[Cooker] [Bug 6180] [samba3-common] Segmentation fault net3 groupmap list - with ldaps only
http://qa.mandrakesoft.com/show_bug.cgi?id=6180 --- Additional Comments From [EMAIL PROTECTED] 2003-20-10 18:08 --- I also have to set the following options in /etc/ldap.conf #uri ldaps://mse.foo.com ssl off if I use uri ldaps://mse.foo.com ssl on and in smb.conf passdb backend = ldapsam:ldaps://mse.foo.com or passdb backend = ldapsam:ldap://mse.foo.com I get the Segmentation fault. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: UNCONFIRMED creation_date: description: I've configured samba3 (smb.conf) with ldaps to connect our LDAP Server. When executing the command "net3 groupmap list" I always get a Segmentation fault. gdb -c core.22231 Program terminated with signal 11, Segmentation fault. #0 0x40286e38 in ?? () If I change the line: passdb backend = ldapsam:ldaps://mse.foo.com to passdb backend = ldapsam:ldap://mse.foo.com everything works. I'm able to reproduce this error on two different servers with ML 9.1. I can make a connection to a share on the samba server when ldaps is activated - so ldaps seems to work.
[Cooker] [Bug 6180] [samba3-common] Segmentation fault net3 groupmap list - with ldaps only
http://qa.mandrakesoft.com/show_bug.cgi?id=6180 --- Additional Comments From [EMAIL PROTECTED] 2003-20-10 18:38 --- Can you please confirm exactly which packages you are using (you noted samba-3.0.1pre1 but I have not made packages for Mandrake 9.1, using the cooker packages on Mandrake 9.1 *will* cause problems as cooker/9.2 run openldap-2.1.x, Mandrake 9.1 shipped with openldap-2.0.x, and there are some incompatabilities between the two versions in the libraries). $ rpm -qa 'samba3*' should do. If you are running non-standard versions of any other related software, please note those too ... Also, can yo confirm whether or not you have correct certificate infrastructure in place (ie you have a CA certificate available and defined in /etc/ldap.conf on the samba server, and the LDAP server has a valid certificate, with the CN value matching it's hostname as set in the passdb backend line, signed by the CA certificate)? I will test on my test samba3/LDAP network later today, but I think I had SSL or TLS working ... -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: UNCONFIRMED creation_date: description: I've configured samba3 (smb.conf) with ldaps to connect our LDAP Server. When executing the command "net3 groupmap list" I always get a Segmentation fault. gdb -c core.22231 Program terminated with signal 11, Segmentation fault. #0 0x40286e38 in ?? () If I change the line: passdb backend = ldapsam:ldaps://mse.foo.com to passdb backend = ldapsam:ldap://mse.foo.com everything works. I'm able to reproduce this error on two different servers with ML 9.1. I can make a connection to a share on the samba server when ldaps is activated - so ldaps seems to work.
[Cooker] [Bug 6180] [samba3-common] Segmentation fault net3 groupmap list - with ldaps only
http://qa.mandrakesoft.com/show_bug.cgi?id=6180 --- Additional Comments From [EMAIL PROTECTED] 2003-21-10 00:18 --- I've compiled the packages from samba3-3.0.1-0.pre1.2mdk.src.rpm Following packages are installed on the system: samba3-client-3.0.1-0.pre1.2mdk samba3-doc-3.0.1-0.pre1.2mdk samba3-common-3.0.1-0.pre1.2mdk samba3-server-3.0.1-0.pre1.2mdk openldap-2.0.27-5.3mdk openldap-clients-2.0.27-5.3mdk openldap-servers-2.0.27-5.3mdk libldap2-2.0.27-5.3mdk libldap2-devel-2.0.27-5.3mdk nss_ldap-207-1.1mdk pam_ldap-164-1.1mdk In /etc/openldap/slapd.conf I've activated SSL with: TLSRandFile/dev/random TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/ssl/openldap/ldap.cert TLSCertificateKeyFile /etc/ssl/openldap/ldap.key TLSCACertificatePath /etc/ssl/openldap/ TLSCACertificateFile/etc/ssl/openldap/ca.cert I'm able to connect the ldap-server with ldapsearch -x -ZZ -h mse.foo.com '(uid=deg)' dn So the certificates are ok. With /etc/ldap.conf uri ldaps://mse.foo.com ssl on the user authentication works and the users are able to connect to the shares of the samba-server (also with ldapsam:ldaps://...) but net3 groupmap add/list and so on fails with segmentation fault. Did I make a mistake? -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: UNCONFIRMED creation_date: description: I've configured samba3 (smb.conf) with ldaps to connect our LDAP Server. When executing the command "net3 groupmap list" I always get a Segmentation fault. gdb -c core.22231 Program terminated with signal 11, Segmentation fault. #0 0x40286e38 in ?? () If I change the line: passdb backend = ldapsam:ldaps://mse.foo.com to passdb backend = ldapsam:ldap://mse.foo.com everything works. I'm able to reproduce this error on two different servers with ML 9.1. I can make a connection to a share on the samba server when ldaps is activated - so ldaps seems to work.
