[Pkg-samba-maint] Bug#918432: Fwd: Bug#918432: samba: net ads join to armel arch Samba DC failed

Mathieu Parent math.parent at gmail.com
Fri Feb 8 20:19:25 GMT 2019 

I'm forwarding your mail to Debian BTS below:

---------- Forwarded message ---------
From: Tomasz Jeliński <tjelinski at gmail.com>
Date: lun. 28 janv. 2019 à 22:16
Subject: Re: [Pkg-samba-maint] Bug#918432: samba: net ads join to
armel arch Samba DC failed
To: Mathieu Parent <math.parent at gmail.com>


Hi Mathieu,

Sorry for the late response. I have busy week in work and I don't have
a lot of time to analyze problem and gathering debug info.

W dniu 18.01.2019 o 22:03, Mathieu Parent pisze:

Control: forwarded -1 https://bugzilla.samba.org/show_bug.cgi?id=13755

Hi Tomasz,

Please keep the bug CC-ed.

I'm tracking Samba bugzilla thread but I can't create account to CC
answer there. I can't register, there is no active option to create
new account. I'am sending to You in attachments tarball with config
files requested by Louis and additional debugging information.

Le mer. 9 janv. 2019 à 21:03, Tomasz Jeliński <tjelinski at gmail.com> a écrit :

W dniu 09.01.2019 o 04:56, Mathieu Parent pisze:

Le dim. 6 janv. 2019 à 01:12, Tomasz Jelinski <tjelinski at gmail.com> a écrit :

Package: samba
Version: 2:4.5.12+dfsg-2+deb9u4
Severity: normal

Dear Maintainer,

Hi,

Hi,

I can't connect workstation to samba DC configured on Orion platform
(armel arch) with installed  Debian Stretch (packages are fully
updated to newest avaliable versions).

Are you able to reproduce this from Debian testing (4.9.4)?

Today I upgraded samba to testing on device which trying to acts as
samba AD DC (QNAP TS-209 armel arch). I cleaned samba databases
(ldb,tdb) and performed DC provision from scratch. I acknowledge that
problem still exists and I can reproduce this on samba packages from
Debian testing repository (attachment - netadsjoin.log)

OK.

System Information  from QNAP TS-209 samba AD-DC:

Package: samba
Version: 3:4.9.4+dfsg-1

Debian Release: 10.6
  APT prefers testing
  APT policy: (561, 'testing'), (550, 'stable'), (510,
'stable-updates'), (500, 'stable')
Architecture: armel (armv6tel)

Kernel: Linux 4.9.0-8-marvell
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8),
LANGUAGE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba depends on:
ii  adduser           3.115
ii  dpkg              1.18.25
ii  libbsd0           0.8.3-1
ii  libc6             2.28-2
ii  libldb1           2:1.5.1+really1.4.3-1
ii  libpam-modules    1.1.8-3.6
ii  libpam-runtime    1.1.8-3.6
ii  libpopt0          1.16-10+b2
ii  libpython2.7      2.7.13-2+deb9u3
ii  libtalloc2        2.1.8-1
ii  libtdb1           1.3.16-2+b1
ii  libtevent0        0.9.37-1
ii  lsb-base          9.20161125
ii  procps            2:3.3.12-3+deb9u1
ii  python            2.7.13-2
ii  python-dnspython  1.15.0-1
ii  python-samba      2:4.9.4+dfsg-1
ii  python2.7         2.7.13-2+deb9u3
ii  samba-common      2:4.9.4+dfsg-1
ii  samba-common-bin  2:4.9.4+dfsg-1
ii  samba-libs        2:4.9.4+dfsg-1
ii  tdb-tools         1.3.11-2

Versions of packages samba recommends:
ii  attr                1:2.4.47-2+b2
ii  logrotate           3.11.0-0.1
ii  samba-dsdb-modules  2:4.9.4+dfsg-1
ii  samba-vfs-modules   2:4.9.4+dfsg-1

