/usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference
Description of problem:
It appears that SSSD service is unable to start on a rhel 7.3 client after it was updated with latest security updates
Version-Release number of selected component (if applicable):
sssd, /usr/bin/net
How reproducible:
Steps to Reproduce:
1. Apply only security updates,
[root@rhel7u3-2 rhn]# yum update-minimal --security
2. Try to join to a domain using realm command
[root@rhel7u3-2 rhn]# realm join gsslab.pnq.redhat.com -v
* Resolving: _ldap._tcp.gsslab.pnq.redhat.com
* Successfully discovered: gsslab.pnq.redhat.com
Password for Administrator:
/usr/bin/net: relocation error: /usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference
! Joining the domain gsslab.pnq.redhat.com failed
realm: Couldn't join realm: Joining the domain gsslab.pnq.redhat.com failed
3.
Actual results:
/usr/bin/net: relocation error: /usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference
! Joining the domain gsslab.pnq.redhat.com failed
realm: Couldn't join realm: Joining the domain gsslab.pnq.redhat.com failed
Expected results:
Join should be successful
Additional info:
Issue will be resolved if I update krb5-libs package to the latest version (1.15.1-8.el7)
Comment 5Andreas Schneider
2017-08-11 06:54:26 UTC
This sounds like that there is a krb5 update the customer didn't install?
Comment 7Andreas Schneider
2017-08-11 13:11:58 UTC
Andreas,
I think you would need to add explicit requires to newer krb5 in samba-client-libs. (+ other packages which use newer krb5 symbols).
IMHO it can be part of next Z-stream update for another bug or security update.
Because there is simple workaround.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:0937