[Samba] Core dump trying to join domain on FreeBSD

Andrew Bartlett abartlet at samba.org
Sun Dec 30 14:29:13 MST 2012

On Sun, 2012-12-30 at 19:02 +0100, Christian Ullrich wrote:
> Hello all,
> I have been trying for a while now to join a FreeBSD machine to an 
> existing AD domain, using Samba 3.6. What happens is this:
> [root at infra1 ~]# net ads join -U Administrator at MY.REALM
> Enter Administrator at MY.REALM's password:
> net: sha1 checksum failed
> Abort trap: 6 (Speicherabzug geschrieben)
> I can see the newly created computer object in AD, and it does not make 
> a difference when I create it manually before trying the join. kinit 
> works (but contrary to documentation, "net ads join" does not 
> automatically use the kinit'ed user for authentication).
> Samba is version 3.6.9, Kerberos is heimdal 1.5.2. I have the exact same 
> problem on both FreeBSD 8 and 9.
> I suspect this is actually caused by some setting on the DC, but I 
> cannot figure out which. The last lines in the output of
> 	net -d 5 ads join -U Administrator at MY.REALM
> are:
> rpc_api_pipe: host dc2.my.domain
> rpc_read_send: data_to_read: 32
> sitename_fetch: Returning sitename for MY.REALM: "MySiteName"
> name dc2.my.domain#20 found.
> ads_try_connect: sending CLDAP request to xxx.yyy.zzz.12 (realm: my.domain)
> Successfully contacted LDAP server xxx.yyy.zzz.12
> Connected to LDAP server dc2.my.domain
> time offset is 0 seconds
> Found SASL mechanism GSS-SPNEGO
> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.
> ads_sasl_spnego_bind: got OID=
> ads_sasl_spnego_bind: got server principal name = 
> not_defined_in_RFC4178 at please_ignore
> net: sha1 checksum failed
> I have tried getting a backtrace, but I only get garbage from both the 
> core dump and when I run the program in gdb directly. If anyone could 
> give me a hint how to get a meaningful backtrace, I would very much 
> appreciate it. I have already built Samba, heimdal and the system libc 
> with debug symbols, but the only effect was that, instead of 20 lines of 
> backtrace with unlikely addresses, now I get only three followed by 
> "Error accessing memory, bad address".

The error certainly does seem to be coming from Heimdal - that error
string only exists in Heimdal, not in Samba.  

If you can run it under valgrind, we might get more of a hint as to why
there is invalid memory (I can't think of any other reason why this
might fail - a checksum doesn't really fail like this even in 'failure'

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list