The AD DC support has been suffering from a crash since a long time already (maybe 2018).
samba version 4.9.18 started. Copyright Andrew Tridgell and the Samba Team 1992-2018 =============================================================== INTERNAL ERROR: Signal 11 in pid 9341 (4.9.18) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting =============================================================== smb_panic_default: PANIC (pid 9341): internal error BACKTRACE: 11 stack frames: #0 0x511a7962f55 <log_stack_trace+53> at /usr/local/lib/libsamba-util.so.5.0 #1 0x511a7962dd4 <smb_panic+164> at /usr/local/lib/libsamba-util.so.5.0 #2 0x511a7962d45 <smb_panic+21> at /usr/local/lib/libsamba-util.so.5.0 #3 0x511a7963133 <log_stack_trace+531> at /usr/local/lib/libsamba-util.so.5.0 #4 0x511a7962d29 <fault_setup+137> at /usr/local/lib/libsamba-util.so.5.0 #5 0x511a1176005 #6 0x511db65cd5b <ntvfs_init+171> at /usr/local/lib/samba/libntvfs-samba4.so #7 0x511f70ff9ef <samba_init_module+47> at /usr/local/lib/samba/service/smb.so #8 0x51122b68668 <run_init_functions+72> at /usr/local/lib/samba/libsamba-modules-samba4.so #9 0x50efc88fbb2 <???+5561924516786> at samba #10 0x50efc88ed31 <???+5561924513073> at samba Abort trap (core dumped) If I'm not mistaken I got no report about it, and I'm pretty sure nobody proposed an analysis or diffs to fix it. So let's drop the AD DC support that was enabled years ago, when I was working in a samba shop. It's not like running a DC server on OpenBSD has ever been a good idea anyway, with the deprecation of the ntvfs server code upstream and our lack of xattrs/ACLs. The next steps would be to figure out how to properly update tdb/talloc and samba itself to a newer release. Sending this for tests and comments. Ian, are you ok with that? Index: Makefile =================================================================== --- Makefile.orig +++ Makefile @@ -21,16 +21,15 @@ PKG_ARCH-docs = * LDB_V = 1.4.8 TEVENT_V = 0.9.37 -REVISION-ldb = 3 -REVISION-main = 3 -REVISION-tevent = 1 +REVISION-ldb = 4 +REVISION-main = 4 +REVISION-tevent = 2 SHARED_LIBS = asn1-samba4 0.0 \ com_err-samba4 0.0 \ dcerpc 0.0 \ dcerpc-binding 2.0 \ dcerpc-samr 0.0 \ - dcerpc-server 7.0 \ gssapi-samba4 0.0 \ hcrypto-samba4 0.0 \ hdb-samba4 0.0 \ @@ -170,7 +169,7 @@ CONFIGURE_ARGS = --enable-fhs \ --without-acl-support \ --without-libarchive \ --disable-rpath \ - --with-ntvfs-fileserver \ + --without-ad-dc \ --without-gpgme \ --without-ldb-lmdb Index: pkg/PLIST-main =================================================================== --- pkg/PLIST-main.orig +++ pkg/PLIST-main @@ -5,7 +5,6 @@ @pkgpath net/samba,,-main @rcscript ${RCDIR}/nmbd @rcscript ${RCDIR}/samba -@rcscript ${RCDIR}/samba_ad_dc @rcscript ${RCDIR}/smbd @rcscript ${RCDIR}/winbindd @sample ${SYSCONFDIR}/samba/ @@ -29,7 +28,6 @@ bin/pidl @bin bin/regshell @bin bin/regtree @bin bin/rpcclient -bin/samba-tool @bin bin/sharesec @bin bin/smbcacls @bin bin/smbclient @@ -55,7 +53,6 @@ include/samba-4.0/core/werror.h include/samba-4.0/core/werror_gen.h include/samba-4.0/credentials.h include/samba-4.0/dcerpc.h -include/samba-4.0/dcerpc_server.h include/samba-4.0/domain_credentials.h include/samba-4.0/gen_ndr/ include/samba-4.0/gen_ndr/atsvc.h @@ -136,7 +133,6 @@ include/samba-4.0/util_ldb.h include/samba-4.0/wbclient.h @lib lib/libdcerpc-binding.so.${LIBdcerpc-binding_VERSION} @lib lib/libdcerpc-samr.so.${LIBdcerpc-samr_VERSION} -@lib lib/libdcerpc-server.so.