How to reproduce: CentOS7.x-x86-64 ( 7.2 and 7.4) 1. install krb5-server-1.15 and configure samba v4.7.0 as : ./configure --with-system-mitkrb5 2. build with ad-dc feature. 3. samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=xxx --domain=AD --adminpass=XXXX 4. change named.conf and krb5.conf,kdc.conf, following intructions from the previous step and Wiki of samba. 5. join windows7-64bit to AD and restart it. 6. trace samba related logs. ================================================ [root@pdc samba]# more log.samba [2017/09/27 12:54:55.362600, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler) /usr/sbin/krb5kdc: krb5kdc: do_tgs_req.c:826: process_tgs_req: Assertion `status != ((void *)0)' failed. [2017/09/27 12:54:55.833120, 0] ../source4/kdc/kdc-service-mit.c:348(mitkdc_server_done) The MIT KDC daemon died with exit status 6 [2017/09/27 12:54:55.833268, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [mitkdc child process exited] ===================================================== 7. mit-krb5 coredump happens. ============================== Wed Sep 27 12:54 1117/87310 "[abrt] krb5-server: krb5kdc killed by SIGABRT" cmdline: /usr/sbin/krb5kdc -n executable: /usr/sbin/krb5kdc package: krb5-server-1.15.1-8.el7 component: krb5 :Sep 27 11:55:56 pdc.ad.pthl.hk samba[14387]: /usr/sbin/krb5kdc: krb5kdc: do_tgs_req.c:826: process_tgs_req: Assertion `status != ((void *)0)' failed. :Sep 27 11:55:56 pdc.ad.pthl.hk abrt-hook-ccpp[14593]: Process 14394 (krb5kdc) of user 0 killed by SIGABRT - dumping core ==================================== ### mit-krb5.log, ip 172.16.232.210 is machine windows7-64bit's IP address. Sep 27 12:54:54 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt =23 ses=23}, DC-ADMIN$@AD.PTHL.HK for DNS/pdc.ad.pthl.hk@AD.PTHL.HK Sep 27 12:54:54 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22 Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt =18 ses=18}, DC-ADMIN$@AD.PTHL.HK for DC-ADMIN$@AD.PTHL.HK Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22 Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt =18 ses=18}, DC-ADMIN$@AD.PTHL.HK for dc-admin$\@AD.PTHL.HK@AD.PTHL.HK Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22 ================================== 8. run `kadmin.local` as root, and then type `listprins` when I want to exit the console, I type "quit" or "exit" Also coredump happens.
While with embedded Hemedal Kerberos, I don't see this stuff.
I'm pretty sure this issue was fixed in later versions of Samba 4.7 but I can't find the commit details or entry in the WHATSNEW.
Can you reproduce this with newer version than 4.7.0? The latest 4.7 release which is 4.7.10 or 4.8?