[Samba] domain RODC fails with default provisioning

Andrew Bartlett abartlet at samba.org
Wed Jul 10 18:08:16 MDT 2013


On Wed, 2013-07-10 at 17:27 +0200, Andreas Calvo wrote:
> We're evaluating joining another samba domain controller in read-only mode.
> With a default provisioning, when running the samba-tool domain RODC, it
> fails with the following error:
> ldb: ldb_trace_request: (tdb)->search
> ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
> ldb_wrap open of hklm.ldb
> ldb: start ldb transaction (nesting: 0)
> ldb: ldb_trace_request: (tdb)->start_transaction
> ldb: start ldb transaction error: (null)
> ldb: ldb_trace_request: ADD
> dn: @ATTRIBUTES
> changetype: add
> key: CASE_INSENSITIVE
> value: CASE_INSENSITIVE
> 
> 
>  control: <NONE>
> 
> ldb: ldb_trace_request: (tdb)->add
> ldb: ldb_trace_request: (tdb)->prepare_commit
> ldb: commit ldb transaction (nesting: 0)
> ldb: ldb_trace_request: (tdb)->end_transaction
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> About to write CurrentVersion with type (null), length 3: 6.1
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> About to write ProductType with type (null), length 8: LanmanNT
> Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not
> found
> key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> About to write RefusePasswordChange with type dword, length 8: 00000000
> Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> lpcfg_servicenumber: couldn't find ldb
> lpcfg_servicenumber: couldn't find ldb
> lpcfg_servicenumber: couldn't find ldb
> lpcfg_servicenumber: couldn't find ldb
> partition_metadata: Migrating partition metadata
> krb5_init_context failed (Invalid argument)
> smb_krb5_context_init_basic failed (Invalid argument)
> talloc: access after free error - first free may be at @ <�3
> Bad talloc magic value - access after free
> Aborted
> 
> Is there something special to be done prior to the domain join command?

Can you re-run this under valgrind?  While krb5_init_context should not
fail (I did see your reply), it also shouldn't cause a crash, and we can
at least fix that much. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list