${LIBdcerpc-server_VERSION} @lib lib/libdcerpc.so.${LIBdcerpc_VERSION} @lib lib/libndr-krb5pac.so.${LIBndr-krb5pac_VERSION} @lib lib/libndr-nbt.so.${LIBndr-nbt_VERSION} @@ -157,7 +153,6 @@ include/samba-4.0/wbclient.h @lib lib/libwbclient.so.${LIBwbclient_VERSION} lib/pkgconfig/dcerpc.pc lib/pkgconfig/dcerpc_samr.pc -lib/pkgconfig/dcerpc_server.pc lib/pkgconfig/ndr.pc lib/pkgconfig/ndr_krb5pac.pc lib/pkgconfig/ndr_nbt.pc @@ -229,7 +224,6 @@ lib/python${MODPY_VERSION}/site-packages @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/winreg.so @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/wkssvc.so @so lib/python${MODPY_VERSION}/site-packages/samba/dcerpc/xattr.so -@so lib/python${MODPY_VERSION}/site-packages/samba/dckeytab.so lib/python${MODPY_VERSION}/site-packages/samba/descriptor.py lib/python${MODPY_VERSION}/site-packages/samba/descriptor.pyc lib/python${MODPY_VERSION}/site-packages/samba/descriptor.${MODPY_PYOEXTENSION} @@ -242,8 +236,6 @@ lib/python${MODPY_VERSION}/site-packages lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.py lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.pyc lib/python${MODPY_VERSION}/site-packages/samba/drs_utils.${MODPY_PYOEXTENSION} -@so lib/python${MODPY_VERSION}/site-packages/samba/dsdb.so -@so lib/python${MODPY_VERSION}/site-packages/samba/dsdb_dns.so lib/python${MODPY_VERSION}/site-packages/samba/emulate/ lib/python${MODPY_VERSION}/site-packages/samba/emulate/__init__.py lib/python${MODPY_VERSION}/site-packages/samba/emulate/__init__.pyc @@ -953,13 +945,6 @@ lib/python${MODPY_VERSION}/site-packages @so lib/python${MODPY_VERSION}/site-packages/samba/xattr_tdb.so lib/samba/auth/ @so lib/samba/auth/script.so -lib/samba/bind9/ -@so lib/samba/bind9/dlz_bind9.so -@so lib/samba/bind9/dlz_bind9_10.so -@so lib/samba/bind9/dlz_bind9_11.so -@so lib/samba/bind9/dlz_bind9_9.so -lib/samba/gensec/ -@so lib/samba/gensec/krb5.so lib/samba/idmap/ @so lib/samba/idmap/ad.so @so lib/samba/idmap/autorid.so @@ -970,56 +955,9 @@ lib/samba/idmap/ @so lib/samba/idmap/tdb2.so lib/samba/krb5/ @so lib/samba/krb5/winbind_krb5_locator.so -@so lib/samba/ldb/acl.so -@so lib/samba/ldb/aclread.so -@so lib/samba/ldb/anr.so -@so lib/samba/ldb/audit_log.so -@so lib/samba/ldb/descriptor.so -@so lib/samba/ldb/dirsync.so -@so lib/samba/ldb/dns_notify.so -@so lib/samba/ldb/dsdb_notification.so -@so lib/samba/ldb/encrypted_secrets.so -@so lib/samba/ldb/extended_dn_in.so -@so lib/samba/ldb/extended_dn_out.so -@so lib/samba/ldb/extended_dn_store.so -@so lib/samba/ldb/group_audit_log.so @so lib/samba/ldb/ildap.so -@so lib/samba/ldb/instancetype.so -@so lib/samba/ldb/lazy_commit.so @so lib/samba/ldb/ldbsamba_extensions.so -@so lib/samba/ldb/linked_attributes.so -@so lib/samba/ldb/local_password.so -@so lib/samba/ldb/new_partition.so -@so lib/samba/ldb/objectclass.so -@so lib/samba/ldb/objectclass_attrs.so -@so lib/samba/ldb/objectguid.so -@so lib/samba/ldb/operational.so -@so lib/samba/ldb/partition.so -@so lib/samba/ldb/password_hash.so -@so lib/samba/ldb/ranged_results.so -@so lib/samba/ldb/repl_meta_data.so -@so lib/samba/ldb/resolve_oids.so -@so lib/samba/ldb/rootdse.so -@so lib/samba/ldb/samba3sam.so -@so lib/samba/ldb/samba3sid.so -@so lib/samba/ldb/samba_dsdb.so -@so lib/samba/ldb/samba_secrets.so -@so lib/samba/ldb/samldb.so -@so lib/samba/ldb/schema_data.so -@so lib/samba/ldb/schema_load.so -@so lib/samba/ldb/secrets_tdb_sync.so -@so lib/samba/ldb/show_deleted.so -@so lib/samba/ldb/simple_dn.so -@so lib/samba/ldb/simple_ldap_map.so -@so lib/samba/ldb/subtree_delete.so -@so lib/samba/ldb/subtree_rename.so -@so lib/samba/ldb/tombstone_reanimate.so -@so lib/samba/ldb/unique_object_sids.so -@so lib/samba/ldb/update_keytab.so -@so lib/samba/ldb/vlv.so -@so lib/samba/ldb/wins_ldb.so @so lib/samba/libCHARSET3-samba4.so -@so lib/samba/libHDB-SAMBA4-samba4.so @so lib/samba/libLIBWBCLIENT-OLD-samba4.so @so lib/samba/libMESSAGING-SEND-samba4.so @so lib/samba/libMESSAGING-samba4.so @@ -1043,14 +981,9 @@ lib/samba/krb5/ @so lib/samba/libcmdline-credentials-samba4.so @lib lib/samba/libcom_err-samba4.so.${LIBcom_err-samba4_VERSION} @so lib/samba/libcommon-auth-samba4.so -@so lib/samba/libdb-glue-samba4.so @so lib/samba/libdbwrap-samba4.so @so lib/samba/libdcerpc-samba-samba4.so @so lib/samba/libdcerpc-samba4.so -@so lib/samba/libdfs-server-ad-samba4.so -@so lib/samba/libdlz-bind9-for-torture-samba4.so -@so lib/samba/libdnsserver-common-samba4.so -@so lib/samba/libdsdb-garbage-collect-tombstones-samba4.so @so lib/samba/libdsdb-module-samba4.so @so lib/samba/libevents-samba4.so @so lib/samba/libflag-mapping-samba4.so @@ -1086,13 +1019,10 @@ lib/samba/krb5/ @so lib/samba/libnon-posix-acls-samba4.so @so lib/samba/libnpa-tstream-samba4.so @so lib/samba/libnss-info-samba4.so -@so lib/samba/libntvfs-samba4.so -@so lib/samba/libpac-samba4.so @so lib/samba/libpopt-samba3-cmdline-samba4.so @so lib/samba/libpopt-samba3-samba4.so @so lib/samba/libposix-eadb-samba4.so @so lib/samba/libprinting-migrate-samba4.so -@so lib/samba/libprocess-model-samba4.so @so lib/samba/libregistry-samba4.so @lib lib/samba/libroken-samba4.so.${LIBroken-samba4_VERSION} @so lib/samba/libsamba-cluster-support-samba4.so @@ -1104,11 +1034,9 @@ lib/samba/krb5/ @so lib/samba/libsamba-sockets-samba4.so @so lib/samba/libsamba3-util-samba4.so @so lib/samba/libsamdb-common-samba4.so -@so lib/samba/libscavenge-dns-records-samba4.so @so lib/samba/libsecrets3-samba4.so @so lib/samba/libserver-id-db-samba4.so @so lib/samba/libserver-role-samba4.so -@so lib/samba/libservice-samba4.so @so lib/samba/libshares-samba4.so @so lib/samba/libsmb-transport-samba4.so @so lib/samba/libsmbclient-raw-samba4.so @@ -1135,25 +1063,6 @@ lib/samba/nss_info/ @so lib/samba/nss_info/rfc2307.so @so lib/samba/nss_info/sfu.so @so lib/samba/nss_info/sfu20.so -lib/samba/process_model/ -@so lib/samba/process_model/prefork.so -@so lib/samba/process_model/standard.so -lib/samba/service/ -@so lib/samba/service/cldap.so -@so lib/samba/service/dcerpc.so -@so lib/samba/service/dns.so -@so lib/samba/service/dns_update.so -@so lib/samba/service/drepl.so -@so lib/samba/service/kcc.so -@so lib/samba/service/kdc.so -@so lib/samba/service/ldap.so -@so lib/samba/service/nbtd.so -@so lib/samba/service/ntp_signd.so -@so lib/samba/service/s3fs.so -@so lib/samba/service/smb.so -@so lib/samba/service/web.so -@so lib/samba/service/winbindd.so -@so lib/samba/service/wrepl.so lib/samba/vfs/ @so lib/samba/vfs/acl_tdb.so @so lib/samba/vfs/acl_xattr.so @@ -1175,7 +1084,6 @@ lib/samba/vfs/ @so lib/samba/vfs/media_harmony.so @so lib/samba/vfs/netatalk.so @so lib/samba/vfs/offline.so -@so lib/samba/vfs/posix_eadb.so @so lib/samba/vfs/preopen.so @so lib/samba/vfs/readahead.so @so lib/samba/vfs/readonly.so @@ -1345,12 +1253,7 @@ libexec/samba/ @man man/man8/winbindd.8 @bin sbin/eventlogadm @bin sbin/nmbd -@bin sbin/samba sbin/samba-gpupdate -sbin/samba_dnsupdate -sbin/samba_kcc -sbin/samba_spnupdate -sbin/samba_upgradedns @bin sbin/smbd @bin sbin/winbindd share/doc/pkg-readmes/${PKGSTEM} @@ -1359,118 +1262,6 @@ share/examples/samba/ share/examples/samba/smb.conf.default @sample ${SYSCONFDIR}/samba/smb.conf @comment share/perl5/ -share/samba/ -share/samba/setup/ -share/samba/setup/DB_CONFIG -share/samba/setup/ad-schema/ -share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf -share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2016.ldf -share/samba/setup/ad-schema/AD_DS_Classes__Windows_Server_2012_R2.ldf -share/samba/setup/ad-schema/AD_DS_Classes__Windows_Server_2016.ldf -share/samba/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2008_R2.ldf -share/samba/setup/ad-schema/Attributes_for_AD_DS__Windows_Server_2012.ldf -share/samba/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2008_R2.ldf -share/samba/setup/ad-schema/Classes_for_AD_DS__Windows_Server_2012.ldf -share/samba/setup/ad-schema/MS-AD_Schema_2K8_Attributes.txt -share/samba/setup/ad-schema/MS-AD_Schema_2K8_Classes.txt -share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt -share/samba/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt -share/samba/setup/ad-schema/licence.txt -share/samba/setup/adprep/ -share/samba/setup/adprep/WindowsServerDocs/ -share/samba/setup/adprep/WindowsServerDocs/Forest-Wide-Updates.md -share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff -share/samba/setup/adprep/WindowsServerDocs/Sch50.ldf.diff -share/samba/setup/adprep/WindowsServerDocs/Sch51.ldf.diff -share/samba/setup/adprep/WindowsServerDocs/Sch57.ldf.diff -share/samba/setup/adprep/WindowsServerDocs/Sch59.ldf.diff -share/samba/setup/adprep/WindowsServerDocs/Schema-Updates.md -share/samba/setup/adprep/fix-forest-rev.ldf -share/samba/setup/aggregate_schema.ldif -share/samba/setup/cn=samba.ldif -share/samba/setup/display-specifiers/ -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k0.txt -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3.txt -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k3R2.txt -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k8.txt -share/samba/setup/display-specifiers/DisplaySpecifiers-Win2k8R2.txt -share/samba/setup/dns_update_list -share/samba/setup/extended-rights.ldif -share/samba/setup/fedora-ds-init.ldif -share/samba/setup/fedorads-dna.ldif -share/samba/setup/fedorads-index.ldif -share/samba/setup/fedorads-linked-attributes.ldif -share/samba/setup/fedorads-pam.ldif -share/samba/setup/fedorads-partitions.ldif -share/samba/setup/fedorads-refint-add.ldif -share/samba/setup/fedorads-refint-delete.ldif -share/samba/setup/fedorads-samba.ldif -share/samba/setup/fedorads-sasl.ldif -share/samba/setup/fedorads.inf -share/samba/setup/idmap_init.ldif -share/samba/setup/krb5.conf -share/samba/setup/memberof.conf -share/samba/setup/mmr_serverids.conf -share/samba/setup/mmr_syncrepl.conf -share/samba/setup/modules.conf -share/samba/setup/named.conf -share/samba/setup/named.conf.dlz -share/samba/setup/named.conf.update -share/samba/setup/named.txt -share/samba/setup/olc_mmr.conf -share/samba/setup/olc_seed.ldif -share/samba/setup/olc_serverid.conf -share/samba/setup/olc_syncrepl.conf -share/samba/setup/olc_syncrepl_seed.conf -share/samba/setup/prefixMap.txt -share/samba/setup/provision.ldif -share/samba/setup/provision.reg -share/samba/setup/provision.zone -share/samba/setup/provision_basedn.ldif -share/samba/setup/provision_basedn_modify.ldif -share/samba/setup/provision_basedn_options.ldif -share/samba/setup/provision_basedn_references.ldif -share/samba/setup/provision_computers_add.ldif -share/samba/setup/provision_computers_modify.ldif -share/samba/setup/provision_configuration.ldif -share/samba/setup/provision_configuration_basedn.ldif -share/samba/setup/provision_configuration_modify.ldif -share/samba/setup/provision_configuration_references.ldif -share/samba/setup/provision_dns_accounts_add.ldif -share/samba/setup/provision_dns_add_samba.ldif -share/samba/setup/provision_dnszones_add.ldif -share/samba/setup/provision_dnszones_modify.ldif -share/samba/setup/provision_dnszones_partitions.ldif -share/samba/setup/provision_group_policy.ldif -share/samba/setup/provision_init.ldif -share/samba/setup/provision_partitions.ldif -share/samba/setup/provision_privilege.ldif -share/samba/setup/provision_rootdse_add.ldif -share/samba/setup/provision_rootdse_modify.ldif -share/samba/setup/provision_schema_basedn.ldif -share/samba/setup/provision_schema_basedn_modify.ldif -share/samba/setup/provision_self_join.ldif -share/samba/setup/provision_self_join_config.ldif -share/samba/setup/provision_self_join_modify.ldif -share/samba/setup/provision_self_join_modify_config.ldif -share/samba/setup/provision_self_join_modify_schema.ldif -share/samba/setup/provision_users.ldif -share/samba/setup/provision_users_add.ldif -share/samba/setup/provision_users_modify.ldif -share/samba/setup/provision_well_known_sec_princ.ldif -share/samba/setup/refint.conf -share/samba/setup/schema-map-fedora-ds-1.0 -share/samba/setup/schema-map-openldap-2.3 -share/samba/setup/schema_samba4.ldif -share/samba/setup/secrets.ldif -share/samba/setup/secrets_dns.ldif -share/samba/setup/secrets_init.ldif -share/samba/setup/secrets_sasl_ldap.ldif -share/samba/setup/secrets_simple_ldap.ldif -share/samba/setup/share.ldif -share/samba/setup/slapd.conf -share/samba/setup/spn_update_list -share/samba/setup/ypServ30.ldif @mode 0750 @sample /var/cache/samba/ @sample ${SAMBA_LOGDIR}/ Index: pkg/README-main =================================================================== --- pkg/README-main.orig +++ pkg/README-main @@ -27,18 +27,3 @@ Winbind on OpenBSD does not support loca is no nsswitch support. Winbind support is included for external systems like Dovecot or Squid that are able to use it to authenticate users. - -Nmbd and AD DC mode -=================== -Note that nmbd(8) daemon currently doesn't work properly when samba is -set up as an AD DC controller. - -Max open files limit -==================== -To use Samba as a domain controller it is advised to bump the values of -openfiles-max in /etc/login.conf and kern.maxfiles over 16384. If you -are using /etc/login.conf.db (not usually recommended) then be sure to -rebuild it. - -Don't forget to add the entry kern.maxfiles=16384 to the -/etc/sysctl.conf file to keep the change across reboots. Index: pkg/samba_ad_dc.rc =================================================================== --- pkg/samba_ad_dc.rc +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/ksh -# -# $OpenBSD: samba_ad_dc.rc,v 1.4 2018/11/30 15:17:31 jca Exp $ - -smbcontrol="${TRUEPREFIX}/bin/smbcontrol" - -daemon="${TRUEPREFIX}/sbin/samba -D" - -. /etc/rc.d/rc.subr - -pexp="^samba: root process" -rc_usercheck=NO - -rc_check() { - ${smbcontrol} samba ping -} - -rc_reload() { - ${smbcontrol} samba reload-config -} - -rc_cmd $1 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
