[Samba] Segmentation fault in samba_upgradedns - Samba 4.4.5

Cameron Murdoch cam at macaroon.net
Sat Sep 10 14:56:50 UTC 2016 

On 8 September 2016 at 08:17, Rowland Penny via samba <samba at lists.samba.org
> wrote:

> On Thu, 08 Sep 2016 12:58:18 +1200
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> > On Fri, 2016-09-02 at 13:19 +0100, Rowland Penny via samba wrote:
> > >
> > >
> > > I have now found out why you had to provision with samba43,
> > > the '--use-ntvfs' option is gone from Samba 4.4.x. I never noticed
> > > because, as I said, I never used it.
> > > This does of course mean that you cannot use the latest versions of
> > > Samba as an AD DC with freebsd unless somehow either samba-tool or
> > > freebsd is changed.
> >
> > BTW, just to be clear for those on the list:
> >
> > --use-ntvfs is gone by default, because we don't build it by default.
> > To re-enable it if you have a really important use case you use
> > --with- ntvfs-fileserver at configure time.
> >
> > The main reason for that is so that when a security hole is found in
> > the NTVFS file server (as all C code is prone to), that we don't have
> > to make the NAS vendors and major linux distros upgrade their
> > packages, as the code won't be in their binaries.
> >
> > (However we would really like to know if that is really needed, as the
> > code will probably go away at some point).
> >
> > Andrew Bartlett
> >
>
> It would seem that it is accepted practice to use '--use-ntvfs' on
> Freebsd with zfs if you want an AD DC. I have some ideas on how to fix
> this, but it depends on being able to build Samba on freebsd,
> something I am struggling with, so bear with me.
>
> Rowland
>

Regardless of --use-ntvfs I still can't upgrade to the bind9 backend due to
the segfault in samba_upgradedns.

I've tried to add a new domain controllor to the domain, and I get a the
following segfault in samba-tool:

[root at dc3 ~]# samba-tool domain join mbok.co.uk DC -Umbok\setup  --realm=
MBOK.CO.UK --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'mbok.co.uk'
Found DC dc1.mbok.co.uk
Password for [WORKGROUP\mboksetup]:
[root at dc3 ~]# samba-tool domain join mbok.co.uk DC -Usetup  --realm=
MBOK.CO.UK --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'mbok.co.uk'
Found DC dc1.mbok.co.uk
Password for [WORKGROUP\setup]:
workgroup is MBOK
realm is mbok.co.uk
checking sAMAccountName
Adding CN=DC3,OU=Domain Controllers,DC=mbok,DC=co,DC=uk
Adding
CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mbok,DC=co,DC=uk
Adding CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mbok,DC=co,DC=uk
Adding SPNs to CN=DC3,OU=Domain Controllers,DC=mbok,DC=co,DC=uk
Setting account password for DC3$
Enabling account
Adding DNS account CN=dns-DC3,CN=Users,DC=mbok,DC=co,DC=uk with dns/ SPN
Setting account password for dns-DC3
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/var/db/samba4/private/krb5.conf
Provision OK for domain DN DC=mbok,DC=co,DC=uk
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mbok,DC=co,DC=uk] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mbok,DC=co,DC=uk] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mbok,DC=co,DC=uk]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mbok,DC=co,DC=uk]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mbok,DC=co,DC=uk] objects[402/1619]
linked_values[0/0]
Partition[CN=Configuration,DC=mbok,DC=co,DC=uk] objects[804/1619]
linked_values[0/0]
Partition[CN=Configuration,DC=mbok,DC=co,DC=uk] objects[1206/1619]
linked_values[0/0]
Partition[CN=Configuration,DC=mbok,DC=co,DC=uk] objects[1608/1619]
linked_values[0/0]
Partition[CN=Configuration,DC=mbok,DC=co,DC=uk] objects[1619/1619]
linked_values[39/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mbok,DC=co,DC=uk] objects[98/98] linked_values[26/0]
Partition[DC=mbok,DC=co,DC=uk] objects[464/366] linked_values[52/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=mbok,DC=co,DC=uk
Partition[DC=DomainDnsZones,DC=mbok,DC=co,DC=uk] objects[87/87]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=mbok,DC=co,DC=uk
Partition[DC=ForestDnsZones,DC=mbok,DC=co,DC=uk] objects[19/19]
linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Segmentation fault (core dumped)

Thanks for your help
Cameron

More information about the samba mailing list