James B. Byrne
2020-Aug-24 15:17 UTC
[Samba] core dump from samba-tool when chnging user password
On Mon, August 24, 2020 13:51 +0000, Rowland penny wrote:> It isn't a PDC, that is something quite different ;-) >I know, but it is a lot shorter to write than the DC possessing the PDC FSMO role.> It is your first DC.Not really, I have been working with MS AD Domains since NT 3.51, or whatever it was called back then. This one just happens to be the one I am currently testing on. (I know, that is not what you meant, but you see how language sometimes communicates ideas other than what was intended.)> I am also beginning to think your problems are all self inflicted by > running your Samba instances in Freebsd jails. The problems you are > having around talloc are definitely not normal. Is there anyway you > could set up Samba without using jails ?Of course they are and of course I could. However, that would be administratively difficult. Keeping these sorts of applications in FreeBSD jails running on top of ZFS provides a secure segregation of responsibilities in a data environment where the entire application setup is trivially transported between hosts. It effectively provides what Docker and its kind are supposed to do in Linux. At the same time ZFS provides the benefit of frequent snapshots of the underlying data sets combined with the capability to send these between hosts. This makes for a fairly robust backup system without any additional software or setup, beyond the minimal requirements of suitable crontab entries. To obtain these sort of things from a Linux distro would require a considerable effort just to establish the infrastructure. Not to mention separate hardware, which needs to be twinned here and at our offsite location. And only then would I get to deal with Samba. Bhyve was tried as a VM hypervisor on FreeBSD; and while it worked well in 10.4 and 11.x, and still does support our actual MS AD-DC, changes to Bhyve and to ZFS resulted in a seriously unpleasant experience with vm lockups following the upgrade of the host to 12.0. These were ultimately resolved by moving every vm off Bhyve and into jails on other hosts. Samba is the last vm based application to be converted. It has been a bit of a tough go to get to where we are today with Samba on FreeBSD. Given that most of that difficulty can be traced back to profound ignorance on my part I prefer to have just one OS and one FS to concern myself with. At least then I have a halfway decent chance of staying somewhat current on both. What is left in the way of problems with Samba are, for me, corner cases. RSAT works fine and if I cannot use samba-tool to manage users then that is no great loss. On the other hand, the errors I report are likely solvable should someone with the ability to do so take note of them, so I am reporting this one. What I want to know is whether this should be reported as a bug or whether this problem has been solved in a more recent version of Samba. I am not prepared to move from 4.10.15 until after the complete transition from the existing domain and DC is complete. But, if it has been fixed then that would be useful to know. And, as always, I appreciate the help. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Rowland penny
2020-Aug-24 15:24 UTC
[Samba] core dump from samba-tool when chnging user password
On 24/08/2020 16:17, James B. Byrne wrote:> Not really, I have been working with MS AD Domains since NT 3.51, or whatever it > was called back then. This one just happens to be the one I am currently > testing on. (I know, that is not what you meant, but you see how language > sometimes communicates ideas other than what was intended.)You just proved why calling your DC a 'PDC' is a bad idea ;-)> >> I am also beginning to think your problems are all self inflicted by >> running your Samba instances in Freebsd jails. The problems you are >> having around talloc are definitely not normal. Is there anyway you >> could set up Samba without using jails ? > Of course they are and of course I could. However, that would be > administratively difficult. Keeping these sorts of applications in FreeBSD > jails running on top of ZFS provides a secure segregation of responsibilities > in a data environment where the entire application setup is trivially > transported between hosts. It effectively provides what Docker and its kind are > supposed to do in Linux.What I was trying to suggest was, if you set up Samba just as you are now, but without the jails, and everything worked, this would heavily point to your problems being something to do with the jails, something that has nothing to do with Samba. Conversely, if you do still have the same errors, it has nothing to do with jails. Rowland
James B. Byrne
2020-Aug-24 15:56 UTC
[Samba] core dump from samba-tool when chnging user password
On Mon, August 24, 2020 11:17, James B. Byrne wrote:> > On the other hand, the errors I report are likely solvable should someone with > the ability to do so take note of them, so I am reporting this one. What I > want to know is whether this should be reported as a bug or whether this > problem has been solved in a more recent version of Samba. I am not prepared > to move from 4.10.15 until after the complete transition from the existing > domain and DC is complete. But, if it has been fixed then that would be useful > to know. >As it turns out this is not the first report of this problem. It is evidently related to the talloc port in FreeBSD and may, or may not, have to do with jails. There are open bug reports respecting this on the FreeBSD bugzilla tracking system. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Andrew Walker
2020-Aug-24 16:48 UTC
[Samba] core dump from samba-tool when chnging user password
On Mon, Aug 24, 2020 at 11:57 AM James B. Byrne via samba < samba at lists.samba.org> wrote:> > > On Mon, August 24, 2020 11:17, James B. Byrne wrote: > > > > On the other hand, the errors I report are likely solvable should > someone with > > the ability to do so take note of them, so I am reporting this one. > What I > > want to know is whether this should be reported as a bug or whether this > > problem has been solved in a more recent version of Samba. I am not > prepared > > to move from 4.10.15 until after the complete transition from the > existing > > domain and DC is complete. But, if it has been fixed then that would be > useful > > to know. > > > > As it turns out this is not the first report of this problem. It is > evidently > related to the talloc port in FreeBSD and may, or may not, have to do with > jails. There are open bug reports respecting this on the FreeBSD bugzilla > tracking system. > >Out of curiosity, can you provide a link to one of the FreeBSD bug reports? I believe the talloc port in FreeBSD uses arc4random() during talloc_init() to calculate magic.
Andrea Venturoli
2020-Aug-24 17:20 UTC
[Samba] core dump from samba-tool when chnging user password
On 2020-08-24 17:56, James B. Byrne via samba wrote:> may, or may not, have to do with jails.I'm running several setups similar to yours: FreeBSD 11.3 or 12.1, all amd64, all Samba 4.10, all in jails. It works for me, so running in a jail is not enough, by itself, to reproduce this problem. Also, in a jail networking might show differences, IPC does, permissions maybe, filesystem for sure, but talloc... I find it hard to believe it could work differently from how it does in base.
Maybe Matching Threads
- core dump from samba-tool when chnging user password
- core dump from samba-tool when chnging user password
- core dump from samba-tool when chnging user password
- core dump from samba-tool when chnging user password
- core dump from samba-tool when chnging user password