samba - Nov 2004 - Kerberos authentication sigsegvs

Hi
I'm having major problems setting up Samba 3.0.9 with kerberos
authentication. I have also tried with 3.0.8(from Debian SID) with same
result.
smb.conf[1] has 'security = ads' , and 'use kerberos keytab =
yes'.
I have set up pam_krb5 and I get TGTs that works with my ssh
servers. 
But, when I try to authenticate using smbclient -k -L server I
get:
"session setup failed: Call returned zero bytes (EOF)".

Running smbd -i -d 10 ends up in this backtrace:

name_to_fqdn: lookup for DAISY -> daisy.
krb5_rd_req succeeded for principal daisy$@LOCALDOMAIN
secrets_named_mutex: released mutex for replay cache mutex
Got KRB5 session key of length 16
==============================================================INTERNAL ERROR:
Signal 11 in pid 4077 (3.0.9-Debian)
	Please read the appendix Bugs of the Samba HOWTO collection
	==============================================================	PANIC: internal
error
	BACKTRACE: 15 stack frames:
	 #0 ./smbd(smb_panic2+0x111) [0x81d3c51]
	 #1 ./smbd(smb_panic+0x1a) [0x81d3b3a]
	 #2 ./smbd [0x81c12d8]
	 #3 [0xffffe420]
	 #4 ./smbd(ads_verify_ticket+0x5e5) [0x823ca25]
	 #5 ./smbd [0x80abfe6]
	 #6 ./smbd [0x80accbf]
	 #7 ./smbd [0x80ad16b]
	 #8 ./smbd(reply_sesssetup_and_X+0xe6b) [0x80ae11b]
	 #9 ./smbd [0x80d0526]
	 #10 ./smbd [0x80d07b0]
	 #11 ./smbd(process_smb+0x8c) [0x80d09bc]
	 #12 ./smbd(smbd_process+0x168) [0x80d16f8]
	 #13 ./smbd(main+0x4ea) [0x8246e5a]
	 #14 /lib/tls/libc.so.6(__libc_start_main+0x108) [0xb7d4c7f8]

GDB is maybee more precise? Here's a backtrace from the coredump, in
case you need

#51 0xb7ff5a16 in _dl_map_object_deps () from /lib/ld-linux.so.2
#52 0x081d3b3a in smb_panic (why=0x82a173d "internal error") at
lib/util.c:1353
#53 0x081c12d8 in fault_report (sig=11) at lib/fault.c:41
#54 <signal handler called>
#55 0x080e3c57 in get_auth_data_from_tkt (auth_data=0xbfffea90, tkt=0x8387ba0)
at libsmb/clikrb5.c:188
#56 0x0823ca25 in ads_verify_ticket (realm=0x835acc0 "LOCALDOMAIN",
ticket=0xbfffeba0, principal=0xbfffdce4, auth_data=0xbfffea90,
ap_rep=0xbfffea80,
    session_key=0xbfffea50) at libads/kerberos_verify.c:335
#57 0x080abfe6 in reply_spnego_kerberos (conn=0x0, inbuf=0xb7aa6008
"", outbuf=0xb7a85008 "", length=604, bufsize=131072,
secblob=0xbfffec20) at smbd/sesssetup.c:168
#58 0x080accbf in reply_spnego_negotiate (conn=0x0, inbuf=0xb7aa6008
"", outbuf=0xb7a85008 "", length=604, bufsize=131072, blob1 
{data = 0x8385d98
"`\202\002\003\006\006+\006\001\005\005\002?\202\001?0\202\001??\0310\027\006\t*\206H\202?\022\001\002\002\006\n+\006\001\004\001\2027\002\002\n?\202\001?\004\202\001?`\202\001?\006\t*\206H\206?\022\001\002\002\001",
length = 519, free = 0x81d13b0 <free_data_blob>}) at smbd/sesssetup.c:451
#59 0x080ad16b in reply_sesssetup_and_X_spnego (conn=0x0, inbuf=0xb7aa6008
"", outbuf=0xb7a85008 "", length=604, bufsize=131072) at
smbd/sesssetup.c:580
#60 0x080ae11b in reply_sesssetup_and_X (conn=0x0, inbuf=0xb7aa6008
"", outbuf=0xb7a85008 "", length=604, bufsize=131072) at
smbd/sesssetup.c:669
#61 0x080d0526 in switch_message (type=115, inbuf=0xb7aa6008 "",
outbuf=0xb7a85008 "", size=604, bufsize=131072) at smbd/process.c:969
#62 0x080d07b0 in construct_reply (inbuf=0xb7aa6008 "",
outbuf=0xb7a85008 "", size=604, bufsize=131072) at smbd/process.c:999
#63 0x080d09bc in process_smb (inbuf=0xb7aa6008 "", outbuf=0xb7a85008
"") at smbd/process.c:1099
#64 0x080d16f8 in smbd_process () at smbd/process.c:1561
#65 0x08246e5a in main (argc=4, argv=0xbffffdb4) at smbd/server.c:910