[Cooker] [Bug 6180] [samba3-common] Segmentation fault net3 groupmap list - with ldaps only
http://qa.mandrakesoft.com/show_bug.cgi?id=6180 [EMAIL PROTECTED] changed: What|Removed |Added Status|UNCONFIRMED |NEEDINFO --- Additional Comments From [EMAIL PROTECTED] 2003-21-10 01:50 --- No, your setup looks good. I have a simliar setup running on Mandrake 9.0 with (packages built on the machine): # rpm -qa 'samba3*' samba3-passdb-xml-3.0.1-0.pre1.1mdk samba3-doc-3.0.1-0.pre1.1mdk samba3-server-3.0.1-0.pre1.1mdk samba3-common-3.0.1-0.pre1.1mdk and Mandrake 9.1 running the same packages (built on 9.1) But this works here: # net3 groupmap list bgmilne (S-1-5-21-2244014245-3637982190-3323613867-2003) -> bgmilne milne (S-1-5-21-2244014245-3637982190-3323613867-2009) -> milne home (S-1-5-21-2244014245-3637982190-3323613867-3001) -> home Domain Admins (S-1-5-21-2244014245-3637982190-3323613867-512) -> adm Domain Users (S-1-5-21-2244014245-3637982190-3323613867-513) -> users Domain Guests (S-1-5-21-2244014245-3637982190-3323613867-132069) -> nogroup Machine accounts (S-1-5-21-2244014245-3637982190-3323613867-1843) -> machines root (S-1-5-21-2244014245-3637982190-3323613867-1001) -> root However, when running with TLS/SSL against a different host, ie with samba on 9.1 and openldap on 9.0, I get the segmentation fault. However, I also get the segmentation fault running an ldapsearch: Search against local host: [EMAIL PROTECTED] bgmilne]$ ldapsearch -x -h bgmilne.home.control.co.za -ZZ -LLL "(uid=bgmilne)" dn dn: uid=bgmilne,ou=People,dc=home,dc=control,dc=co,dc=za [EMAIL PROTECTED] bgmilne]$ ldapsearch -x -h fw.home.control.co.za -ZZ -LLL "(uid=bgmilne)" dn Segmentation fault It works the other way around: [EMAIL PROTECTED] bgmilne]$ ldapsearch -x -h bgmilne.home.control.co.za -ZZ -LLL "(uid=bgmilne)" dn dn: uid=bgmilne,ou=People,dc=home,dc=control,dc=co,dc=za Running net3 groupmap list with samba on 9.0 and openldap on 9.1 also gives no problems. I believe the problem is with the openldap/ssl libraries on 9.1 (as problems also exist with other software using libldap2, such as gq, when running against a remote server with SSL/TLS). I have one 9.1 box with working ldap/TLS to another machine, but that is running: $ rpm -qa '*ldap*' libldap2-devel-2.1.22-1mdk libsasl2-plug-ldapdb-2.1.13-2.2mdk php-ldap-4.3.0-3mdk libldap2-2.1.22-1mdk openldap-2.1.22-1mdk openldap-servers-2.1.22-1mdk nss_ldap-207-1.1mdk perl-ldap-0.27.01-1mdk openldap-clients-2.1.22-1mdk pam_ldap-164-1.1mdk (of course with all relevant software rebuilt against openldap and sasl). At present the suggestion is to run an LDAP slave on any samba server anyway (for performance reasons). If you are getting sefaults against the local host, that is more serious. Of course, this makes failover more difficult. Anyway, I think this bug is specific to Mandrake 9.1, and in openldap/libldap. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEEDINFO creation_date: description: I've configured samba3 (smb.conf) with ldaps to connect our LDAP Server. When executing the command "net3 groupmap list" I always get a Segmentation fault. gdb -c core.22231 Program terminated with signal 11, Segmentation fault. #0 0x40286e38 in ?? () If I change the line: passdb backend = ldapsam:ldaps://mse.foo.com to passdb backend = ldapsam:ldap://mse.foo.com everything works. I'm able to reproduce this error on two different servers with ML 9.1. I can make a connection to a share on the samba server when ldaps is activated - so ldaps seems to work.
[Cooker] [Bug 6180] [samba3-common] Segmentation fault net3 groupmap list - with ldaps only
http://qa.mandrakesoft.com/show_bug.cgi?id=6180 --- Additional Comments From [EMAIL PROTECTED] 2003-21-10 22:24 --- Ok, tomorrow I will do some more tests and compile openldap-2.1.22 on Mandrake 9.1. -- Configure bugmail: http://qa.mandrakesoft.com/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are on the CC list for the bug, or are watching someone who is. --- Reminder: --- assigned_to: [EMAIL PROTECTED] status: NEEDINFO creation_date: description: I've configured samba3 (smb.conf) with ldaps to connect our LDAP Server. When executing the command "net3 groupmap list" I always get a Segmentation fault. gdb -c core.22231 Program terminated with signal 11, Segmentation fault. #0 0x40286e38 in ?? () If I change the line: passdb backend = ldapsam:ldaps://mse.foo.com to passdb backend = ldapsam:ldap://mse.foo.com everything works. I'm able to reproduce this error on two different servers with ML 9.1. I can make a connection to a share on the samba server when ldaps is activated - so ldaps seems to work.
