Bug 15551 - samba-gpupdate fails on Fedora/RHEL with several different issues
Summary: samba-gpupdate fails on Fedora/RHEL with several different issues
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: 4.19.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-08 12:49 UTC by Andreas Schneider
Modified: 2024-01-22 08:51 UTC (History)
4 users (show)

See Also:

Attachments
patch for 4.19 (2.12 KB, patch)
2024-01-08 12:50 UTC, Andreas Schneider 		no flags Details
patch for 4.19 (28.58 KB, patch)
2024-01-08 13:35 UTC, Andreas Schneider 		dmulder: review-
pfilipensky: review+
Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2024-01-08 12:49:40 UTC 
samba-gpupdate fails to fetch certificate authorities:

[root@ip-10-0-192-159 ~]# /usr/sbin/samba-gpupdate --rsop
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
lp_load_ex: refreshing parameters
Freeing parametrics:
Processing section "[global]"
doing parameter netbios name = IP10159
doing parameter apply group policies = yes
doing parameter workgroup = SMB
doing parameter security = ads
doing parameter realm = SMB.COM
doing parameter kerberos method = secrets and keytab
doing parameter client signing = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter log level = 9
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
  auth_audit: 9
  auth_json_audit: 9
  kerberos: 9
  drs_repl: 9
  smb2: 9
  smb2_credits: 9
  dsdb_audit: 9
  dsdb_json_audit: 9
  dsdb_password_audit: 9
  dsdb_password_json_audit: 9
  dsdb_transaction_audit: 9
  dsdb_transaction_json_audit: 9
  dsdb_group_audit: 9
  dsdb_group_json_audit: 9
pm_process() returned Yes
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 1 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00\AF\D5\C4\C1sN\F5RRfv\C7)(objectClass=domain)) -> 1
gendb_search_v: DC=smb,DC=com NULL -> 1
Using binding ncacn_np:ad.smb.com[,seal]
Mapped to DCERPC endpoint \pipe\netlogon
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
signed SMB2 message (sign_algo_id=1)
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
signed SMB2 message (sign_algo_id=1)
denis prints hostname: IP10159$
signed SMB2 message (sign_algo_id=1)
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
signed SMB2 message (sign_algo_id=1)
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'SMB.COM': "Default-First-Site-Name"
namecache_fetch: no entry for ad.smb.com#20 found.
resolve_hosts: Attempting host lookup for name ad.smb.com<0x20>
namecache_store: storing 1 address for ad.smb.com#20: 10.0.192.119
Connecting to 10.0.192.119 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_creds_prepare_krb5: Doing kinit for IP10159$@SMB.COM to access ad.smb.com
cli_session_setup_spnego_send: Connect to ad.smb.com as IP10159$@SMB.COM using SPNEGO
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Resultant Set of Policy
Computer Policy

GPO: Disable-RC4-etype
===================================================================================================================================
  CSE: gp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_krb_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_crontab_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_smb_conf_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_msgs_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_symlink_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_files_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_openssh_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_motd_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_issue_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_startup_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_gnome_settings_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_cert_auto_enroll_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_firefox_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_chromium_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_chrome_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_firewalld_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
===================================================================================================================================

GPO: Default Domain Policy
===================================================================================================================================
  CSE: gp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_krb_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_sudoers_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_centrify_crontab_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_smb_conf_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_msgs_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_symlink_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_files_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_openssh_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_motd_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_issue_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_startup_scripts_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: vgp_access_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_gnome_settings_ext
  -----------------------------------------------------------------
  -----------------------------------------------------------------
  CSE: gp_cert_auto_enroll_ext
  -----------------------------------------------------------------
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 2 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 131, in <module>
    rsop(lp, creds, store, gp_extensions, username, opts.target)
  File "/usr/lib64/python3.9/site-packages/samba/gp/gpclass.py", line 1069, in rsop
    for section, settings in ext.rsop(gpo_obj).items():
  File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 508, in rsop
    cas = fetch_certification_authorities(ldb)
  File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 159, in fetch_certification_authorities
    'cACertificate': get_string(es['cACertificate'][0])
  File "/usr/lib64/python3.9/site-packages/samba/common.py", line 104, in get_string
    tmp = bytesorstring.decode('utf8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

This is fixed with 157335ee93eb866f9b6a47486a5668d6e76aced5

We should backport this.
Comment 1 Andreas Schneider 2024-01-08 12:50:48 UTC 
Created attachment 18220 [details]
patch for 4.19
Comment 2 Andreas Schneider 2024-01-08 13:31:33 UTC 
Actually, we want all patches from Gabriel Nagy backported, will do
Comment 3 Andreas Schneider 2024-01-08 13:35:18 UTC 
Created attachment 18221 [details]
patch for 4.19
Comment 4 David Mulder 2024-01-08 14:14:16 UTC 
Comment on attachment 18221 [details]
patch for 4.19

LGTM
Comment 5 Andreas Schneider 2024-01-09 07:41:29 UTC 
David, you commented 'LGTM' but set review-.
Comment 6 David Mulder 2024-01-09 16:07:54 UTC 
(In reply to Andreas Schneider from comment #5)

I was attempting to remove the review for myself. I most have done it wrong.
Comment 7 Pavel Filipenský 2024-01-10 13:40:03 UTC 
Comment on attachment 18221 [details]
patch for 4.19

LGTM
Comment 8 Andreas Schneider 2024-01-10 13:59:51 UTC 
Jule, please add the patchset to 4.19. Thanks
Comment 9 Jule Anger 2024-01-15 10:03:03 UTC 
Pushed to autobuild-v4-19-test.
Comment 10 Jule Anger 2024-01-22 08:51:15 UTC 
Closing out bug report.

Thanks!