Got NTLMSSP neg_flags=0x62088235
> > > > NTLMSSP_NEGOTIATE_UNICODE
> > > > NTLMSSP_REQUEST_TARGET
> > > > NTLMSSP_NEGOTIATE_SIGN
> > > > NTLMSSP_NEGOTIATE_SEAL
> > > > NTLMSSP_NEGOTIATE_NTLM
> > > > NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> > > > NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> > > > NTLMSSP_NEGOTIATE_VERSION
> > > > NTLMSSP_NEGOTIATE_128
> > > > NTLMSSP_NEGOTIATE_KEY_EXCH
> > > > Terminating connection - 'ldapsrv_call_loop:
> > > > tstream_read_pdu_blob_recv() -
> > > > NT_STATUS_INVALID_BUFFER_SIZE'
> > > > single_terminate: reason[ldapsrv_call_loop:
> > > > tstream_read_pdu_blob_recv() -
> > > > NT_STATUS_INVALID_BUFFER_SIZE]
> > > > Timed out (60 sec) waiting for working LDAP and a RID Set to be
> > > > allocated by
> > > > DC7 PID 32142 at
> > > > /home/asn/workspace/projects/samba/selftest/target/Samba4.pm
> > > > line 222.
> > > > Samba 32142 failed to start up at
> > > > /home/asn/workspace/projects/samba/selftest/
> > > > target/Samba4.pm line 165.
> > > > failed to start up environment 'fl2008r2dc' at
> > > > /home/asn/workspace/projects/
> > > > samba/selftest/target/Samba.pm line 49.
> > > > samba can't start up known environment 'fl2008r2dc' at
> > > > /home/asn/workspace/
> > > > projects/samba/selftest/selftest.pl line 898
> > > >
> > > >
> > > > This is what I get. I'm not sure what is really going wrong. Help
> > > > would be
> > > > much appreciated. I will continue digging ...
> > >
> > > G'Day,
> >
> > Hi Andrew,
> >
> > I played around a bit.
> >
> > in source4/selftest/tests.py line 696
> >
> > for env in ["rodc", "promoted_dc", "ad_dc", "fl2000dc",
> > "fl2008r2dc"]:
> >
> > which sets the targets for the test. If I remove the fl2000dc target,
> > the
> > fl2008r2dc works just fine.
> >
> > If I change the line to:
> >
> > for env in ["rodc", "promoted_dc", "fl2000dc", "ad_dc"]:
> >
> > sefltest fails to provision the ad_dc target.
> >
> > So the fl2000dc taints the environment!
> >
> >
> > I need to investigate further but the questions which comes to my
> > mind is: Why
> > do we still support fl2000?
>
> It has different behaviour on linked attributes and ACLs that we have
> code for, so we wanted to keep tests for. Because it doesn't have DNS
> in an application partition it also happens to be a good test for some
> of the fsmo commands. I agree with your instinct however that it is
> odd to still support it in 2016.
With all this stdout and stderr redirection we loose a lot of information,
selftest itself prints or the binaries we execute.
It fails to provision the fl2008r2dc because the kinit uses the wrong REALM.
./bin/ldbsearch -H ldap://dc7 -UAdministrator%locDCpass7 -s base -b "cn=RID
Set,cn=DC7,ou=domain controllers,DC=SAMBA2008R2,DC=EXAMPLE,DC=COM"
rIDAllocationPool
Wrong username or password: kinit for Administrator at SAMBA2000.EXAMPLE.COM
failed (Preauthentication failed)
I haven't figured out yet where it gets the SAMBA2000.EXAMPLE.COM realm from
...
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list