samba - Nov 2020 - Signal 11 on domain join (Debian 10 Samba 4.9.5+dfsg-5+deb10u1)

I wanted to do a little playtesting with Samba as a domain controller.
I spun up a Debian 10 box, installed Samba (package 4.9.5+dfsg-5+deb10u1) ,
and attempted to join it to the domain.  It crashed horribly. ;)

Unfortunately their domain ends in ".local".  There's nothing I
can do
about it at the moment.  But I do remove multicast DNS from nsswitch to
prevent it from attempting to resolve instead of a "real" DNS server.

root at usseaodnas01:~# samba-tool domain join customer.local DC -k yes
--server uswuxsdsrv01 --site USSEAOD -v
workgroup is CUSTOMER
realm is customer.local
Deleted CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Deleted CN=NTDS
Settings,CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Deleted
CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Adding
CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding CN=NTDS
Settings,CN=USSEAODNAS01,CN=Servers,CN=USSEAOD,CN=Sites,CN=Configuration,DC=customer,DC=local
Adding SPNs to CN=USSEAODNAS01,OU=Domain Controllers,DC=customer,DC=local
Setting account password for USSEAODNAS01$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs

A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
Provision OK for domain DN DC=customer,DC=local
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[402/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[804/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[1206/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[1608/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2010/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2412/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[2814/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3216/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3618/3736] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=customer,DC=local]
objects[3970/3736] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=customer,DC=local] objects[402/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[804/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[1206/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[1608/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2010/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2412/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[2771/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3173/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3575/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[3977/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4353/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4562/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4723/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[4886/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5050/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5224/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5396/8659]
linked_values[32/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5492/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5589/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5687/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5785/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5883/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[5981/8659]
linked_values[0/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[6218/8659]
linked_values[45/383]
Partition[CN=Configuration,DC=customer,DC=local] objects[6518/8659]
linked_values[437/383]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=customer,DC=local] objects[6820/8659]
linked_values[437/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7132/8659]
linked_values[22/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7449/8659]
linked_values[49/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=customer,DC=local] objects[7741/8659]
linked_values[167/383]
dsdb_replicated_objects_convert: Ignoring object outside partition
26eb3cf3-6b30-49fa-8cc5-1d9863e69e87
CN=Schema,CN=Configuration,DC=customer,DC=local:
WERR_DS_ADD_REPLICA_INHIBITED
Replicating critical objects from the base DN of the domain
Partition[DC=customer,DC=local] objects[70/660] linked_values[597/148216]
Partition[DC=customer,DC=local] objects[73/660] linked_values[591/148216]
Partition[DC=customer,DC=local] objects[147/660] linked_values[176/148216]
Partition[DC=customer,DC=local] objects[147/660] linked_values[0/148216]
Partition[DC=customer,DC=local] objects[217/12401] linked_values[597/148216]
