On the latest 4.7 test branch, the rpc server crashes. I also experienced this with the master branch. Also present on other DCs at this version. The message in the log is: =============================================================== INTERNAL ERROR: Signal 11 in pid 29358 (4.7.0rc4-GIT-d77de9a) Please read the Trouble-Shooting section of the Samba HOWTO =============================================================== PANIC: internal error Valgrind reports: ==29358== Invalid read of size 4 ==29358== at 0xCE87AEC: ldb_set_timeout (in /usr/local/samba/lib/private/libldb.so.1.2.1) ==29358== by 0xCE87B52: ldb_set_timeout_from_prev_req (in /usr/local/samba/lib/private/libldb.so.1.2.1) ==29358== by 0xCE89829: ldb_build_req_common (in /usr/local/samba/lib/private/libldb.so.1.2.1) ==29358== by 0xCE8992F: ldb_build_search_req_ex (in /usr/local/samba/lib/private/libldb.so.1.2.1) ==29358== by 0xCE89AA9: ldb_build_search_req (in /usr/local/samba/lib/private/libldb.so.1.2.1) ==29358== by 0xD0ADCE4: dsdb_search_dn (in /usr/local/samba/lib/private/libsamdb-common-samba4.so) ==29358== by 0xD0AA6C8: dsdb_find_guid_attr_by_dn (in /usr/local/samba/lib/private/libsamdb-common-samba4.so) ==29358== by 0xD0AA7A4: dsdb_find_guid_by_dn (in /usr/local/samba/lib/private/libsamdb-common-samba4.so) ==29358== by 0x1249621F: dcesrv_drsuapi_DsGetNCChanges (in /usr/local/samba/lib/libdcerpc-server.so.0.0.1) ==29358== by 0x1248BAD3: drsuapi__op_dispatch (in /usr/local/samba/lib/libdcerpc-server.so.0.0.1) ==29358== by 0x12447931: dcesrv_request (in /usr/local/samba/lib/libdcerpc-server.so.0.0.1) ==29358== by 0x124483BC: dcesrv_process_ncacn_packet (in /usr/local/samba/lib/libdcerpc-server.so.0.0.1) ==29358== Address 0x7c is not stack'd, malloc'd or (recently) free'd ==29358==
On debug level 10: On debug level 10: ldb: ldb_trace_request: (partition)->read_unlock ldb: partition_read_unlock() -> CN=Schema,CN=Configuration,DC=x,DC=x,DC=x,DC=x ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: partition_read_unlock() -> CN=Configuration,DC=x,DC=x,DC=x,DC=x ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: partition_read_unlock() -> DC=DomainDnsZones,DC=x,DC=x,DC=x,DC=x ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: partition_read_unlock() -> DC=ForestDnsZones,DC=x,DC=x,DC=x,DC=x ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: partition_read_unlock() -> DC=x,DC=x,DC=x,DC=x ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: partition_read_unlock() -> (metadata partition) ldb: ldb_trace_next_request: (tdb)->read_unlock ldb: Destroying timer event 0x55fd187189d0 "ltdb_timeout" ldb: Ending timer event 0x55fd18718910 "ltdb_callback" =============================================================== INTERNAL ERROR: Signal 11 in pid 30180 (4.7.0rc4-GIT-d77de9a) Please read the Trouble-Shooting section of the Samba HOWTO =============================================================== PANIC: internal error
Created attachment 13447 [details] possible patch for master Have you manually given a normal user GUID_DRS_GET_CHANGES right to a non-administrator? This patch should fix it, allowing that to work again. Before it lands in master I need to write a test. This is a regression on bug 12398.
Ahh that would be AADConnect which syncs passwords with office 365. It sets up a service account and gives it GUID_DRS_GET_CHANGES. I assume the crash was triggered everytime it requested changes from AD. I'll apply and test in the morning! Thank you for a speedy reply!
I'm continuing to write tests to lock down our behaviour here, but in the meantime how did the patch go? Thanks, Andrew Bartlett
Hi Andrew Thanks for the patch! Worked perfectly. No more crashes, replication is working with no errors and AADConnect is syncing users and passwords just fine. If you need any tests done etc. I'm more than willing :) Cheers Alex
(In reply to Alex MacCuish from comment #5) Can you write up a guide in our Wiki about Azure AD Sync / Office 365, and how to get it working? That will help our users a lot, as well as us as developers when we need to reproduce a more complex issue there. Thanks!
(In reply to Andrew Bartlett from comment #6) I'd be more than happy to though tbh the Microsoft guide works well, I would just be repeating their steps, and I don't recall any samba specifics to get it working (a credit to Samba Team's great work if the Microsoft instructions work against Samba AD too!) Would you rather a link to the Microsoft guide? If not I will happily write a guide.
Even just a page with the links the to Microsoft guide and saying that it works is very helpful, as folks don't know when to trust that.
Created attachment 13523 [details] Patch for 4.7-test
Please pick for 4.7.0
Pushed to autobuild-v4-7-test.
Pushed to v4-7-test. Closing out bug report. Thanks!