Samba4 beta 7 and beta 8 git, talloc and enctype errors
steve
steve at steve-ss.com
Wed Aug 29 01:58:30 MDT 2012
On 29/08/12 09:47, steve wrote:
> On 29/08/12 09:05, Alexander Bokovoy wrote:
>> On Wed, Aug 29, 2012 at 10:01 AM, steve <steve at steve-ss.com> wrote:
>>> On 29/08/12 08:23, Andrew Bartlett wrote:
>>>>
>>>> On Wed, 2012-08-29 at 08:05 +0200, steve wrote:
>>>>>
>>>>> Hi
>>>>>
>>>>> Single DC upgraded from a working beta 7 git to a beta 8 git crashes
>>>>> with a talloc error
>>>>>
>>>>> Error 1 talloc error
>>>>>
>>>>
>>>>> #8 0xb7e676ce in _talloc_free (ptr=0xb7f73ff4,
>>>>> location=0xb7f70e9c
>>>>> "../auth/credentials/credentials_secrets.c:239")
>>>>> at ../lib/talloc/talloc.c:1349
>>>>> tc = 0x89318f8
>>>>> #9 0xb7f6d8c4 in cli_credentials_set_machine_account (cred=0x8244d50,
>>>>> lp_ctx=0x805bf78) at
>>>>> ../auth/credentials/credentials_secrets.c:239
>>>>> dbuf = {dptr = 0xb7f73ff4 "(\016\001", dsize = 3221220872}
>>>>> status = {v = 3221226021}
>>>>> filter = 0x7 <Address 0x7 out of bounds>
>>>>> error_string = 0xb7f6b5db
>>>>> <cli_credentials_invalidate_ccache+118>
>>>>> "\203\304\024[]\303U\211\345S\203\354$\350\023\277\377\377\201\303\a\212"
>>>>>
>>>>> domain = 0x867b408 "ALTEA"
>>>>> realm = 0x8e54380 "HH3.SITE"
>>>>> secrets_tdb_password_more_recent = 8
>>>>> secrets_tdb_lct = 0
>>>>> secrets_tdb_password = 0x0
>>>>> keystr = 0x0
>>>>> keystr_upper = 0x0
>>>>> secrets_tdb = 0x82e3d08
>>>>> "/usr/local/samba/private/secrets.tdb"
>>>>> db_ctx = 0x87ba0d0
>>>>> __FUNCTION__ = "cli_credentials_set_machine_account"
>>>>
>>>>
>>>> The fix for this was verified by David Rivera
>>>> <rivera.david87 at gmail.com>
>>>> earlier today an is in master already.
>>>>
>>>>>
>>>>> Error 2, spn enctype and authentication error
>>>>> On a new install of beta 7 updated to a beta 8 git
>>>>>
>>>>> Error a: Creating an spn for nfs creates only one key:
>>>>>
>>>>> hh30:/home/steve # samba-tool spn delete nfs/hh30.hh3.site
>>>>> hh30:/home/steve # rm /etc/krb5.keytab
>>>>> hh30:/home/steve # samba-tool spn add nfs/hh30.hh3.site nfs-user
>>>>> hh30:/home/steve # samba-tool domain exportkeytab /etc/krb5.keytab
>>>>> --principal=nfs/hh30.hh3.site
>>>>> hh30:/home/steve # klist -ke /etc/krb5.keytab
>>>>> Keytab name: FILE:/etc/krb5.keytab
>>>>> KVNO Principal
>>>>> ----
>>>>>
>>>>> --------------------------------------------------------------------------
>>>>>
>>>>> 1 nfs/hh30.hh3.site at HH3.SITE (des-cbc-crc)
>>>>>
>>>>> Previous versions created the arcfour key as well as the other des
>>>>> key.
>>>>
>>>>
>>>> I do apologise, I seem to have had a particularly bad run of code
>>>> yesterday. The attached patch should fix it, and is in autobuild.
>>>>
>>>> Andrew Bartlett
>>>>
>>> Problem with patch:
>>> steve at hh1:~/samba-master> patch -pl
>>> /home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
>>>
>>> patch: **** strip count l is not a number
>>
>> because -p asks for a number, not a letter l. -p1 (dash p one).
>>
>>
> Hi
> Thanks, but still no good. After:
> steve at hh1:~/samba-master> patch -p1
> /home/steve/Desktop/0001-s4-libnet-Fix-passing-samba_all_enctypes-as-a-fn-rat.patch
>
>
> It sits there forever, never terminating.
>
> Here is the patch:
>
> >From d683b48e784e4a9e47883563d90837ff1fb2db3b Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Wed, 29 Aug 2012 16:22:24 +1000
> Subject: [PATCH] s4-libnet: Fix passing samba_all_enctypes as a fn rather
> than the encrypt array it returns
>
> ---
> source4/libnet/libnet_export_keytab.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/source4/libnet/libnet_export_keytab.c
> b/source4/libnet/libnet_export_keytab.c
> index 9763726..16165b8 100644
> --- a/source4/libnet/libnet_export_keytab.c
> +++ b/source4/libnet/libnet_export_keytab.c
> @@ -63,7 +63,7 @@ NTSTATUS libnet_export_keytab(struct libnet_context
> *ctx, TALLOC_CTX *mem_ctx, s
> }
>
> if (r->in.principal) {
> - ret = kt_copy_one_principal(smb_krb5_context->krb5_context,
> from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes);
> + ret = kt_copy_one_principal(smb_krb5_context->krb5_context,
> from_keytab, r->in.keytab_name, r->in.principal, 0, samba_all_enctypes());
> } else {
> unlink(r->in.keytab_name);
> ret = kt_copy(smb_krb5_context->krb5_context, from_keytab,
> r->in.keytab_name);
Hi
I think I just need to change
samba_all_enctypes
to
samba_all_enctypes()
in source4/libnet/libnet_export_keytab.c
Would that do it?
Cheers,
Steve
More information about the samba-technical
mailing list