just calling kpasswd on a host without a dns-`hostname` account crashes samba. the log only shows (even with loglevel 10) the following. [2013/07/31 11:57:38, 4] ../source4/dsdb/repl/drepl_notify.c:463(dreplsrv_notify_schedule) dreplsrv_notify_schedule(5) scheduled for: Wed Jul 31 11:57:43 2013 CEST [2013/07/31 11:57:38, 0] ../lib/util/fault.c:72(fault_report) =============================================================== [2013/07/31 11:57:38, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 1001 (4.0.7) Please read the Trouble-Shooting section of the Samba HOWTO [2013/07/31 11:57:38, 0] ../lib/util/fault.c:75(fault_report) =============================================================== [2013/07/31 11:57:38, 0] ../lib/util/fault.c:144(smb_panic_default) PANIC: internal error
Can you get more of backtrace? (say run it under gdb --args samba -i -M single -d3)
here is the whole gdb session. i inserted a few newlines to make them more clean. i got a ticket first (via kinit on the client), then i tried to set the password (kpasswd). # gdb --args samba -i -M single -d3 GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/samba...(no debugging symbols found)...done. (gdb) run Starting program: /usr/sbin/samba -i -M single -d3 /usr/sbin/samba: /usr/lib/x86_64-linux-gnu/libwbclient.so.0: no version information available (required by /usr/lib/x86_64-linux-gnu/samba/libauth4.so) [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" samba version 4.0.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered NTPTR backend 'simple_ldb' NTVFS backend 'default' for type 1 registered NTVFS backend 'posix' for type 1 registered NTVFS backend 'unixuid' for type 1 registered NTVFS backend 'unixuid' for type 3 registered NTVFS backend 'unixuid' for type 2 registered NTVFS backend 'cifs' for type 1 registered NTVFS backend 'smb2' for type 1 registered NTVFS backend 'simple' for type 1 registered NTVFS backend 'cifsposix' for type 1 registered NTVFS backend 'default' for type 3 registered NTVFS backend 'default' for type 2 registered NTVFS backend 'nbench' for type 1 registered PROCESS_MODEL 'single' registered PROCESS_MODEL 'onefork' registered PROCESS_MODEL 'prefork' registered PROCESS_MODEL 'standard' registered AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered AUTH backend 'anonymous' registered AUTH backend 'winbind' registered AUTH backend 'winbind_wbclient' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'unix' registered SHARE backend [classic] registered. ldb_wrap open of privilege.ldb samba: using 'single' process model DCERPC endpoint server 'rpcecho' registered DCERPC endpoint server 'epmapper' registered DCERPC endpoint server 'remote' registered DCERPC endpoint server 'srvsvc' registered DCERPC endpoint server 'wkssvc' registered DCERPC endpoint server 'unixinfo' registered DCERPC endpoint server 'samr' registered DCERPC endpoint server 'winreg' registered DCERPC endpoint server 'netlogon' registered DCERPC endpoint server 'dssetup' registered DCERPC endpoint server 'lsarpc' registered DCERPC endpoint server 'backupkey' registered DCERPC endpoint server 'spoolss' registered DCERPC endpoint server 'drsuapi' registered DCERPC endpoint server 'browser' registered DCERPC endpoint server 'eventlog6' registered DCERPC endpoint server 'dnsserver' registered dreplsrv_partition[CN=Configuration,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded dreplsrv_partition[CN=Schema,CN=Configuration,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded dreplsrv_partition[DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded dreplsrv_partition[DC=ForestDnsZones,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded dreplsrv_partition[DC=DomainDnsZones,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded ldb_wrap open of secrets.ldb ldb_wrap open of idmap.ldb kccsrv_partition[DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded kccsrv_partition[CN=Configuration,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded kccsrv_partition[CN=Schema,CN=Configuration,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded kccsrv_partition[DC=DomainDnsZones,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded