Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 459618

Summary: smbd crash on ads_verify_ticket
Product: Red Hat Enterprise Linux 5 Reporter: Paolo Penzo <paolo.penzo>
Component: samba3xAssignee: Guenther Deschner <gdeschner>
Status: CLOSED CURRENTRELEASE QA Contact: qe-baseos-daemons
Severity: urgent Docs Contact:
Priority: medium    
Version: 5.2CC: dpal, gdeschner, nalin, vtsuryawanshi
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-29 19:00:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
smb.conf none

Description Paolo Penzo 2008-08-20 16:27:40 UTC 
Created attachment 314637 [details]
smb.conf

When security=ADS smbd often crashes on function ads_verify_ticket with this log message:
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(41)
 smbd[7357]:   ===============================================================
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(42)
 smbd[7357]:   INTERNAL ERROR: Signal 11 in pid 7357 (3.0.28-1.el5_2.1)
 smbd[7357]:   Please read the Trouble-Shooting section of the Samba3-HOWTO
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(44)
 smbd[7357]:
 smbd[7357]:   From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(45)
 smbd[7357]:   ===============================================================
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/util.c:smb_panic(1655)
 smbd[7357]:   PANIC (pid 7357): internal error
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/util.c:log_stack_trace(1759)
 smbd[7357]:   BACKTRACE: 16 stack frames:
 smbd[7357]:    #0 smbd(log_stack_trace+0x1c) [0x2b84626f2fcc]
 smbd[7357]:    #1 smbd(smb_panic+0x43) [0x2b84626f30b3]
 smbd[7357]:    #2 smbd [0x2b84626e0bb2]
 smbd[7357]:    #3 /lib64/libpthread.so.0 [0x2b8463e51e70]
 smbd[7357]:    #4 /lib64/libc.so.6(fseek+0x1) [0x2b84653d37e1]
 smbd[7357]:    #5 /usr/lib64/libkrb5.so.3(krb5_ktfile_get_next+0x91) [0x2b846338a511]
 smbd[7357]:    #6 smbd(ads_verify_ticket+0xe70) [0x2b8462794550]
 smbd[7357]:    #7 smbd [0x2b8462577353]
 smbd[7357]:    #8 smbd [0x2b8462578175]
 smbd[7357]:    #9 smbd [0x2b8462578e33]
 smbd[7357]:    #10 smbd(reply_sesssetup_and_X+0x995) [0x2b8462579c15]
 smbd[7357]:    #11 smbd [0x2b84625a4a14]
 smbd[7357]:    #12 smbd(smbd_process+0x7b1) [0x2b84625a59c1]
 smbd[7357]:    #13 smbd(main+0xa20) [0x2b84627a7d00]
 smbd[7357]:    #14 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b84653888b4]
 smbd[7357]:    #15 smbd [0x2b8462537239]
 smbd[7357]: [2008/08/20 18:02:39, 0] lib/fault.c:dump_core(159)
 smbd[7357]:   Exiting on internal error (core file administratively disabled) 



This issue arises in versions 3.0.25b-0.el5.4, 3.0.28-0.el5.8 and 3.0.28-1.el5_2
Comment 1 Guenther Deschner 2008-08-21 14:40:14 UTC 
This is related to an odd behaviour of MIT kerberos, can you set "use kerberos keytab" to "no" and see if the issue is resolved ? 

If it fixes the segfault, do you really require this option in your environment ?
Comment 2 Paolo Penzo 2008-08-21 17:35:56 UTC 
On this machine I've another smb service running a similar configuration which does not suffer from this issue...
Comment 8 Dmitri Pal 2010-06-29 19:00:58 UTC 
Can you please retest with 5.3 and later? We believe that this issue is already addressed in the latest kerberos libraries since 5.3.

Closing the bug as addressed in current release.
Comment 9 Guenther Deschner 2010-06-30 09:44:45 UTC 
I can confirm current RHEL5 contains the appropriate fix (just tested).
Comment 11 Paolo Penzo 2010-06-30 14:12:09 UTC 
As far as I can see, this issue does not arise on newer versions of RHEL5.