samba - Sep 2016 - Segmentation fault in samba_upgradedns - Samba 4.4.5

On 2 September 2016 at 14:51, Rowland Penny via samba <samba at
lists.samba.org
> wrote:
>
>
> As I said, I know very little about freebsd, but you should be aware
> that Samba only supports the last three major versions i.e. at the
> moment 4.2.X, 4.3.x and 4.4.x
> They are supported in three ways, the oldest version (now 4.2.x) only
> gets security fixes, the middle version (4.3.x) gets bug and
> security fixes, just not all that the current release (4.4.x) does.
>
> Minor releases are approx every six weeks and major approx every six
> months. The next major release is scheduled for this month, at which
> point 4.2.x will go EOL, 4.3.x will move to security fixes only and
> 4.4.x will move to Maintenance mode. It is explained here:
>
> https://wiki.samba.org/index.php/Samba_Release_Planning
>
> What this means is, approx 6 months from now, to set up an AD DC
> on freebsd, you will have to install an EOL version and then upgrade
> to a supported version.
>
> Rowland
>
Thanks for the info. This may be of concern to the Freebsd samba maintainer.

I've done some further debugging of the segfault I get when attempting to
change to the bind backend.

To confirm, I get the following:

[root at dc2 /usr/local/etc]# samba_upgradedns --dns-backend=BIND9_DLZ
Reading domain information
Segmentation fault (core dumped)

I've been carefully adding some debugging prints to the python code, and in
samba_upgradedns the segfault occurs in this function:

names = find_provision_key_parameters(ldbs.sam, ldbs.secrets, ldbs.idmap,
                                           paths, lp.configfile, lp)

In samba/provision/__init__.py the segfault occurs in this function, (which
I think is the first occurrence of ndr_unpack in the file):

names.invocation = str(ndr_unpack(misc.GUID,
res5[0]["invocationId"][0]))


Also as promised here is my named.conf. I have confimed that Bind is
working, but bind is not running when I run samba_upgradedns.
// named.conf
options {
        //auth-nxdomain yes;
        directory       "/usr/local/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        notify no;
        empty-zones-enable no;

        //listen-on       { 127.0.0.1; };

        allow-query {
            127.0.0.1;
            192.168.50.0/24;
        };

        allow-recursion {
            127.0.0.1;
            192.168.50.0/24;
        };

        // Google public DNS
        forwarders {
            8.8.8.8;
            8.8.4.4;
        };

};

// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file
"/usr/local/etc/namedb/named.root"; };

// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost"        { type master; file
"/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file
"/usr/local/etc/namedb/master/empty.db"; };

// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa"       { type master; file
"/usr/local/etc/namedb/master/localhost-reverse.db"; };


Many thanks,
C

On Fri, 2 Sep 2016 17:33:08 +0100
Cameron Murdoch via samba <samba at lists.samba.org> wrote:
> 
> Thanks for the info. This may be of concern to the Freebsd samba
> maintainer.
> 
> I've done some further debugging of the segfault I get when
> attempting to change to the bind backend.
> 
> To confirm, I get the following:
> 
> [root at dc2 /usr/local/etc]# samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> Segmentation fault (core dumped)
> 
> I've been carefully adding some debugging prints to the python code,
> and in samba_upgradedns the segfault occurs in this function:
> 
> names = find_provision_key_parameters(ldbs.sam, ldbs.secrets,
> ldbs.idmap, paths, lp.configfile, lp)
> 
> In samba/provision/__init__.py the segfault occurs in this function,
> (which I think is the first occurrence of ndr_unpack in the file):
> 
> names.invocation = str(ndr_unpack(misc.GUID,
> res5[0]["invocationId"][0]))
I will look into this. I have also asked the rest of the team for their
input.

> 
> 
> Also as promised here is my named.conf. I have confimed that Bind is
> working, but bind is not running when I run samba_upgradedns.
> // named.conf
> options {
>         //auth-nxdomain yes;
>         directory       "/usr/local/etc/namedb/working";
>         pid-file        "/var/run/named/pid";
>         dump-file       "/var/dump/named_dump.db";
>         statistics-file "/var/stats/named.stats";
>         notify no;
>         empty-zones-enable no;
> 
>         //listen-on       { 127.0.0.1; };
> 
>         allow-query {
>             127.0.0.1;
>             192.168.50.0/24;
>         };
> 
>         allow-recursion {
>             127.0.0.1;
>             192.168.50.0/24;
>         };
> 
>         // Google public DNS
>         forwarders {
>             8.8.8.8;
>             8.8.4.4;
>         };
> 
> };
> 
> // The traditional root hints mechanism. Use this, OR the slave zones
> below. zone "." { type hint; file
> "/usr/local/etc/namedb/named.root"; };
> 
> // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
> zone "localhost"        { type master; file
> "/usr/local/etc/namedb/master/localhost-forward.db"; };
> zone "127.in-addr.arpa" { type master; file
> "/usr/local/etc/namedb/master/localhost-reverse.db"; };
> zone "255.in-addr.arpa" { type master; file
> "/usr/local/etc/namedb/master/empty.db"; };
> 
> // RFC 1912-style zone for IPv6 localhost address (RFC 6303)
> zone "0.ip6.arpa"       { type master; file
> "/usr/local/etc/namedb/master/localhost-reverse.db"; };
> 
> 
> Many thanks,
> C
Nothing wrong with what is there, it is what is missing that will give
you problems if you try to start Bind with a Samba AD DC, see here:

https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD

Rowland