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
ii  ldb-tools      2:1.1.27-1+b1
ii  ntp            1:4.2.8p10+dfsg-3+deb9u2
pn  smbldap-tools  <none>
ii  ufw            0.35-4
ii  winbind        2:4.9.4+dfsg-1

-- no debconf information

Workstation has a samba stable version - 2:4.5.12+dfsg-2+deb9u4. I
suppose that problem is related to armel architecture because I can
perform 'net ads join' from my workstation to samba DC stable version
2:4.5.12+dfsg-2+deb9u4 , configured in the same way on amd64 arch
(tested on Debian Stretch VM in Virtualbox)

So, you have upgraded the server, but not the workstation. What if you
test with a testing/sid armel?

Workstation is samba amd64 arch (stable branch). Workstation samba
client (stable branch) connects without problem to samba AD-DC server
amd64 arch  (tested on stable and testing branches). The problem only
occurs when I'am trying to join to samba ad-dc server installed on
QNAP TS device (armel arch)  from my Workstation. I checked stable and
testing branch samba on QNAP TS device (armel arch) and notice the
same error message when I was trying to connect from samba stable
workstation.

Today I attempt to connect from samba testing amd64 arch client
(hostname DC2)  to AD-DC server. Error is the same but I have got
additional info:

"Starting GENSEC submechanism gse_krb5
gse_get_client_auth_token: Server principal not found
gensec_update_done: gse_krb5[0x560c3a869f90]: NT_STATUS_INVALID_PARAMETER
gensec_spnego_create_negTokenInit_step: gse_krb5: creating
NEG_TOKEN_INIT for ldap/dc1.ad.rowerowanorka.pl failed (next[(null)]):
NT_STATUS_INVALID_PARAMETER
gensec_update_done: spnego[0x560c3a864610]: NT_STATUS_INVALID_PARAMETER"

When I analyzing Wireshark dump I found something strange. Kerberos
"NT Status Error" is a part of string  "AD.ROWEROWANORKA.PL" what is
Kerberos REALM name.

I send to You all gathered samba debuging files in attachment. There
are net ads join logs  from stable and testing samba client (amd64),
wireshark dumps and screenshot with this strange packet in Wireshark
dump.