==============================================================INTERNAL ERROR:
Signal 11 in pid 11893 (4.9.5-Debian)
Please read the Trouble-Shooting section of the Samba HOWTO
==============================================================smb_panic_default:
PANIC (pid 11893): internal error
BACKTRACE: 53 stack frames:
 #0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x32)
[0x7fe2e709a8d2]
 #1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x52)
[0x7fe2e709aa02]
 #2 /lib/x86_64-linux-gnu/libsamba-util.so.0(+0x24c16) [0x7fe2e709ac16]
 #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7fe2e7eec730]
 #4 /lib/x86_64-linux-gnu/libldb.so.1(+0xbc9f) [0x7fe2e74cec9f]
 #5
/lib/x86_64-linux-gnu/libldb.so.1(ldb_ldif_write_redacted_trace_string+0x4f)
[0x7fe2e74d027f]
 #6
/lib/x86_64-linux-gnu/libldb.so.1(ldb_ldif_message_redacted_string+0x24)
[0x7fe2e74d0394]
 #7
/usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/repl_meta_data.so(+0xb316)
[0x7fe2e3a89316]
 #8 /usr/lib/x86_64-linux-gnu/ldb/libldb-key-value.so(+0x7322)
[0x7fe2e3c90322]
 #9
/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_invoke_timer_handler+0xf5)
[0x7fe2e7136c55]
 #10
/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_timer_delay+0x7a)
[0x7fe2e7136dea]
 #11 /lib/x86_64-linux-gnu/libtevent.so.0(+0xce67) [0x7fe2e7137e67]
 #12 /lib/x86_64-linux-gnu/libtevent.so.0(+0xb2d7) [0x7fe2e71362d7]
 #13 /lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x84)
[0x7fe2e71317e4]
 #14 /lib/x86_64-linux-gnu/libldb.so.1(ldb_wait+0xb3) [0x7fe2e74e3d83]
 #15 /lib/x86_64-linux-gnu/libldb.so.1(ldb_extended+0x10f) [0x7fe2e74e4f8f]
 #16
/lib/x86_64-linux-gnu/libsamdb.so.0(dsdb_replicated_objects_commit+0x1d7)
[0x7fe2e6162017]
 #17
/usr/lib/x86_64-linux-gnu/samba/libsamba-net.so.0(libnet_vampire_cb_store_chunk+0x713)
[0x7fe2e4fe09c3]
 #18 /usr/lib/python2.7/dist-packages/samba/net.x86_64-linux-gnu.so(+0x3c22)
[0x7fe2e5012c22]
 #19 /usr/bin/python2.7(PyEval_EvalFrameEx+0x65a7) [0x558868dacdd7]
 #20 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5b8a) [0x558868dac3ba]
 #21 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #22 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5e1e) [0x558868dac64e]
 #23 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #24 /usr/bin/python2.7(PyEval_EvalFrameEx+0x63a8) [0x558868dacbd8]
 #25 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #26 /usr/bin/python2.7(PyEval_EvalFrameEx+0x63a8) [0x558868dacbd8]
 #27 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #28 /usr/bin/python2.7(PyEval_EvalFrameEx+0x5e1e) [0x558868dac64e]
 #29 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #30 /usr/bin/python2.7(+0x10c127) [0x558868dc2127]
 #31 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
 #32 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
 #33 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #34 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
 #35 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
 #36 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
 #37 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #38 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
 #39 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
 #40 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
 #41 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #42 /usr/bin/python2.7(+0x10bf55) [0x558868dc1f55]
 #43 /usr/bin/python2.7(PyObject_Call+0x43) [0x558868d88883]
 #44 /usr/bin/python2.7(PyEval_EvalFrameEx+0x29e2) [0x558868da9212]
 #45 /usr/bin/python2.7(PyEval_EvalCodeEx+0x666) [0x558868da4866]
 #46 /usr/bin/python2.7(PyEval_EvalCode+0x19) [0x558868da41f9]
 #47 /usr/bin/python2.7(+0x120e2f) [0x558868dd6e2f]
 #48 /usr/bin/python2.7(PyRun_FileExFlags+0x80) [0x558868dd1d20]
 #49 /usr/bin/python2.7(PyRun_SimpleFileExFlags+0x16a) [0x558868dd16ca]
 #50 /usr/bin/python2.7(Py_Main+0x5c8) [0x558868d72188]
 #51 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb)
[0x7fe2e799209b]
 #52 /usr/bin/python2.7(_start+0x2a) [0x558868d71aea]
Aborted
root at usseaodnas01:~#

After doing a bunch of reading through the list, and the args to
samba-tool, I tried adding the flag --domain-critical-only and it joined
without a problem.

I'm curious if Samba will have problems replicating 'non-critical'
domain
data now that the join is finished...although I'm not entirely sure what
the difference is between critical and non-critical data in LDAP.

Regardless, I figured someone might want me to do a bit more digging to
find out what's causing the crash.

