Bug 15551 - samba-gpupdate fails on Fedora/RHEL with several different issues
Summary: samba-gpupdate fails on Fedora/RHEL with several different issues
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: 4.19.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-08 12:49 UTC by Andreas Schneider
Modified: 2024-01-22 08:51 UTC (History)
4 users (show)

See Also:


Attachments
patch for 4.19 (2.12 KB, patch)
2024-01-08 12:50 UTC, Andreas Schneider
no flags Details
patch for 4.19 (28.58 KB, patch)
2024-01-08 13:35 UTC, Andreas Schneider
dmulder: review-
pfilipensky: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2024-01-08 12:49:40 UTC
samba-gpupdate fails to fetch certificate authorities:

[root@ip-10-0-192-159 ~]# /usr/sbin/samba-gpupdate --rsop
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
lp_load_ex: refreshing parameters
Freeing parametrics:
Processing section "[global]"
doing parameter netbios name = IP10159
doing parameter apply group policies = yes
doing parameter workgroup = SMB
doing parameter security = ads
doing parameter realm = SMB.COM
doing parameter kerberos method = secrets and keytab
doing parameter client signing = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter log level = 9
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
pm_process() returned Yes
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 1 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00\AF\D5\C4\C1sN\F5RRfv\C7)(objectClass=domain)) -> 1
gendb_search_v: DC=smb,DC=com NULL -> 1
Using binding ncacn_np:ad.smb.com[,seal]
Mapped to DCERPC endpoint \pipe\netlogon
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
signed SMB2 message (sign_algo_id=1)
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
signed SMB2 message (sign_algo_id=1)
denis prints hostname: IP10159$
signed SMB2 message (sign_algo_id=1)
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
signed SMB2 message (sign_algo_id=1)
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'SMB.COM': "Default-First-Site-Name"
namecache_fetch: no entry for ad.smb.com#20 found.
resolve_hosts: Attempting host lookup for name ad.smb.com<0x20>
namecache_store: storing 1 address for ad.smb.com#20: 10.0.192.119
Connecting to 10.0.192.119 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_creds_prepare_krb5: Doing kinit for IP10159$@SMB.COM to access ad.smb.com
cli_session_setup_spnego_send: Connect to ad.smb.com as IP10159$@SMB.COM using SPNEGO
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Resultant Set of Policy
Computer Policy

GPO: Disable-RC4-etype
===================================================================================================================================
  CSE: gp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_krb_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_crontab_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_smb_conf_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_msgs_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_symlink_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_files_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_openssh_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_motd_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_issue_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_startup_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_gnome_settings_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_cert_auto_enroll_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_firefox_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_chromium_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_chrome_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_firewalld_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
===================================================================================================================================

GPO: Default Domain Policy
===================================================================================================================================
  CSE: gp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_krb_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_crontab_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_smb_conf_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_msgs_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_symlink_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_files_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_openssh_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_motd_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_issue_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_startup_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_gnome_settings_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_cert_auto_enroll_ext
  -----------------------------------------------------------------
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 2 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 131, in <module>
    rsop(lp, creds, store, gp_extensions, username, opts.target)
  File "/usr/lib64/python3.9/site-packages/samba/gp/gpclass.py", line 1069, in rsop
    for section, settings in ext.rsop(gpo_obj).items():
  File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 508, in rsop
    cas = fetch_certification_authorities(ldb)
  File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 159, in fetch_certification_authorities
    'cACertificate': get_string(es['cACertificate'][0])
  File "/usr/lib64/python3.9/site-packages/samba/common.py", line 104, in get_string
    tmp = bytesorstring.decode('utf8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

This is fixed with 157335ee93eb866f9b6a47486a5668d6e76aced5

We should backport this.
Comment 1 Andreas Schneider 2024-01-08 12:50:48 UTC
Created attachment 18220 [details]
patch for 4.19
Comment 2 Andreas Schneider 2024-01-08 13:31:33 UTC
Actually, we want all patches from Gabriel Nagy backported, will do
Comment 3 Andreas Schneider 2024-01-08 13:35:18 UTC
Created attachment 18221 [details]
patch for 4.19
Comment 4 David Mulder 2024-01-08 14:14:16 UTC
Comment on attachment 18221 [details]
patch for 4.19

LGTM
Comment 5 Andreas Schneider 2024-01-09 07:41:29 UTC
David, you commented 'LGTM' but set review-.
Comment 6 David Mulder 2024-01-09 16:07:54 UTC
(In reply to Andreas Schneider from comment #5)

I was attempting to remove the review for myself. I most have done it wrong.
Comment 7 Pavel Filipenský 2024-01-10 13:40:03 UTC
Comment on attachment 18221 [details]
patch for 4.19

LGTM
Comment 8 Andreas Schneider 2024-01-10 13:59:51 UTC
Jule, please add the patchset to 4.19. Thanks
Comment 9 Jule Anger 2024-01-15 10:03:03 UTC
Pushed to autobuild-v4-19-test.
Comment 10 Jule Anger 2024-01-22 08:51:15 UTC
Closing out bug report.

Thanks!