Regards

Regards

-- 

Tomasz Jeliński
-------------- next part --------------
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBFvVloIBCAC3wHGzOK726FHFIp8o874B6edIon4gUvQ4J/w8M5xtFlxduv39
l2ouLg7Y19NkMHmjQkTZBom0NAefI6+DgECHEJ2RjOAUgeRuearD/XXmjt8ndfnb
ROpP8ocvd/Omfm5kW6fQmzE+NXihNW+BbDSjENT/i+zw5FJCA1x2wpEB0ZukUNwV
8Kwx/pp0zSSP04Fvf+Zm5b1S0bA/ThAyWWYDjj7fpiPU+n16LDKbgjPZcj+GR3I8
IFJQg0qhOmxrKWku7OW9fWarNIyBSlbeSu4z8zKi0RwRg/CjFuVJna6bdsuRE6Gz
WUPzru88wwzacmg7Gmg4g6t8iVVa6KVY0oWHABEBAAG0JlRvbWFzeiBKZWxpxYRz
a2kgPHRqZWxpbnNraUBnbWFpbC5jb20+iQFUBBMBCAA+AhsDBQsJCAcCBhUICQoL
AgQWAgMBAh4BAheAFiEEZ3B6its9osvkqYSAkzsZdZ/92IsFAlvXBuUFCQHio+MA
CgkQkzsZdZ/92IvpXAf6Ar5WmR3m1v6NTE9YwY75Gjn2gszrMGXSkdi9H3agQuvP
3JEKIF2ffl8lLQH3/v60ZqLFEWMmRH9Uo/r7AnQcOAZl8Qo4ThxX6wTtqFh7g4ib
+syVMM7DLGKR+VoaWGsYr7RizlVbQiLv/Su+mxNjRtDuFnubhE+VDr4/ysUQJ2f6
BRbrfW2v105hDUQX8QwRklpFWYYiZT3pn1kmgj2839Js3HkQ45vAp9Pl8WKG8d54
7csCDDOq54gto2tBIyP/8P8BqS1nZMb0HM85+xJGrS35bxLvatN8pNj/aFs2DbEu
k3Jw5Nbo7KSAe0sVuYVy+RS5pR9cmmKaB/U1myfWookBVAQTAQgAPhYhBGdweorb
PaLL5KmEgJM7GXWf/diLBQJb1ZaDAhsDBQkB4TOABQsJCAcCBhUICQoLAgQWAgMB
Ah4BAheAAAoJEJM7GXWf/diLCgMH/jNGfPmr5/aNMkjhwfxNkBCylby0msYgDxKk
RIjnyWzZoqB+ypGVEJQTJWIMigXEsh/ZHiWjbedeLYRR44B8MJL5b2twk6ievRZz
wgn7h04hklY1Ju4ncMO3NZE1d6SOEjcUk9yKmdLWlUk2Y2EldTcvUczde8c9g3xi
q9LAtdO3GY1wsWdM6QnoLsrsVjvb61C2AyuwgEYh6ilyy8zO0uGypzgR8lo+reH7
0XqtSfrwFLGUeHaDNdtssu2+Eole98hIkTq8tEGEGQiKHqxyIc8MfbpVLWLKyQk7
ZyU7wx3NZZD4S2q8Yz2LvDaJGgylYh6b8LC59X9noW/nfBg8NF25AQ0EW9WWgwEI
ALyVmCIlwZKib3zGwHX8yMaYBhlHwXNUMcd8bmX37wbzfxJvNCgMMRg6niw0JJlu
EANEfbA+jDk2OYxvt+U2wk9I08tv6ysIvaua5Pj4ue8MLX4zmF1IbILLujjaJAp3
qD7u1RnGzcCOLWkP4tLi5EvFwQ8VqXTJVdfYYLu42454GQ5LsuvlOi/1/c/HYhR0
w8Drn0dmj1Ki7HSMIvqXkNzb3Kt2PGKrvalPKTxZqk7v8OdF7nQmn954kghtl3EU
43B5l0MZx13DZGpR9zTbeKnSqMJY8Ro8MIbx1arhgCLWiHRKzLMRZuDIgiv0Y/Iy
Ha06Tf2Ux3ePsuMeOf/YKb8AEQEAAYkBPAQYAQgAJgIbDBYhBGdweorbPaLL5KmE
gJM7GXWf/diLBQJb1wblBQkB4qPiAAoJEJM7GXWf/diLGksIAJZqxxFnBdzzBkrh
h2KrghU38SK6sCo5QqlcDcU2BGk82bexlAt8W/v64IbfXyb+44772ytrhdnH0e+M
Exp3fA/kTDOTkALtRA0qjeW+XJkwvPAamc/V5Uqy/WldO18i+4rQS1Wf6dQSkHa/
c74LBNoOZP9ME/QcUM9RrbdYbyDi0nntm06ktmGlZSXh1zgtrPJ+FecUKG/fJvrF
T7RfpUJJ1844BXQ7gXOO+cQ5JhGp44Bi0xo+vQtOIm+EGR24U9RBnLRdOFDPF3Mq
auui9UHLeh22rY2Io6NOynp+jhfA4aa7LGAyPXRS6CFavGexhfaQzvcRwlgN3Nyy
YmUitk0=
=O82Z
-----END PGP PUBLIC KEY BLOCK-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba_debug.tar.gz
Type: application/gzip
Size: 306435 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20190208/87c566ed/attachment-0001.gz>

More information about the Pkg-samba-maint mailing list