-A

On Wed, 2020-11-11 at 19:19 -0800, Aaron C. de Bruyn via samba
wrote:
> I wanted to do a little playtesting with Samba as a domain
> controller.
> I spun up a Debian 10 box, installed Samba (package 4.9.5+dfsg-
> 5+deb10u1) ,
> and attempted to join it to the domain.  It crashed horribly. ;)
> 
> ==============================================================> INTERNAL
ERROR: Signal 11 in pid 11893 (4.9.5-Debian)
> Please read the Trouble-Shooting section of the Samba HOWTO
> ==============================================================>
smb_panic_default: PANIC (pid 11893): internal error
> BACKTRACE: 53 stack frames:
>  #0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x32)
> [0x7fe2e709a8d2]
>  #1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x52)
> [0x7fe2e709aa02]
>  #2 /lib/x86_64-linux-gnu/libsamba-util.so.0(+0x24c16)
> [0x7fe2e709ac16]
>  #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7fe2e7eec730]
>  #4 /lib/x86_64-linux-gnu/libldb.so.1(+0xbc9f) [0x7fe2e74cec9f]
>  #5
> /lib/x86_64-linux-
> gnu/libldb.so.1(ldb_ldif_write_redacted_trace_string+0x4f)
> [0x7fe2e74d027f]
>  #6
> /lib/x86_64-linux-
> gnu/libldb.so.1(ldb_ldif_message_redacted_string+0x24)
> [0x7fe2e74d0394]
> After doing a bunch of reading through the list, and the args to
> samba-tool, I tried adding the flag --domain-critical-only and it
> joined
> without a problem.
OK.  
> I'm curious if Samba will have problems replicating
'non-critical'
> domain
> data now that the join is finished...although I'm not entirely sure
> what
> the difference is between critical and non-critical data in LDAP.
It should just blat the whole domain over the top but be in better
position to do so because the skeleton the of domain is already in
place.
> Regardless, I figured someone might want me to do a bit more digging
> to
> find out what's causing the crash.
If you could re-run it under valgrind that might help.

PYTHONMALLOC=malloc valgrind python3 /path/to/samba-tool ...

Ideally do it with a modern Samba however, so we don't just chase down
bugs we have already fixed.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba

Thanks--I didn't notice the Debian packages were so far behind.

I'll try building a newer package and I'll test it out.

Thanks,

-A

On Wed, Nov 11, 2020 at 7:30 PM Andrew Bartlett <abartlet at samba.org>
wrote:
> On Wed, 2020-11-11 at 19:19 -0800, Aaron C. de Bruyn via samba wrote:
> > I wanted to do a little playtesting with Samba as a domain
> > controller.
> > I spun up a Debian 10 box, installed Samba (package 4.9.5+dfsg-
> > 5+deb10u1) ,
> > and attempted to join it to the domain.  It crashed horribly. ;)
> >
>
> > ==============================================================>
> INTERNAL ERROR: Signal 11 in pid 11893 (4.9.5-Debian)
> > Please read the Trouble-Shooting section of the Samba HOWTO
> > ==============================================================>
> smb_panic_default: PANIC (pid 11893): internal error
> > BACKTRACE: 53 stack frames:
> >  #0 /lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x32)
> > [0x7fe2e709a8d2]
> >  #1 /lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x52)
> > [0x7fe2e709aa02]
> >  #2 /lib/x86_64-linux-gnu/libsamba-util.so.0(+0x24c16)
> > [0x7fe2e709ac16]
> >  #3 /lib/x86_64-linux-gnu/libpthread.so.0(+0x12730) [0x7fe2e7eec730]
> >  #4 /lib/x86_64-linux-gnu/libldb.so.1(+0xbc9f) [0x7fe2e74cec9f]
> >  #5
> > /lib/x86_64-linux-
> > gnu/libldb.so.1(ldb_ldif_write_redacted_trace_string+0x4f)
> > [0x7fe2e74d027f]
> >  #6
> > /lib/x86_64-linux-
> > gnu/libldb.so.1(ldb_ldif_message_redacted_string+0x24)
> > [0x7fe2e74d0394]
>
>
> > After doing a bunch of reading through the list, and the args to
> > samba-tool, I tried adding the flag --domain-critical-only and it
> > joined
> > without a problem.
>
> OK.
>
> > I'm curious if Samba will have problems replicating
'non-critical'
> > domain
> > data now that the join is finished...although I'm not entirely
sure
> > what
> > the difference is between critical and non-critical data in LDAP.
>
> It should just blat the whole domain over the top but be in better
> position to do so because the skeleton the of domain is already in
> place.
>
> > Regardless, I figured someone might want me to do a bit more digging
> > to
> > find out what's causing the crash.
>
> If you could re-run it under valgrind that might help.
>
> PYTHONMALLOC=malloc valgrind python3 /path/to/samba-tool ...
>
> Ideally do it with a modern Samba however, so we don't just chase down
> bugs we have already fixed.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
> https://catalyst.net.nz/services/samba
>
>
>
>
>
>
>