Web lists-archives.com

Re: [Samba] samba-tool SIGSEGV




Since gdb shows some problem at:

355     FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)

I searched the internet and eventually found this thread:

https://lists.samba.org/archive/samba/2013-January/170797.html

"The solution there is to use the IP address instead of the DNS name"

So, in my PDC smb.conf (the one I'm migrating FROM), I substituted:

passdb backend = ldapsam:"ldaps://ldap.motec.com.au"
ldap ssl = off

FOR

passdb backend = ldapsam:"ldap://192.168.0.3";
ldap ssl = start tls

And the classicupgrade succeeded!

Perhaps ldapsam:"ldaps://192.168.0.3" could have also worked but I didn't get to test it.

I suspect that there is something not quite right with the samba-tool classicupgrade handling of the ldaps:// URL. This looks like a long standing issue.

Kind regards,
Tom

Tom Robinson
IT Manager/System Administrator

MoTeC Pty Ltd

121 Merrindale Drive
Croydon South
3136 Victoria
Australia

T: +61 3 9761 5050
F: +61 3 9761 5051   
E: tom.robinson@xxxxxxxxxxxx

On 29/06/17 13:51, Tom Robinson via samba wrote:
> Hi,
>
> Not sure if I should post in samba-technical or just samba list. Please advise.
>
> Back in February I was trying to do a samba-tool classicupgrade but kept getting SIGSEGV:
>
> https://lists.samba.org/archive/samba/2017-February/206409.html
>
> I didn't progress much after that.
>
> This week I've compiled samba-4.6.5 and installed that. Following the HOW-TO for classic upgrade
> (https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) ), I've
> tried again but I'm still getting SIGSEGV.
>
> # cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)
>
> # samba-tool --version
> 4.6.5
>
> # gdb --args python /usr/bin/samba-tool domain classicupgrade --dbdir=/var/lib/samba/bentley
> --realm=mrc.motec.com.au --dns-backend=BIND9_DLZ /etc/samba/smb.bentley.conf
>
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/python2.7...Reading symbols from
> /usr/lib/debug/usr/bin/python2.7.debug...done.
> done.
> (gdb) run
> Starting program: /usr/bin/python /usr/bin/samba-tool domain classicupgrade
> --dbdir=/var/lib/samba/bentley --realm=mrc.motec.com.au --dns-backend=BIND9_DLZ
> /etc/samba/smb.bentley.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Detaching after fork from child process 8647.
> Detaching after fork from child process 8649.
> Reading smb.conf
> Unknown parameter encountered: "share modes"
> Ignoring unknown parameter "share modes"
> Provisioning
> Attempting to register passdb backend samba_dsdb
> Successfully added passdb backend 'samba_dsdb'
> Attempting to register passdb backend samba4
> Successfully added passdb backend 'samba4'
> Attempting to find a passdb backend to match ldapsam:"ldaps://ldap.motec.com.au" (ldapsam)
> No builtin backend found, trying to load plugin
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend IPA_ldapsam
> Successfully added passdb backend 'IPA_ldapsam'
> Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> ldapsam_getsampwnam: Unable to locate user [CROFT$] count=0
> Exporting account policy
> Detaching after fork from child process 8651.
> Exporting groups
> ldapsam_setsamgrent: 38 entries in the base!
> init_group_from_ldap: Entry found for group: gid1
> ---8<---*snip*---8<---
> init_group_from_ldap: Entry found for group: lastgid
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to enumerate members
> for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable to enumerate
> members for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: Unable to enumerate members
> for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to enumerate
> members for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to enumerate members for
> alias, (-1073741487,The specified local group does not exist.)
> Exporting users
>   Skipping wellknown rid=500 (for username=root)
> init_sam_from_ldap: Entry found for user: nobody
> Attempting to find a passdb backend to match ldapsam:"ldaps://ldap.motec.com.au" (ldapsam)
> Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> Opening cache file at /var/lib/samba/login_cache.tdb
> init_sam_from_ldap: Entry found for user: user1
> ---8<---*snip*---8<---
> init_sam_from_ldap: Entry found for user: lastuser
> Next rid = 13001
>
> Program received signal SIGSEGV, Segmentation fault.
> lpcfg_tls_verify_peer (lp_ctx=0x0) at default/lib/param/param_functions.c:355
> 355     FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)
> (gdb)
>
> Any help appreciated.
>
> Kind regards,
> Tom
>
>
>

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba