[Samba] domain RODC fails with default provisioning

Andreas Calvo flipy.bcn at gmail.com
Fri Jul 12 02:38:17 MDT 2013 

Sure.
However, notice that it was caused by an incorrect libdefaults entry in
krb5.conf (wrote bdefaults] instead of [libdefaults]).
I've uploaded the log on pastebin: http://pastebin.com/sP8VNXQ5


On Thu, Jul 11, 2013 at 2:08 AM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Wed, 2013-07-10 at 17:27 +0200, Andreas Calvo wrote:
> > We're evaluating joining another samba domain controller in read-only
> mode.
> > With a default provisioning, when running the samba-tool domain RODC, it
> > fails with the following error:
> > ldb: ldb_trace_request: (tdb)->search
> > ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
> > ldb_wrap open of hklm.ldb
> > ldb: start ldb transaction (nesting: 0)
> > ldb: ldb_trace_request: (tdb)->start_transaction
> > ldb: start ldb transaction error: (null)
> > ldb: ldb_trace_request: ADD
> > dn: @ATTRIBUTES
> > changetype: add
> > key: CASE_INSENSITIVE
> > value: CASE_INSENSITIVE
> >
> >
> >  control: <NONE>
> >
> > ldb: ldb_trace_request: (tdb)->add
> > ldb: ldb_trace_request: (tdb)->prepare_commit
> > ldb: commit ldb transaction (nesting: 0)
> > ldb: ldb_trace_request: (tdb)->end_transaction
> > Key 'key=SOFTWARE,hive=NONE' not found
> > key added: key=SOFTWARE,hive=NONE
> > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> > key added: key=Microsoft,key=SOFTWARE,hive=NONE
> > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> > Key 'key=CurrentVersion,key=Windows
> > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> > key added: key=CurrentVersion,key=Windows
> > NT,key=Microsoft,key=SOFTWARE,hive=NONE
> > About to write CurrentVersion with type (null), length 3: 6.1
> > Key 'key=SYSTEM,hive=NONE' not found
> > key added: key=SYSTEM,hive=NONE
> > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> > key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key
> >
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> > not found
> > key added:
> > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > About to write ProductType with type (null), length 8: LanmanNT
> > Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not
> > found
> > key added:
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key 'key=Terminal
> > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> > key added: key=Terminal
> > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> > not found
> > key added:
> > key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key
> >
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> > not found
> > key added:
> >
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > About to write RefusePasswordChange with type dword, length 8: 00000000
> > Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> > not found
> > key added:
> > key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > Key
> >
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> > not found
> > key added:
> >
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> > lpcfg_servicenumber: couldn't find ldb
> > lpcfg_servicenumber: couldn't find ldb
> > lpcfg_servicenumber: couldn't find ldb
> > lpcfg_servicenumber: couldn't find ldb
> > partition_metadata: Migrating partition metadata
> > krb5_init_context failed (Invalid argument)
> > smb_krb5_context_init_basic failed (Invalid argument)
> > talloc: access after free error - first free may be at @ <�3
> > Bad talloc magic value - access after free
> > Aborted
> >
> > Is there something special to be done prior to the domain join command?
>
> Can you re-run this under valgrind?  While krb5_init_context should not
> fail (I did see your reply), it also shouldn't cause a crash, and we can
> at least fix that much.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>


-- 
Atentamente,
Andreas Calvo

More information about the samba mailing list