hagai yaffe
2007-Sep-07 12:07 UTC
[Samba] Winbind crash due to Kerberos broken implementation
Hello, I am working on RHEL 3 update 4. The Kerberos version that comes with the OS is 1.2.7. I have installed samba 3.0.14a and encountered multiple winbind crashes. I have done some debugging and found the cause, samba function "ads_cleanup_expired_creds" calls Kerberos function krb5_cc_remove_cred (if the ticket is expired), the Kerberos implementation holds a struct of function pointers and the function for removing a ticket from the cache is not initialized (NULL), therefore in this scenario the winbind will crash. I checked and seen that the relevant Kerberos function is implemented in the recent 1.5 release (I don?t know exactly when it was fixed) so I guess that upgrading will solve my problem. How ever it seems strange to me that the default Kerberos that comes with the OS does not work with samba (I must say that I am a little new to the Red Hat & samba world so I might be missing something). I have tried to look for recommendation regarding which Kerberos version should be used with each samba version and could not found any (obviously 3.0.14a & 1.2.7 is broken), can someone assist on directing me? Apart for the option of upgrade is there a way for me to avoid the ticket expiration? (It does not happen on all machines, only on a samba machine which is configured as a member of a domain with multiple domain controllers, I can also see in the winbind log that different domain controllers are often used for authentication, could this be the cause)? Any information on any of the issues would be great, TX, Hagai. -- View this message in context: http://www.nabble.com/Winbind-crash-due-to-Kerberos-broken-implementation-tf4400943.html#a12553966 Sent from the Samba - General mailing list archive at Nabble.com.
Turbo Fredriksson
2007-Sep-07 14:27 UTC
[Samba] Winbind crash due to Kerberos broken implementation
Quoting hagai yaffe <hagaiy@yahoo.com>:> obviously 3.0.14a & 1.2.7 is broken1.2.7 is so old, I'm amazed that it haven't self-destructed automatically already! I doubt you will find ANY software that works with this version. Upgrade. -- Why can't programmers tell the difference between halloween and christmas day? Because 25 DEC = 31 OCT.