Bug 13057 - MIT KDC(mit-krb5) exits after windows joins AD and tries to login on
Summary: MIT KDC(mit-krb5) exits after windows joins AD and tries to login on
Status: NEEDINFO
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.7.0
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-09-27 08:20 UTC by expert123
Modified: 2018-08-28 12:31 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description expert123 2017-09-27 08:20:07 UTC 
How to reproduce:

CentOS7.x-x86-64 ( 7.2 and 7.4)

1. install krb5-server-1.15 and configure samba v4.7.0 as :

 ./configure --with-system-mitkrb5

2. build with ad-dc feature.

3. samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ --realm=xxx --domain=AD --adminpass=XXXX

4. change named.conf and krb5.conf,kdc.conf, following intructions from the previous step and Wiki of samba.

5. join windows7-64bit to AD and restart it.

6. trace samba related logs.

================================================
[root@pdc samba]# more log.samba
[2017/09/27 12:54:55.362600,  0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
  /usr/sbin/krb5kdc: krb5kdc: do_tgs_req.c:826: process_tgs_req: Assertion `status != ((void *)0)' failed.
[2017/09/27 12:54:55.833120,  0] ../source4/kdc/kdc-service-mit.c:348(mitkdc_server_done)
  The MIT KDC daemon died with exit status 6
[2017/09/27 12:54:55.833268,  0] ../source4/smbd/service_task.c:35(task_server_terminate)
  task_server_terminate: [mitkdc child process exited]

=====================================================

7. mit-krb5 coredump happens.

==============================

Wed Sep 27 12:54 1117/87310 "[abrt] krb5-server: krb5kdc killed by SIGABRT"

cmdline:        /usr/sbin/krb5kdc -n
executable:     /usr/sbin/krb5kdc
package:        krb5-server-1.15.1-8.el7
component:      krb5

:Sep 27 11:55:56 pdc.ad.pthl.hk samba[14387]:   /usr/sbin/krb5kdc: krb5kdc: do_tgs_req.c:826: process_tgs_req: Assertion `status != ((void *)0)' failed.
:Sep 27 11:55:56 pdc.ad.pthl.hk abrt-hook-ccpp[14593]: Process 14394 (krb5kdc) of user 0 killed by SIGABRT - dumping core

====================================

### mit-krb5.log, ip 172.16.232.210 is  machine windows7-64bit's IP address.

Sep 27 12:54:54 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt
=23 ses=23}, DC-ADMIN$@AD.PTHL.HK for DNS/pdc.ad.pthl.hk@AD.PTHL.HK
Sep 27 12:54:54 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22
Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt
=18 ses=18}, DC-ADMIN$@AD.PTHL.HK for DC-ADMIN$@AD.PTHL.HK
Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22
Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): TGS_REQ (5 etypes {18 17 23 24 -135}) 172.16.232.210: ISSUE: authtime 1506488087, etypes {rep=18 tkt
=18 ses=18}, DC-ADMIN$@AD.PTHL.HK for dc-admin$\@AD.PTHL.HK@AD.PTHL.HK
Sep 27 12:54:55 pdc.ad.pthl.hk krb5kdc[14995](info): closing down fd 22
==================================


8. run `kadmin.local` as root, and then type `listprins`

  when I want to exit the console, I type "quit" or "exit"

  Also coredump happens.
Comment 1 expert123 2017-09-27 08:22:01 UTC 
While with embedded Hemedal Kerberos, I don't see this stuff.
Comment 2 Andrew Bartlett 2018-08-28 04:02:44 UTC 
I'm pretty sure this issue was fixed in later versions of Samba 4.7 but I can't find the commit details or entry in the WHATSNEW.
Comment 3 Andreas Schneider 2018-08-28 12:31:51 UTC 
Can you reproduce this with newer version than 4.7.0?

The latest 4.7 release which is 4.7.10 or 4.8?