Provisioning fails on 4.8.0 on FreeBSD
Timur I. Bakeyev
timur at freebsd.org
Tue Mar 20 13:37:10 UTC 2018
Hi, Garming!
Thanks a lot for the analysis, I'l try to do my best to locate the source
of this error. But I wouldn't mind if someone else will look there as well
:)
With regards,
Timur.
On 18 March 2018 at 22:07, Garming Sam <garming at catalyst.net.nz> wrote:
> Hi,
>
> The last time I encountered such an error with GnuTLS, it meant that
> there needed to be a back-off with the correct size.
>
> a) Perform crypto with fixed buffer size which may be too small
>
> b) GnuTLS returns too short, but returns the size required
>
> c) Resize the buffer to the correct length and retry
>
> There might be some assumption we're making about the sizes that is not
> the same and/or a bug.
>
> The gnutls_aead_cipher_encrypt was only recently introduced and should
> be simple to find. If you want to check if the rest proceeds, past this
> error, it should also be possible to disable the module, but I would try
> to see if there is a simple solution to this error first.
>
> Cheers,
>
> Garming
>
> On 15/03/18 12:07, Timur I. Bakeyev via samba-technical wrote:
> > Hi!
> >
> > I know that AD DC provisioning was crippled on FreeBSD for quite a
> while,so
> > I tried once again with the hope that in 4.8.0 the situation has changed.
> > Well, now I got quite anew error message while trying:
> >
> > # /usr/local/bin/samba-tool domain provision --realm 'DOMAIN.FREEBSD'
> > --domain 'DOMAIN' --dns-backend 'SAMBA_INTERNAL' --server-role 'dc'
> > Administrator password will be set randomly!
> > Looking up IPv4 addresses
> > Looking up IPv6 addresses
> > Setting up secrets.ldb
> > Setting up the registry
> > Setting up the privileges database
> > Setting up idmap db
> > Setting up SAM db
> > Setting up sam.ldb partitions and settings
> > Setting up sam.ldb rootDSE
> > Pre-loading the Samba 4 and AD schema
> > Unable to determine the DomainSID, can not enforce uniqueness constraint
> on
> > local domainSIDs
> >
> > Adding DomainDN: DC=domain,DC=freebsd
> > Adding configuration container
> > Setting up sam.ldb schema
> > Setting up sam.ldb configuration data
> > Setting up display specifiers
> > Modifying display specifiers and extended rights
> > Adding users container
> > Modifying users container
> > Adding computers container
> > Modifying computers container
> > Setting up sam.ldb data
> > Setting up well known security principals
> > Setting up sam.ldb users and groups
> > ERROR(ldb): uncaught exception - gnutls_aead_cipher_encrypt 'failed
> > GNUTLS_E_SHORT_MEMORY_BUFFER - The given memory buffer is too short to
> hold
> > parameters.
> >
> > File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__
> init__.py",
> > line 176, in _run
> > return self.run(*args, **kwargs)
> > File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py",
> > line 500, in run
> > plaintext_secrets=plaintext_secrets)
> > File
> > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
> line
> > 2276, in provision
> > skip_sysvolacl=skip_sysvolacl)
> > File
> > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
> line
> > 1870, in provision_fill
> > next_rid=next_rid, dc_rid=dc_rid)
> > File
> > "/usr/local/lib/python2.7/site-packages/samba/provision/__init__.py",
> line
> > 1524, in fill_samdb
> > "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
> > File "/usr/local/lib/python2.7/site-packages/samba/provision/
> common.py",
> > line 55, in setup_add_ldif
> > ldb.add_ldif(data, controls)
> > File "/usr/local/lib/python2.7/site-packages/samba/__init__.py", line
> > 229, in add_ldif
> > self.add(msg, controls)
> >
> > So, what do I miss and where I can increase the buffer size?
> >
> > With regards,
> > Timur Bakeyev.
>
>
More information about the samba-technical
mailing list