samba - Oct 2021 - Samba 4.15 AD installation crashed and burned

Context: I'm installing Samba 4.15 using the http://apt.van-belle.nl/ 
PPA on Ubuntu 20.04. One detail I hope is irrelevant is that Ubuntu is 
running in an LXD 4.19 container.  The container is connected to a 
system bridge and for all intents and purposes looks like a bare metal 
installation attached directly to my network

Command:

  # samba-tool domain provision --use-rfc2307 --interactive

All responses were default save for forwarding DNS, for which I gave the 
IP address of my own DNS server. Then this happened -- any thoughts? I'm 
guessing there's some resource limit which needs to be increased.  Also 
why is it repacking anything? This is a clean install on a pristine copy 
of Ubuntu 20.04 container image.  The only additional packages I 
installed save those needed for Samba are openssh-server and gpg.

...
Repacking database from v1 to v2 format (first record 
CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=ea,DC=linuxcs,DC=com)
Security context active token stack underflow!
==============================================================INTERNAL ERROR:
Security context active token stack underflow! in pid
6324 (4.15.0-Debian)
If you are running a recent Samba version, and if you think this problem 
is not yet fixed in the latest versions, please consider reporting this 
bug, see https://wiki.samba.org/index.php/Bug_Reporting
==============================================================PANIC (pid 6324):
Security context active token stack underflow! in
4.15.0-Debian
BACKTRACE: 58 stack frames:
  #0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x34) 
[0x7f91abd6c9c4]
  #1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0xd) 
[0x7f91abd6cc1d]
  #2 
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(sec_ctx_active_token+0x78) 
[0x7f91a7697178]
  #3 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(try_chown+0xb1) 
[0x7f91a76a3921]
  #4 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(set_nt_acl+0x1b1) 
[0x7f91a76a3ba1]
  #5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x91ac1) 
[0x7f91a75ddac1]
  #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x231111) 
[0x7f91a777d111]
  #7 
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(fset_nt_acl_common+0x2b7) 
[0x7f91a777f367]
  #8 /usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so(+0x14fc) 
[0x7f91a46be4fc]
  #9 
/usr/lib/python3/dist-packages/samba/samba3/smbd.cpython-38-x86_64-linux-gnu.so(+0x477a)
[0x7f91a78b277a]
  #10 /usr/bin/python3(PyCFunction_Call+0x59) [0x5f5db9]
  #11 /usr/bin/python3(_PyObject_MakeTpCall+0x29e) [0x5f698e]
  #12 /usr/bin/python3(_PyEval_EvalFrameDefault+0x629c) [0x57195c]
  #13 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #14 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #15 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
  #16 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #17 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #18 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
  #19 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #20 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #21 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
  #22 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #23 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #24 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
  #25 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #26 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #27 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
  #28 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #29 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #30 /usr/bin/python3() [0x50b291]
  #31 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
  #32 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
  #33 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #34 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #35 /usr/bin/python3() [0x50ad7c]
  #36 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
  #37 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
  #38 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #39 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #40 /usr/bin/python3() [0x50ad7c]
  #41 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
  #42 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
  #43 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #44 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
  #45 /usr/bin/python3() [0x50b291]
  #46 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
  #47 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
  #48 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
  #49 /usr/bin/python3(PyEval_EvalCode+0x27) [0x68d5b7]
  #50 /usr/bin/python3() [0x67cd01]
  #51 /usr/bin/python3() [0x67cd7f]
  #52 /usr/bin/python3() [0x67ce21]
  #53 /usr/bin/python3(PyRun_SimpleFileExFlags+0x197) [0x67ef47]
  #54 /usr/bin/python3(Py_RunMain+0x212) [0x6b7242]
  #55 /usr/bin/python3(Py_BytesMain+0x2d) [0x6b75cd]
  #56 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) 
[0x7f91acd5c0b3]
  #57 /usr/bin/python3(_start+0x2e) [0x5fb18e]
Can not dump core: corepath not set up

Follow up:

I just realized I forgot to disable the smbd, nmdb, and winbind services 
before attempting this.  Too used to Arch linux, where nothing is done 
for you automatically.  Will try again to see if this resolves the issue.