I have created an entry in /etc/krb5.keytab[2] with kadmin; 'ktadd
daisy$'.
`ktlist -k -e` shows "daisy$@LOCALDOMAIN (ArcFour with HMAC/md5)" 
and some more, but if I'm right Samba/Windows use arc4:hhmac encryption?
After spending saturday, sunday and monday looking around the net for an answer
I turn to you guys, I feel pretty lost :)
Running samba 3.1 may give a bit more exact pinpoint. It doesn't sigsegvs,
but says:
ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Decrypt
integrity check failed
This is all I have, any answer would do :) Much better to know "this
doesn't work", than not knowing anything at all !

B?rd
[1] http://files.inett.biz/samba/smb.conf
[2] http://files.inett.biz/samba/krb5.conf

On Tue, Nov 30, 2004 at 07:04:06PM +0100, B?rd Kalbakk
wrote:
> Hi
> I'm having major problems setting up Samba 3.0.9 with kerberos
> authentication. I have also tried with 3.0.8(from Debian SID) with same
> result.
> smb.conf[1] has 'security = ads' , and 'use kerberos keytab =
yes'.
> I have set up pam_krb5 and I get TGTs that works with my ssh
> servers. 
> But, when I try to authenticate using smbclient -k -L server I
> get:
> "session setup failed: Call returned zero bytes (EOF)".
> 
> Running smbd -i -d 10 ends up in this backtrace:
> 
> GDB is maybee more precise? Here's a backtrace from the coredump, in
> case you need
> 
> #51 0xb7ff5a16 in _dl_map_object_deps () from /lib/ld-linux.so.2
> #52 0x081d3b3a in smb_panic (why=0x82a173d "internal error") at
lib/util.c:1353
> #53 0x081c12d8 in fault_report (sig=11) at lib/fault.c:41
> #54 <signal handler called>
> #55 0x080e3c57 in get_auth_data_from_tkt (auth_data=0xbfffea90,
tkt=0x8387ba0) at libsmb/clikrb5.c:188
Indeed - this is *very* useful ! :-).

Try this patch please.

Jeremy.
-------------- next part --------------
Index: libsmb/clikrb5.c
==================================================================---
libsmb/clikrb5.c	(revision 4019)
+++ libsmb/clikrb5.c	(working copy)
@@ -184,7 +184,7 @@
  void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt)
 {
 #if defined(HAVE_KRB5_TKT_ENC_PART2)
-	if (tkt->enc_part2)
+	if (tkt->enc_part2 && tkt->enc_part2->authorization_data
&& tkt->enc_part2->authorization_data[0] &&
tkt->enc_part2->authorization_data[0]->length)
 		*auth_data =
data_blob(tkt->enc_part2->authorization_data[0]->contents,
 			tkt->enc_part2->authorization_data[0]->length);
 #else