1480310 – /usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference

Bug 1480310 - /usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference

Summary: /usr/lib64/samba/libgse-samba4.so: symbol krb5_get_init_creds_opt_set_pac_re...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Andreas Schneider
QA Contact:	Andrej Dzilský
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1484423
TreeView+	depends on / blocked

Reported:	2017-08-10 16:18 UTC by Manu Augustine
Modified:	2021-09-09 12:30 UTC (History)
CC List:	16 users (show)
Fixed In Version:	samba-4.6.2-10.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1484423 (view as bug list)
Environment:
Last Closed:	2018-04-10 17:28:22 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:0937	0	None	None	None	2018-04-10 17:29:42 UTC

Description Manu Augustine 2017-08-10 16:18:41 UTC

Description of problem:

It appears that SSSD service is unable to start on a rhel 7.3 client after it was updated with latest security updates

Version-Release number of selected component (if applicable):
sssd, /usr/bin/net

How reproducible:


Steps to Reproduce:

1. Apply only security updates,
   [root@rhel7u3-2 rhn]# yum update-minimal --security
2. Try to join to a domain using realm command
   [root@rhel7u3-2 rhn]# realm join gsslab.pnq.redhat.com -v
     * Resolving: _ldap._tcp.gsslab.pnq.redhat.com
     * Successfully discovered: gsslab.pnq.redhat.com
     Password for Administrator: 
     /usr/bin/net: relocation error: /usr/lib64/samba/libgse-samba4.so: symbol  krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference
 ! Joining the domain gsslab.pnq.redhat.com failed
realm: Couldn't join realm: Joining the domain gsslab.pnq.redhat.com failed


3.

Actual results:
     /usr/bin/net: relocation error: /usr/lib64/samba/libgse-samba4.so: symbol  krb5_get_init_creds_opt_set_pac_request, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference
 ! Joining the domain gsslab.pnq.redhat.com failed
realm: Couldn't join realm: Joining the domain gsslab.pnq.redhat.com failed

Expected results:
Join should be successful

Additional info:

Issue will be resolved if I update krb5-libs package to the latest version (1.15.1-8.el7)

Comment 5 Andreas Schneider 2017-08-11 06:54:26 UTC

This sounds like that there is a krb5 update the customer didn't install?

Comment 7 Andreas Schneider 2017-08-11 13:11:58 UTC

So does it work if you update krb5?

Comment 16 Lukas Slebodnik 2017-08-14 19:16:03 UTC

Andreas,
I think you would need to add explicit requires to newer krb5 in samba-client-libs. (+ other packages which use newer krb5 symbols).

IMHO it can be part of next Z-stream update for another bug or security update.
Because there is simple workaround.

Comment 21 Andrej Dzilský 2017-08-24 15:16:54 UTC

Sanity Only.

Comment 25 errata-xmlrpc 2018-04-10 17:28:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0937

Note You need to log in before you can comment on or make changes to this bug.