From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322) Description of problem: I have update the system to RHEL 4 Update 2, but this problem is not solved. Because I had already created a bug report @ bugzilla.samba.org here the link: https://bugzilla.samba.org/show_bug.cgi?id=3114 the bug is solved in a later samba release, so the baseline of RHEL 4 should be changed. Version-Release number of selected component (if applicable): samba-common-3.0.10-1.4E.2 How reproducible: Always Steps to Reproduce: 1. kinit <domain-admin> 2. net ads join # to a W2k3 domain controler 3. Actual Results: get_service_ticket: kerberos_kinit_password <hostname>$@>@<AD-domain>@>@<AD-domain> failed: Preauthentication failed Segmentation fault Additional info:
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
I can't reproduce this with the versions of samba, krb5, and openldap from either U2 or U4 (admittedly, testing against Windows 2003 R2). Can you provide us with more information about how you've got the Windows domain controller configured (particularly any configuration changes made from the defaults), as well as the contents of your /etc/krb5.conf and /etc/samba/smb.conf files? Just to be sure, you're not using the literal values "<hostname>" and such as your host and domain names? Is the sequence "@>@" a typo, or is it actually showing up in the logged output?
(In reply to comment #2) > I can't reproduce this with the versions of samba, krb5, and > openldap from either U2 or U4 (admittedly, testing against > Windows 2003 R2). 1. I have updated to U4 and it is the same. I don't use LDAP, but it is installed. 2. Is this a fresh (not updated) W2k3 Domain Controller? 3. additional Info from gdb: Program received signal SIGSEGV, Segmentation fault. 0x0000002a95c1e30e in krb5_free_principal () from /usr/lib64/libkrb5.so.3 4. Please remember it is known samba bug, which should be solved in a later release as 3.0.10, see https://bugzilla.samba.org/show_bug.cgi?id=3114 maybe it is https://bugzilla.samba.org/show_bug.cgi?id=2074 or https://bugzilla.samba.org/show_bug.cgi?id=2186 > Can you provide us with more information about how > you've got the Windows domain controller > configured (particularly any configuration changes > made from the defaults), No, but we have many DC and LDAP access is only enabled on one. > as well as the contents of your /etc/krb5.conf and > /etc/samba/smb.conf files? see attachments. > Just to be sure, you're not using the literal values > "<hostname>" and such as our host and domain names? > Is the sequence "@>@" a typo, or is it actually > showing up in the logged output? This is only to get no problems with our security responsible ;-). [2006/09/05 16:25:31, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for HostToBeJoin already exists - modifying old account Using short domain name -- OUR-DOMAIN-NET [2006/09/05 16:25:36, 0] libads/kerberos.c:get_service_ticket(335) get_service_ticket: kerberos_kinit_password HostToBeJoin$@Our.Domain.net.net failed: Preauthentication failed Program received signal SIGSEGV, Segmentation fault. 0x0000002a95c1e30e in krb5_free_principal () from /usr/lib64/libkrb5.so.3
Created attachment 135585 [details] belongs to Comment #3
Created attachment 135586 [details] belongs to Comment #3
David Lawrence <dkl> wrote: > Developer unable to replicate problem with an up2date version of Windows2003. > Customer is asking to test against an un-updated version of Windows which > doesn't make sense. Unless we get more clear and concise testing information, > we cannot qa_ack+ for 4.5 1. Our W2k3 server are up to date (SP1 and all MS updates) but we don't have install W2k3 server Edition 2 over the existig installations 2. We use the default configurations 3. On SUSE 9.2 (it was at that time as I get this error the first time the current release) with the same krb5.conf and smb.conf it works. It uses also Samba 3.0.10 but not the MIT Kerberos. 4. Why you don't ask the samba peoples? 5. Should I switch to SUSE or the better Samba packages from http://enterprisesamba.org/index.php?id=54? Which works and the last are up to date and better tested. Why I pay for RHN? Note: All opinions are mine!
Although this bugzilla was approved for RHEL 4.5, we were unable to resolve it in time to be included in the release. Therefore it is now proposed for RHEL 4.6.
Fixed and verified with 3.0.25b, this is no longer an issue.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2007-0698.html