Bug 172372 - net ads join dumped core
net ads join dumped core
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
4.0
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Guenther Deschner
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-03 09:22 EST by Silvio Wanka
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHEA-2007-0698
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:14:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
belongs to Comment #3 (485 bytes, text/plain)
2006-09-05 12:30 EDT, Silvio Wanka
no flags Details
belongs to Comment #3 (4.13 KB, text/plain)
2006-09-05 12:30 EDT, Silvio Wanka
no flags Details

  None (edit)
Description Silvio Wanka 2005-11-03 09:22:57 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

Description of problem:
I have update the system to RHEL 4 Update 2, but this problem is not solved.
Because I had already created a bug report @ bugzilla.samba.org here the link:

   https://bugzilla.samba.org/show_bug.cgi?id=3114

the bug is solved in a later samba release, so the baseline of RHEL 4 should
be changed.

Version-Release number of selected component (if applicable):
samba-common-3.0.10-1.4E.2

How reproducible:
Always

Steps to Reproduce:
1. kinit <domain-admin>
2. net ads join # to a W2k3 domain controler
3.
  

Actual Results:  get_service_ticket: kerberos_kinit_password <hostname>$@>@<AD-domain>@>@<AD-domain> failed: Preauthentication failed
Segmentation fault


Additional info:
Comment 1 RHEL Product and Program Management 2006-08-18 13:06:13 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 2 Nalin Dahyabhai 2006-08-31 17:40:59 EDT
I can't reproduce this with the versions of samba, krb5, and openldap from
either U2 or U4 (admittedly, testing against Windows 2003 R2).  Can you provide
us with more information about how you've got the Windows domain controller
configured (particularly any configuration changes made from the defaults), as
well as the contents of your /etc/krb5.conf and /etc/samba/smb.conf files?

Just to be sure, you're not using the literal values "<hostname>" and such as
your host and domain names?  Is the sequence "@>@" a typo, or is it actually
showing up in the logged output?
Comment 3 Silvio Wanka 2006-09-05 12:27:15 EDT
(In reply to comment #2)
> I can't reproduce this with the versions of samba, krb5, and 
> openldap from  either U2 or U4 (admittedly, testing against
> Windows 2003 R2).

1. I have updated to U4 and it is the same. I don't use
   LDAP, but it is installed.

2. Is this a fresh (not updated) W2k3 Domain Controller?
3. additional Info from gdb:
   Program received signal SIGSEGV, Segmentation fault.
   0x0000002a95c1e30e in krb5_free_principal () from
   /usr/lib64/libkrb5.so.3
4. Please remember it is known samba bug, which should be
   solved in a later release as 3.0.10, see
   https://bugzilla.samba.org/show_bug.cgi?id=3114

   maybe it is 

   https://bugzilla.samba.org/show_bug.cgi?id=2074
   or https://bugzilla.samba.org/show_bug.cgi?id=2186

> Can you provide us with more information about how
> you've got the Windows domain controller
> configured (particularly any configuration changes
> made from the defaults),

No, but we have many DC and LDAP access is only enabled
on one.

> as well as the contents of your /etc/krb5.conf and 
> /etc/samba/smb.conf files?

see attachments.

> Just to be sure, you're not using the literal values 
> "<hostname>" and such as our host and domain names? 
> Is the sequence "@>@" a typo, or is it actually
> showing up in the logged output?

This is only to get no problems with our security responsible ;-).

[2006/09/05 16:25:31, 0] libads/ldap.c:ads_add_machine_acct(1405)
  ads_add_machine_acct: Host account for HostToBeJoin already exists - 
modifying old account
Using short domain name -- OUR-DOMAIN-NET
[2006/09/05 16:25:36, 0] libads/kerberos.c:get_service_ticket(335)
  get_service_ticket: kerberos_kinit_password 
HostToBeJoin$@Our.Domain.net@Our.Domain.net failed: Preauthentication failed

Program received signal SIGSEGV, Segmentation fault.
0x0000002a95c1e30e in krb5_free_principal () from /usr/lib64/libkrb5.so.3
Comment 4 Silvio Wanka 2006-09-05 12:30:10 EDT
Created attachment 135585 [details]
belongs to Comment #3
Comment 5 Silvio Wanka 2006-09-05 12:30:53 EDT
Created attachment 135586 [details]
belongs to Comment #3
Comment 7 Silvio Wanka 2006-09-07 06:03:36 EDT
David Lawrence <dkl@redhat.com> wrote:
> Developer unable to replicate problem with an up2date version of Windows2003.
> Customer is asking to test against an un-updated version of Windows which
> doesn't make sense. Unless we get more clear and concise testing information,
> we cannot qa_ack+ for 4.5

1. Our W2k3 server are up to date (SP1 and all MS updates) but we don't have
   install W2k3 server Edition 2 over the existig installations
2. We use the default configurations
3. On SUSE 9.2 (it was at that time as I get this error the first time the
   current release) with the same krb5.conf and smb.conf it works. It uses also
   Samba 3.0.10 but not the MIT Kerberos.
4. Why you don't ask the samba peoples?
5. Should I switch to SUSE or the better Samba packages from 
http://enterprisesamba.org/index.php?id=54?
   Which works and the last are up to date and better tested. Why I pay for RHN?

Note: All opinions are mine!
Comment 9 RHEL Product and Program Management 2007-04-17 17:24:45 EDT
Although this bugzilla was approved for RHEL 4.5, we were unable
to resolve it in time to be included in the release.  Therefore
it is now proposed for RHEL 4.6.
Comment 10 RHEL Product and Program Management 2007-05-09 07:09:04 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 11 Guenther Deschner 2007-07-05 10:36:45 EDT
Fixed and verified with 3.0.25b, this is no longer an issue.
Comment 14 errata-xmlrpc 2007-11-15 11:14:17 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2007-0698.html

Note You need to log in before you can comment on or make changes to this bug.