[Bug 1290448] [NEW] Invalid Opcode when running samba-tool domain exportkeytab
Public bug reported: To reproduce this bug, carry out the following: Install a fresh Trust Tahr 14.04 AMD64 development build in a (KVM) virtual machine as a basic server. Install the samba (2:4.1.3+dfsg-2ubuntu3) and bind9 packages. Provision an Active Directory Domain with the following commands: rm /etc/samba/smb.conf samba-tool domain provision \ --realm=EXAMPLE.NET --domain=EXAMPLE --adminpass='p4$$word' --dns-backend=BIND9_DLZ \ --server-role=dc --function-level=2008_R2 --use-xattrs=yes --use-rfc2307 Add the following to /etc/bind/named.conf.options: tkey-gssapi-keytab /var/lib/samba/private/dns.keytab; Set the appropriate permissions on the Kerberos keytab used by BIND: chgrp bind /var/lib/samba/private/dns.keytab chmod g+r /var/lib/samba/private/dns.keytab Edit /etc/bind/named.conf.local and add: include /var/lib/samba/private/named.conf; Edit /etc/apparmor.d/local/usr.sbin.named and add the following: # Samba4 DLZ and Active Directory Zones /usr/lib/x86_64-linux-gnu/samba/** rm, /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm, /var/lib/samba/private/dns.keytab rk, /var/lib/samba/private/named.conf r, /var/lib/samba/private/dns/** rwk, /dev/urandom rw, /var/tmp/** rw, Restart apparmor and bind: service apparmor reload service bind9 restart Test the DNS entries: host -t SRV _ldap._tcp.example.net. host -t SRV _kerberos._udp.example.net. host -t A server.example.net. Configure and test Kerberos: cp /var/lib/samba/private/krb5.conf /etc/krb5.conf service samba-ad-dc start kinit administra...@example.net klist Test Samba dynamic DNS updates: samba_dnsupdate --verbose --all-names Add the following to /etc/ntp.conf: # Samba4 Secure Time Socket ntpsigndsocket /var/lib/samba/ntp_signd/ restrict default mssntp Create the NTP socket directory, assign permissions and restart NTP: chown root:ntp /var/lib/samba/ntp_signd chmod 750 /var/lib/samba/ntp_signd service ntp restart Extract and secure the Kerberos keytab for the DC: samba-tool domain exportkeytab /etc/krb5.dc.keytab --principal=server$ At this stage you receive Illegal instruction (core dumped). In syslog, the following is logged: kernel: [ 2982.725574] traps: samba-tool[2650] trap invalid opcode ip:7f7e26aad8de sp:7fff2fc67308 error:0 in libHDB_SAMBA4.so.0[7f7e26aac000+2000] No keytab file is generated. Adding a -d 10 option to the command produces the following debug output: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Processing section [netlogon] Processing section [sysvol] pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface br0 ip=192.168.115.2 bcast=192.168.115.255 netmask=255.255.255.0 added interface br0 ip=192.168.115.2 bcast=192.168.115.255 netmask=255.255.255.0 Illegal instruction (core dumped) ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in Ubuntu. https://bugs.launchpad.net/bugs/1290448 Title: Invalid Opcode when running samba-tool domain exportkeytab To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1290448/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1290448] [NEW] Invalid Opcode when running samba-tool domain exportkeytab
Public bug reported: To reproduce this bug, carry out the following: Install a fresh Trust Tahr 14.04 AMD64 development build in a (KVM) virtual machine as a basic server. Install the samba (2:4.1.3+dfsg-2ubuntu3) and bind9 packages. Provision an Active Directory Domain with the following commands: rm /etc/samba/smb.conf samba-tool domain provision \ --realm=EXAMPLE.NET --domain=EXAMPLE --adminpass='p4$$word' --dns-backend=BIND9_DLZ \ --server-role=dc --function-level=2008_R2 --use-xattrs=yes --use-rfc2307 Add the following to /etc/bind/named.conf.options: tkey-gssapi-keytab /var/lib/samba/private/dns.keytab; Set the appropriate permissions on the Kerberos keytab used by BIND: chgrp bind /var/lib/samba/private/dns.keytab chmod g+r /var/lib/samba/private/dns.keytab Edit /etc/bind/named.conf.local and add: include /var/lib/samba/private/named.conf; Edit /etc/apparmor.d/local/usr.sbin.named and add the following: # Samba4 DLZ and Active Directory Zones /usr/lib/x86_64-linux-gnu/samba/** rm, /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/** rm, /var/lib/samba/private/dns.keytab rk, /var/lib/samba/private/named.conf r, /var/lib/samba/private/dns/** rwk, /dev/urandom rw, /var/tmp/** rw, Restart apparmor and bind: service apparmor reload service bind9 restart Test the DNS entries: host -t SRV _ldap._tcp.example.net. host -t SRV _kerberos._udp.example.net. host -t A server.example.net. Configure and test Kerberos: cp /var/lib/samba/private/krb5.conf /etc/krb5.conf service samba-ad-dc start kinit administra...@example.net klist Test Samba dynamic DNS updates: samba_dnsupdate --verbose --all-names Add the following to /etc/ntp.conf: # Samba4 Secure Time Socket ntpsigndsocket /var/lib/samba/ntp_signd/ restrict default mssntp Create the NTP socket directory, assign permissions and restart NTP: chown root:ntp /var/lib/samba/ntp_signd chmod 750 /var/lib/samba/ntp_signd service ntp restart Extract and secure the Kerberos keytab for the DC: samba-tool domain exportkeytab /etc/krb5.dc.keytab --principal=server$ At this stage you receive Illegal instruction (core dumped). In syslog, the following is logged: kernel: [ 2982.725574] traps: samba-tool[2650] trap invalid opcode ip:7f7e26aad8de sp:7fff2fc67308 error:0 in libHDB_SAMBA4.so.0[7f7e26aac000+2000] No keytab file is generated. Adding a -d 10 option to the command produces the following debug output: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Processing section [netlogon] Processing section [sysvol] pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface br0 ip=192.168.115.2 bcast=192.168.115.255 netmask=255.255.255.0 added interface br0 ip=192.168.115.2 bcast=192.168.115.255 netmask=255.255.255.0 Illegal instruction (core dumped) ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1290448 Title: Invalid Opcode when running samba-tool domain exportkeytab To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1290448/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