On 10/21/21 14:24, Patrick Goetz via samba wrote:
> 
> Context: I'm installing Samba 4.15 using the http://apt.van-belle.nl/ 
> PPA on Ubuntu 20.04. One detail I hope is irrelevant is that Ubuntu is 
> running in an LXD 4.19 container.? The container is connected to a 
> system bridge and for all intents and purposes looks like a bare metal 
> installation attached directly to my network
> 
> Command:
> 
>  ?# samba-tool domain provision --use-rfc2307 --interactive
> 
> All responses were default save for forwarding DNS, for which I gave the 
> IP address of my own DNS server. Then this happened -- any thoughts?
I'm
> guessing there's some resource limit which needs to be increased.? Also
> why is it repacking anything? This is a clean install on a pristine copy 
> of Ubuntu 20.04 container image.? The only additional packages I 
> installed save those needed for Samba are openssh-server and gpg.
> 
> ...
> Repacking database from v1 to v2 format (first record 
>
CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=ea,DC=linuxcs,DC=com)
> 
> Security context active token stack underflow!
> ==============================================================> INTERNAL
ERROR: Security context active token stack underflow! in pid
> 6324 (4.15.0-Debian)
> If you are running a recent Samba version, and if you think this problem 
> is not yet fixed in the latest versions, please consider reporting this 
> bug, see https://wiki.samba.org/index.php/Bug_Reporting
> ==============================================================> PANIC
(pid 6324): Security context active token stack underflow! in
> 4.15.0-Debian
> BACKTRACE: 58 stack frames:
>  ?#0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x34) 
> [0x7f91abd6c9c4]
>  ?#1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0xd) 
> [0x7f91abd6cc1d]
>  ?#2 
>
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(sec_ctx_active_token+0x78)
> [0x7f91a7697178]
>  ?#3 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(try_chown+0xb1) 
> [0x7f91a76a3921]
>  ?#4 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(set_nt_acl+0x1b1) 
> [0x7f91a76a3ba1]
>  ?#5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x91ac1) 
> [0x7f91a75ddac1]
>  ?#6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x231111) 
> [0x7f91a777d111]
>  ?#7 
> /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(fset_nt_acl_common+0x2b7)
> [0x7f91a777f367]
>  ?#8 /usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so(+0x14fc) 
> [0x7f91a46be4fc]
>  ?#9 
>
/usr/lib/python3/dist-packages/samba/samba3/smbd.cpython-38-x86_64-linux-gnu.so(+0x477a)
> [0x7f91a78b277a]
>  ?#10 /usr/bin/python3(PyCFunction_Call+0x59) [0x5f5db9]
>  ?#11 /usr/bin/python3(_PyObject_MakeTpCall+0x29e) [0x5f698e]
>  ?#12 /usr/bin/python3(_PyEval_EvalFrameDefault+0x629c) [0x57195c]
>  ?#13 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#14 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#15 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
>  ?#16 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#17 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#18 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
>  ?#19 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#20 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#21 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
>  ?#22 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#23 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#24 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
>  ?#25 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#26 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#27 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
>  ?#28 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#29 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#30 /usr/bin/python3() [0x50b291]
>  ?#31 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
>  ?#32 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
>  ?#33 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#34 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#35 /usr/bin/python3() [0x50ad7c]
>  ?#36 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
>  ?#37 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
>  ?#38 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#39 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#40 /usr/bin/python3() [0x50ad7c]
>  ?#41 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
>  ?#42 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
>  ?#43 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#44 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
>  ?#45 /usr/bin/python3() [0x50b291]
>  ?#46 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
>  ?#47 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
>  ?#48 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
>  ?#49 /usr/bin/python3(PyEval_EvalCode+0x27) [0x68d5b7]
>  ?#50 /usr/bin/python3() [0x67cd01]
>  ?#51 /usr/bin/python3() [0x67cd7f]
>  ?#52 /usr/bin/python3() [0x67ce21]
>  ?#53 /usr/bin/python3(PyRun_SimpleFileExFlags+0x197) [0x67ef47]
>  ?#54 /usr/bin/python3(Py_RunMain+0x212) [0x6b7242]
>  ?#55 /usr/bin/python3(Py_BytesMain+0x2d) [0x6b75cd]
>  ?#56 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) 
> [0x7f91acd5c0b3]
>  ?#57 /usr/bin/python3(_start+0x2e) [0x5fb18e]
> Can not dump core: corepath not set up
>

We?ve been running Samba AD in LXD containers since about v 4.11.x or 4.12.x. It
works seamlessly, but they do need to be privileged containers in our setup. We
haven?t upgraded or tested 4.15.x yet.

