[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] samba-tool SIGSEGV
From:       Tom Robinson via samba <samba () lists ! samba ! org>
Date:       2017-06-29 6:39:38
Message-ID: 734be9d3-220b-eb36-8b99-fe7832c6143c () motec ! com ! au
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

[Attachment #4 (multipart/mixed)]


Since gdb shows some problem at:

355     FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)

I searched the internet and eventually found this thread:

https://lists.samba.org/archive/samba/2013-January/170797.html

"The solution there is to use the IP address instead of the DNS name"

So, in my PDC smb.conf (the one I'm migrating FROM), I substituted:

passdb backend = ldapsam:"ldaps://ldap.motec.com.au"
ldap ssl = off

FOR

passdb backend = ldapsam:"ldap://192.168.0.3"
ldap ssl = start tls

And the classicupgrade succeeded!

Perhaps ldapsam:"ldaps://192.168.0.3" could have also worked but I didn't get to test \
it.

I suspect that there is something not quite right with the samba-tool classicupgrade \
handling of the ldaps:// URL. This looks like a long standing issue.

Kind regards,
Tom

Tom Robinson
IT Manager/System Administrator

MoTeC Pty Ltd

121 Merrindale Drive
Croydon South
3136 Victoria
Australia

T: +61 3 9761 5050
F: +61 3 9761 5051   
E: tom.robinson@motec.com.au

On 29/06/17 13:51, Tom Robinson via samba wrote:
> Hi,
> 
> Not sure if I should post in samba-technical or just samba list. Please advise.
> 
> Back in February I was trying to do a samba-tool classicupgrade but kept getting \
> SIGSEGV: 
> https://lists.samba.org/archive/samba/2017-February/206409.html
> 
> I didn't progress much after that.
> 
> This week I've compiled samba-4.6.5 and installed that. Following the HOW-TO for \
> classic upgrade (https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) \
> ), I've tried again but I'm still getting SIGSEGV.
> 
> # cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)
> 
> # samba-tool --version
> 4.6.5
> 
> # gdb --args python /usr/bin/samba-tool domain classicupgrade \
>                 --dbdir=/var/lib/samba/bentley
> --realm=mrc.motec.com.au --dns-backend=BIND9_DLZ /etc/samba/smb.bentley.conf
> 
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/python2.7...Reading symbols from
> /usr/lib/debug/usr/bin/python2.7.debug...done.
> done.
> (gdb) run
> Starting program: /usr/bin/python /usr/bin/samba-tool domain classicupgrade
> --dbdir=/var/lib/samba/bentley --realm=mrc.motec.com.au --dns-backend=BIND9_DLZ
> /etc/samba/smb.bentley.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Detaching after fork from child process 8647.
> Detaching after fork from child process 8649.
> Reading smb.conf
> Unknown parameter encountered: "share modes"
> Ignoring unknown parameter "share modes"
> Provisioning
> Attempting to register passdb backend samba_dsdb
> Successfully added passdb backend 'samba_dsdb'
> Attempting to register passdb backend samba4
> Successfully added passdb backend 'samba4'
> Attempting to find a passdb backend to match ldapsam:"ldaps://ldap.motec.com.au" \
> (ldapsam) No builtin backend found, trying to load plugin
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend IPA_ldapsam
> Successfully added passdb backend 'IPA_ldapsam'
> Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> ldapsam_getsampwnam: Unable to locate user [CROFT$] count=0
> Exporting account policy
> Detaching after fork from child process 8651.
> Exporting groups
> ldapsam_setsamgrent: 38 entries in the base!
> init_group_from_ldap: Entry found for group: gid1
> ---8<---*snip*---8<---
> init_group_from_ldap: Entry found for group: lastgid
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to \
> enumerate members for alias, (-1073741487,The specified local group does not \
>                 exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable \
> to enumerate members for alias, (-1073741487,The specified local group does not \
>                 exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: Unable to \
> enumerate members for alias, (-1073741487,The specified local group does not \
>                 exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to \
> enumerate members for alias, (-1073741487,The specified local group does not \
>                 exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to \
> enumerate members for alias, (-1073741487,The specified local group does not \
> exist.) Exporting users
> Skipping wellknown rid=500 (for username=root)
> init_sam_from_ldap: Entry found for user: nobody
> Attempting to find a passdb backend to match ldapsam:"ldaps://ldap.motec.com.au" \
> (ldapsam) Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> Opening cache file at /var/lib/samba/login_cache.tdb
> init_sam_from_ldap: Entry found for user: user1
> ---8<---*snip*---8<---
> init_sam_from_ldap: Entry found for user: lastuser
> Next rid = 13001
> 
> Program received signal SIGSEGV, Segmentation fault.
> lpcfg_tls_verify_peer (lp_ctx=0x0) at default/lib/param/param_functions.c:355
> 355     FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)
> (gdb)
> 
> Any help appreciated.
> 
> Kind regards,
> Tom
> 
> 
> 


["signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[prev in list] [next in list] [prev in thread] [next in thread]