[Samba] Samba keeps crashing when in AD mode due to mitkdc exiting.
Matthew Schumacher
matt.s at aptalaska.net
Mon Jun 6 14:00:51 UTC 2022
Hello All,
I have a number of samba servers acting like RODC controllers and every
few days samba exits because the MIT KDC Daemon dies with exit status 11:
[2022/06/04 21:14:29.561323, 0]
../../source4/dsdb/kcc/scavenge_dns_records.c:523(dns_delete_tombstones)
dns_delete_tombstones: Failed to delete dns node
kccsrv_dns_zone_tombstone_deletion: DNS tombstone deletion failed:
NT_STATUS_INTERNAL_ERRORkccsrv_periodic_run:
kccsrv_dns_zone_tombstone_scavenging failed - NT_STATUS_INTERNAL_ERROR
: Address family not supported by protocol The MIT KDC daemon died with
exit status 11
: Address family not supported by protocol task_server_terminate:
task_server_terminate: [mitkdc child process exited]
[2022/06/05 20:18:54.520080, 0]
../../source4/samba/server.c:391(samba_terminate)
samba_terminate: samba_terminate of samba 714: mitkdc child process
exited
in the mit_kdc.log I see:
Jun 05 20:18:54 host.ad.domain.net krb5kdc[753](info): TGS_REQ (5 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135)}) 172.23.77.6: PROCESS_TGS: authtime 0, etypes
{rep=UNSUPPORTED:(0)} <unknown client> for
krbtgt/ad.domain.net at ad.domain.net, No matching key in entry
Jun 05 20:18:54 host.ad.domain.net krb5kdc[753](info): closing down fd 21
I'm using samba-4.16.1 and krb5-1.19.3. Any thoughts on how to debug
this issue so that I can report a bug to at least keep it running?
I can compile an alternate kerberos daemon and rebuild samba against it,
but it's my understanding that AD mode only works with MIT kerberos.
schu
More information about the samba
mailing list