G
> On Oct 21, 2021, at 12:24 PM, Patrick Goetz via samba <samba at
lists.samba.org> wrote:
> 
> 
> Context: I'm installing Samba 4.15 using the http://apt.van-belle.nl/
PPA on Ubuntu 20.04. One detail I hope is irrelevant is that Ubuntu is running
in an LXD 4.19 container.  The container is connected to a system bridge and for
all intents and purposes looks like a bare metal installation attached directly
to my network
> 
> Command:
> 
> # samba-tool domain provision --use-rfc2307 --interactive
> 
> All responses were default save for forwarding DNS, for which I gave the IP
address of my own DNS server. Then this happened -- any thoughts? I'm
guessing there's some resource limit which needs to be increased.  Also why
is it repacking anything? This is a clean install on a pristine copy of Ubuntu
20.04 container image.  The only additional packages I installed save those
needed for Samba are openssh-server and gpg.
> 
> ...
> Repacking database from v1 to v2 format (first record
CN=6bcd5678-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=ea,DC=linuxcs,DC=com)
> Security context active token stack underflow!
> ==============================================================> INTERNAL
ERROR: Security context active token stack underflow! in pid 6324
(4.15.0-Debian)
> If you are running a recent Samba version, and if you think this problem is
not yet fixed in the latest versions, please consider reporting this bug, see
https://wiki.samba.org/index.php/Bug_Reporting
> ==============================================================> PANIC
(pid 6324): Security context active token stack underflow! in 4.15.0-Debian
> BACKTRACE: 58 stack frames:
> #0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x34)
[0x7f91abd6c9c4]
> #1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0xd) [0x7f91abd6cc1d]
> #2
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(sec_ctx_active_token+0x78)
[0x7f91a7697178]
> #3 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(try_chown+0xb1)
[0x7f91a76a3921]
> #4 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(set_nt_acl+0x1b1)
[0x7f91a76a3ba1]
> #5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x91ac1)
[0x7f91a75ddac1]
> #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x231111)
[0x7f91a777d111]
> #7
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(fset_nt_acl_common+0x2b7)
[0x7f91a777f367]
> #8 /usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so(+0x14fc)
[0x7f91a46be4fc]
> #9
/usr/lib/python3/dist-packages/samba/samba3/smbd.cpython-38-x86_64-linux-gnu.so(+0x477a)
[0x7f91a78b277a]
> #10 /usr/bin/python3(PyCFunction_Call+0x59) [0x5f5db9]
> #11 /usr/bin/python3(_PyObject_MakeTpCall+0x29e) [0x5f698e]
> #12 /usr/bin/python3(_PyEval_EvalFrameDefault+0x629c) [0x57195c]
> #13 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #14 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #15 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
> #16 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #17 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #18 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
> #19 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #20 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #21 /usr/bin/python3(_PyEval_EvalFrameDefault+0x71d) [0x56bddd]
> #22 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #23 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #24 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
> #25 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #26 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #27 /usr/bin/python3(_PyEval_EvalFrameDefault+0x186a) [0x56cf2a]
> #28 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #29 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #30 /usr/bin/python3() [0x50b291]
> #31 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
> #32 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
> #33 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #34 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #35 /usr/bin/python3() [0x50ad7c]
> #36 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
> #37 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
> #38 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #39 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #40 /usr/bin/python3() [0x50ad7c]
> #41 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
> #42 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
> #43 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #44 /usr/bin/python3(_PyFunction_Vectorcall+0x393) [0x5f6343]
> #45 /usr/bin/python3() [0x50b291]
> #46 /usr/bin/python3(PyObject_Call+0x1f7) [0x5f56c7]
> #47 /usr/bin/python3(_PyEval_EvalFrameDefault+0x1f36) [0x56d5f6]
> #48 /usr/bin/python3(_PyEval_EvalCodeWithName+0x26a) [0x56a0ba]
> #49 /usr/bin/python3(PyEval_EvalCode+0x27) [0x68d5b7]
> #50 /usr/bin/python3() [0x67cd01]
> #51 /usr/bin/python3() [0x67cd7f]
> #52 /usr/bin/python3() [0x67ce21]
> #53 /usr/bin/python3(PyRun_SimpleFileExFlags+0x197) [0x67ef47]
> #54 /usr/bin/python3(Py_RunMain+0x212) [0x6b7242]
> #55 /usr/bin/python3(Py_BytesMain+0x2d) [0x6b75cd]
> #56 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3)
[0x7f91acd5c0b3]
> #57 /usr/bin/python3(_start+0x2e) [0x5fb18e]
> Can not dump core: corepath not set up
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba