I have set up samba with security = ads I have a kerberos ticket and want to use this when authenticating with samba: smbclient -U bard -k -L //daisy session setup failed: Call returned zero bytes (EOF) from `/usr/sbin/smbd -i -d 10` : name_to_fqdn: lookup for DAISY -> daisy. krb5_rd_req succeeded for principal daisy$@LOCALDOMAIN secrets_named_mutex: released mutex for replay cache mutex Got KRB5 session key of length 8 =============================================================== INTERNAL ERROR: Signal 11 in pid 19925 (3.0.8-Debian) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== smb_panic(): calling panic action [/usr/share/samba/panic-action 19925] smb_panic(): action returned status 0 PANIC: internal error BACKTRACE: 15 stack frames: #0 smbd(smb_panic2+0x111) [0x81dfd51] #1 smbd(smb_panic+0x1a) [0x81dfc3a] #2 smbd [0x81cc118] #3 [0xffffe420] #4 smbd(ads_verify_ticket+0x5e5) [0x824c075] #5 smbd [0x80ad8d6] #6 smbd [0x80ae5af] #7 smbd [0x80aea5b] #8 smbd(reply_sesssetup_and_X+0xe6b) [0x80afa0b] #9 smbd [0x80d3056] #10 smbd [0x80d32e0] #11 smbd(process_smb+0x8c) [0x80d34ec] #12 smbd(smbd_process+0x168) [0x80d4228] #13 smbd(main+0x4ea) [0x8256b6a] #14 /lib/tls/libc.so.6(__libc_start_main+0x108) [0xb7d457f8] Aborted Kerberos setup is working with ssh , pam-krb5 etc. Is smb.conf nessesary?
This only happens if smb.conf contains use kerberos keytab = yes if not I just get session setup failed: NT_STATUS_LOGON_FAILURE when running smbclient
Tested with Samba 3.1 , it didn't SIGSEV I got this: name_to_fqdn: lookup for DAISY -> daisy. secrets_named_mutex: got mutex for replay cache mutex ads_secrets_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type ads_secrets_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type ads_secrets_verify_ticket: enc type [16] failed to decrypt with error Decrypt integrity check failed ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type ads_secrets_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type secrets_named_mutex: released mutex for replay cache mutex ads_verify_ticket: krb5_rd_req with auth failed (Success) Failed to verify incoming ticket! It looks to me like MIT krb5 is using an encryption method that samba doesn't support, but I haven't figured that one out. I guess that's offtopic regarding this bug report
Jeremy Allison(jra@samba.org) provided this patch It solved the problem > Index: libsmb/clikrb5.c > =================================================================== > --- libsmb/clikrb5.c (revision 4019) > +++ libsmb/clikrb5.c (working copy) > @@ -184,7 +184,7 @@ > void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt) > { > #if defined(HAVE_KRB5_TKT_ENC_PART2) > - if (tkt->enc_part2) > + if (tkt->enc_part2 && tkt->enc_part2->authorization_data && tkt->enc_part2->authorization_data[0] && tkt->enc_part2->authorization_data[0]->length) > *auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents, > tkt->enc_part2->authorization_data[0]->length); > #else
duplicate of a bug reported on Samba technical svn -r4020 SAMBA_3_0
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.