Invalid Opcode when running samba-tool domain exportkeytab
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
To reproduce this bug, carry out the following:
Install a fresh Trust Tahr 14.04 AMD64 development build in a (KVM) virtual machine as a basic server.
Install the samba (2:4.1.
Provision an Active Directory Domain with the following commands:
rm /etc/samba/smb.conf
samba-tool domain provision \
--realm=
--server-
Add the following to /etc/bind/
tkey-gssapi-keytab "/var/lib/
Set the appropriate permissions on the Kerberos keytab used by BIND:
chgrp bind /var/lib/
chmod g+r /var/lib/
Edit /etc/bind/
include "/var/lib/
Edit /etc/apparmor.
# Samba4 DLZ and Active Directory Zones
/usr/lib/
/usr/lib/
/var/lib/
/var/lib/
/var/lib/
/dev/urandom rw,
/var/tmp/** rw,
Restart apparmor and bind:
service apparmor reload
service bind9 restart
Test the DNS entries:
host -t SRV _ldap._
host -t SRV _kerberos.
host -t A server.example.net.
Configure and test Kerberos:
cp /var/lib/
service samba-ad-dc start
kinit <email address hidden>
klist
Test Samba dynamic DNS updates:
samba_dnsupdate --verbose --all-names
Add the following to /etc/ntp.conf:
# Samba4 Secure Time Socket
ntpsigndsocket /var/lib/
restrict default mssntp
Create the NTP socket directory, assign permissions and restart NTP:
chown root:ntp /var/lib/
chmod 750 /var/lib/
service ntp restart
Extract and secure the Kerberos keytab for the DC:
samba-tool domain exportkeytab /etc/krb5.dc.keytab --principal=server$
At this stage you receive "Illegal instruction (core dumped)". In syslog, the following is logged:
kernel: [ 2982.725574] traps: samba-tool[2650] trap invalid opcode ip:7f7e26aad8de sp:7fff2fc67308 error:0 in libHDB_
No keytab file is generated. Adding a "-d 10" option to the command produces the following debug output:
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
params.
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface br0 ip=192.168.115.2 bcast=192.
added interface br0 ip=192.168.115.2 bcast=192.
Illegal instruction (core dumped)
I've just upgraded Samba to 2:4.1.5+dfsg-1 from the Debian Jessie repository. This also forced the following updates:
2014-03-10 17:13:00 upgrade python-samba:amd64 2:4.1.3+ dfsg-2ubuntu3 2:4.1.5+dfsg-1 modules: amd64 2:4.1.3+ dfsg-2ubuntu3 2:4.1.5+dfsg-1 dfsg-2ubuntu3 2:4.1.5+dfsg-1 bin:amd64 2:4.1.3+ dfsg-2ubuntu3 2:4.1.5+dfsg-1 dfsg-2ubuntu3 2:4.1.5+dfsg-1 dfsg-2ubuntu3 2:4.1.5+dfsg-1 modules: amd64 2:4.1.3+ dfsg-2ubuntu3 2:4.1.5+dfsg-1 dfsg-2ubuntu3 2:4.1.5+dfsg-1 dfsg-2ubuntu3 2:4.1.5+dfsg-1
2014-03-10 17:13:00 upgrade samba-dsdb-
2014-03-10 17:13:00 upgrade samba:amd64 2:4.1.3+
2014-03-10 17:13:01 upgrade samba-common-
2014-03-10 17:13:01 upgrade smbclient:amd64 2:4.1.3+
2014-03-10 17:13:01 upgrade samba-common:all 2:4.1.3+
2014-03-10 17:13:01 upgrade samba-vfs-
2014-03-10 17:13:01 upgrade libsmbclient:amd64 2:4.1.3+
2014-03-10 17:13:01 upgrade samba-libs:amd64 2:4.1.3+
Once complete the "samba-tool domain exportkeytab" command runs without error and produces the expected keytab file.