On Sun, 2012-12-30 at 19:02 +0100, Christian Ullrich wrote: > Hello all, > > I have been trying for a while now to join a FreeBSD machine to an > existing AD domain, using Samba 3.6. What happens is this: > > > [root@infra1 ~]# net ads join -U [email protected] > Enter [email protected]'s password: > net: sha1 checksum failed > Abort trap: 6 (Speicherabzug geschrieben) > > > I can see the newly created computer object in AD, and it does not make > a difference when I create it manually before trying the join. kinit > works (but contrary to documentation, "net ads join" does not > automatically use the kinit'ed user for authentication). > > Samba is version 3.6.9, Kerberos is heimdal 1.5.2. I have the exact same > problem on both FreeBSD 8 and 9. > > I suspect this is actually caused by some setting on the DC, but I > cannot figure out which. The last lines in the output of > > net -d 5 ads join -U [email protected] > > are: > > rpc_api_pipe: host dc2.my.domain > rpc_read_send: data_to_read: 32 > sitename_fetch: Returning sitename for MY.REALM: "MySiteName" > name dc2.my.domain#20 found. > ads_try_connect: sending CLDAP request to xxx.yyy.zzz.12 (realm: my.domain) > Successfully contacted LDAP server xxx.yyy.zzz.12 > Connected to LDAP server dc2.my.domain > time offset is 0 seconds > Found SASL mechanism GSS-SPNEGO > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 > ads_sasl_spnego_bind: got server principal name = > not_defined_in_RFC4178@please_ignore > net: sha1 checksum failed > > > I have tried getting a backtrace, but I only get garbage from both the > core dump and when I run the program in gdb directly. If anyone could > give me a hint how to get a meaningful backtrace, I would very much > appreciate it. I have already built Samba, heimdal and the system libc > with debug symbols, but the only effect was that, instead of 20 lines of > backtrace with unlikely addresses, now I get only three followed by > "Error accessing memory, bad address".
The error certainly does seem to be coming from Heimdal - that error string only exists in Heimdal, not in Samba. If you can run it under valgrind, we might get more of a hint as to why there is invalid memory (I can't think of any other reason why this might fail - a checksum doesn't really fail like this even in 'failure' modes). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
