[Samba] Signal 11 on domain join (Debian 10 Samba 4.9.5+dfsg-5+deb10u1)
Aaron C. de Bruyn
aaron at heyaaron.com
Thu Nov 12 03:19:15 UTC 2020
I wanted to do a little playtesting with Samba as a domain controller.
I spun up a Debian 10 box, installed Samba (package 4.9.5+dfsg-5+deb10u1) ,
and attempted to join it to the domain. It crashed horribly. ;)
Unfortunately their domain ends in ".local". There's nothing I can do
about it at the moment. But I do remove multicast DNS from nsswitch to
prevent it from attempting to resolve instead of a "real" DNS server.
root at usseaodnas01:~# samba-tool domain join customer.local DC -k yes
--server uswuxsdsrv01 --site USSEAOD -v
workgroup is CUSTOMER
realm is customer.local
Deleted CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Deleted CN=NTDS
Settings,CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Deleted
CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Adding
CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding CN=NTDS
Settings,CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding SPNs to CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Setting account password for USSEAODNAS01$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
Provision OK for domain DN DC=customer,DC=local
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[402/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[804/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[1206/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[1608/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2010/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2412/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2814/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3216/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3618/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3970/3736] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=customer,DC=local] objects[402/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[804/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[1206/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[1608/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2010/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2412/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2771/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3173/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3575/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3977/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4353/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4562/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4723/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4886/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5050/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5224/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5396/8659]
linked_values[32/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5492/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5589/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5687/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5785/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5883/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5981/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[6218/8659]
linked_values[45/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[6518/8659]
linked_values[437/383]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=customer,DC=local] objects[6820/8659]
linked_values[437/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7132/8659]
linked_values[22/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7449/8659]
linked_values[49/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7741/8659]
linked_values[167/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Replicating critical objects from the base DN of the domain
Partition[DC=customer,DC=local] objects[70/660] linked_values[597/148216]
Partition[DC=customer,DC=local] objects[73/660] linked_values[591/148216]
Partition[DC=customer,DC=local] objects[147/660] linked_values[176/148216]
Partition[DC=customer,DC=local] objects[147/660] linked_values[0/148216]
Partition[DC=customer,DC=local] objects[217/12401] linked_values[597/148216]
===============================================================
INTERNAL ERROR: Signal 11 in pid 11893 (4.9.5-Debian)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
smb_panic_default: PANIC (pid 11893): internal error
BACKTRACE: 53 stack frames:
#0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x32)
[0x7fe2e709a8d2]
#1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x52)
[0x7fe2e709aa02]
#2 /lib/x86_64-linux-gnu/libsamba-util.so.0(+0x24c16) [0x7fe2e709ac16]
#3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7fe2e7eec730]
#4 /lib/x86_64-linux-gnu/libldb.so.1(+0xbc9f) [0x7fe2e74cec9f]
#5
/lib/x86_64-linux-gnu/libldb.so.1(ldb_ldif_write_redacted_trace_string+0x4f)
[0x7fe2e74d027f]
#6
/lib/x86_64-linux-gnu/libldb.so.1(ldb_ldif_message_redacted_string+0x24)
[0x7fe2e74d0394]
#7
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/repl_meta_data.so(+0xb316)
[0x7fe2e3a89316]
#8 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x7322)
[0x7fe2e3c90322]
#9
/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5)
[0x7fe2e7136c55]
#10
/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x7a)
[0x7fe2e7136dea]
#11 /lib/x86_64-linux-gnu/libtevent.so.0(+0xce67) [0x7fe2e7137e67]
#12 /lib/x86_64-linux-gnu/libtevent.so.0(+0xb2d7) [0x7fe2e71362d7]
#13 /lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84)
[0x7fe2e71317e4]
#14 /lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0xb3) [0x7fe2e74e3d83]
#15 /lib/x86_64-linux-gnu/libldb.so.1(ldb_extended+0x10f) [0x7fe2e74e4f8f]
#16
/lib/x86_64-linux-gnu/libsamdb.so.0(dsdb_replicated_objects_commit+0x1d7)
[0x7fe2e6162017]
#17
/usr/lib/x86_64-linux-gnu/samba/libsamba-net.so.0(libnet_vampire_cb_store_chunk+0x713)
[0x7fe2e4fe09c3]
#18 /usr/lib/python2.7/dist-packages/samba/net.x86_64-linux-gnu.so(+0x3c22)
[0x7fe2e5012c22]
#19 /usr/bin/python2.7(PyEval_EvalFrameEx+0x65a7) [0x558868dacdd7]
#20 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5b8a) [0x558868dac3ba]
#21 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#22 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5e1e) [0x558868dac64e]
#23 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#24 /usr/bin/python2.7(PyEval_EvalFrameEx+0x63a8) [0x558868dacbd8]
#25 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#26 /usr/bin/python2.7(PyEval_EvalFrameEx+0x63a8) [0x558868dacbd8]
#27 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#28 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5e1e) [0x558868dac64e]
#29 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#30 /usr/bin/python2.7(+0x10c127) [0x558868dc2127]
#31 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
#32 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
#33 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#34 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
#35 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
#36 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
#37 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#38 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
#39 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
#40 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
#41 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#42 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
#43 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
#44 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
#45 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
#46 /usr/bin/python2.7(PyEval_EvalCode+0x19) [0x558868da41f9]
#47 /usr/bin/python2.7(+0x120e2f) [0x558868dd6e2f]
#48 /usr/bin/python2.7(PyRun_FileExFlags+0x80) [0x558868dd1d20]
#49 /usr/bin/python2.7(PyRun_SimpleFileExFlags+0x16a) [0x558868dd16ca]
#50 /usr/bin/python2.7(Py_Main+0x5c8) [0x558868d72188]
#51 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb)
[0x7fe2e799209b]
#52 /usr/bin/python2.7(_start+0x2a) [0x558868d71aea]
Aborted
root at usseaodnas01:~#
After doing a bunch of reading through the list, and the args to
samba-tool, I tried adding the flag --domain-critical-only and it joined
without a problem.
I'm curious if Samba will have problems replicating 'non-critical' domain
data now that the join is finished...although I'm not entirely sure what
the difference is between critical and non-critical data in LDAP.
Regardless, I figured someone might want me to do a bit more digging to
find out what's causing the crash.
-A
More information about the samba
mailing list