kccsrv_partition[DC=ForestDnsZones,DC=int,DC=topoi,DC=hu-berlin,DC=de] loaded Calling DNS name update script Calling SPN name update script Child /usr/sbin/samba_spnupdate exited with status 0 - Success Completed SPN update check OK Child /usr/sbin/samba_dnsupdate exited with status 0 - Success Completed DNS update check OK Registered AT<00> with 141.20.159.11 on interface 141.20.159.255 Registered AT<03> with 141.20.159.11 on interface 141.20.159.255 Registered AT<20> with 141.20.159.11 on interface 141.20.159.255 Registered TOPOI-HU<1b> with 141.20.159.11 on interface 141.20.159.255 Registered TOPOI-HU<1c> with 141.20.159.11 on interface 141.20.159.255 Registered TOPOI-HU<00> with 141.20.159.11 on interface 141.20.159.255 Kerberos: AS-REQ tobias.florek@INT.TOPOI.HU-BERLIN.DE from ipv4:141.20.159.98:43884 for krbtgt/INT.TOPOI.HU-BERLIN.DE@INT.TOPOI.HU-BERLIN.DE Kerberos: Client sent patypes: REQ-ENC-PA-REP Kerberos: Looking for PK-INIT(ietf) pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: Looking for PK-INIT(win2k) pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: Looking for ENC-TS pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: Need to use PA-ENC-TIMESTAMP/PA-PK-AS-REQ Kerberos: AS-REQ tobias.florek@INT.TOPOI.HU-BERLIN.DE from ipv4:141.20.159.98:57089 for krbtgt/INT.TOPOI.HU-BERLIN.DE@INT.TOPOI.HU-BERLIN.DE Kerberos: Client sent patypes: ENC-TS, REQ-ENC-PA-REP Kerberos: Looking for PK-INIT(ietf) pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: Looking for PK-INIT(win2k) pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: Looking for ENC-TS pa-data -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: ENC-TS Pre-authentication succeeded -- tobias.florek@INT.TOPOI.HU-BERLIN.DE using arcfour-hmac-md5 Kerberos: ENC-TS pre-authentication succeeded -- tobias.florek@INT.TOPOI.HU-BERLIN.DE Kerberos: AS-REQ authtime: 2013-08-06T12:06:28 starttime: unset endtime: 2013-08-06T22:06:28 renew till: 2013-08-07T12:06:24 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5 Kerberos: Requested flags: renewable-ok, proxiable, forwardable Program received signal SIGSEGV, Segmentation fault. 0x00007ffff289e678 in krb5_crypto_fx_cf2 () from /usr/lib/x86_64-linux-gnu/libkrb5.so.26 (gdb) bt #0 0x00007ffff289e678 in krb5_crypto_fx_cf2 () from /usr/lib/x86_64-linux-gnu/libkrb5.so.26 #1 0x00007ffff28a4f48 in _krb5_fast_cf2 () from /usr/lib/x86_64-linux-gnu/libkrb5.so.26 #2 0x00007ffff28a5001 in _krb5_fast_armor_key () from /usr/lib/x86_64-linux-gnu/libkrb5.so.26 #3 0x00007fffe6e1c283 in ?? () from /usr/lib/x86_64-linux-gnu/libkdc.so.2 #4 0x00007fffe6e1e7f1 in ?? () from /usr/lib/x86_64-linux-gnu/libkdc.so.2 #5 0x00007fffe6e29e63 in ?? () from /usr/lib/x86_64-linux-gnu/libkdc.so.2 #6 0x00007fffe6e2a078 in krb5_kdc_process_krb5_request () from /usr/lib/x86_64-linux-gnu/libkdc.so.2 #7 0x00007fffe7662b8a in ?? () from /usr/lib/x86_64-linux-gnu/samba//service/kdc.so #8 0x00007fffe7662479 in ?? () from /usr/lib/x86_64-linux-gnu/samba//service/kdc.so #9 0x00007ffff6d014b8 in ?? () from /usr/lib/x86_64-linux-gnu/samba/libservice.so #10 0x00007ffff150dc14 in ?? () from /usr/lib/x86_64-linux-gnu/samba/libsamba-sockets.so #11 0x00007ffff1510395 in ?? () from /usr/lib/x86_64-linux-gnu/samba/libsamba-sockets.so #12 0x00007ffff3ef006b in ?? () from /usr/lib/x86_64-linux-gnu/libtevent.so.0 #13 0x00007ffff3eee546 in ?? () from /usr/lib/x86_64-linux-gnu/libtevent.so.0 #14 0x00007ffff3eeaeed in _tevent_loop_once () from /usr/lib/x86_64-linux-gnu/libtevent.so.0 #15 0x00007ffff3eeb0ab in tevent_common_loop_wait () from /usr/lib/x86_64-linux-gnu/libtevent.so.0 #16 0x00007ffff3eee4b6 in ?? () from /usr/lib/x86_64-linux-gnu/libtevent.so.0 #17 0x000055555555e439 in ?? () #18 0x00007ffff3b7bead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #19 0x000055555555a631 in _start () (gdb)
This looks like a bug in the mix between samba and a different, unsupported copy of Heimdal installed on your system. Don't build against the system Heimdal, use our in-tree copy. This crash isn't anything to do with DNS, or the dns-`hostname` account as far as I can see. Sorry,