Kerberos Help Needed
Rick Stevens
rstevens at vitalstream.com
Wed Aug 24 18:19:10 UTC 2005
Greg Julius wrote:
>>>I deleted the prior join attempt and did a 'kinit administrator'.
>>>The kinit failed however because of "KDC has no support for
>>>encryption type while getting initial credentials". So I removed
>>>the enctypes that were suggested in the first reply and tried again.
>>>That seemed to work just fine.
>>>
>>>When I then did the 'net join' it seemed to work except that it
>>>died a horrible death in glibc free() with an invalid
>>>pointer. It looks like it added to the ads anyway.
>>>
>>>In fact, when I try to view the guardian machine from the windows server,
>>>I get further than I have ever gotten in this configuration. I can
>>>actually see the shares! This is progress.
>>>
>>>HOWEVER, when I trie to view a share, I get the following in the samba
>
> log
>
>>>area under the IP address of the windows ads server:
>>> *** glibc detected *** smbd: free(): invalid pointer: 0x001bedb0 ***
>>> ======= Backtrace: =========
>>> /lib/libc.so.6[0x76d424]
>>> /lib/libc.so.6(__libc_free+0x77)[0x76d95f]
>>> /lib/libcom_err.so.2(remove_error_table+0x4b)[0x1e3abb]
>>> /usr/lib/libkrb5.so.3[0x15c8c4]
>>> /usr/lib/libkrb5.so.3[0x15c5c7]
>>> /usr/lib/libkrb5.so.3[0x1ad9da]
>>> /lib/ld-linux.so.2[0x5d0058]
>>> /lib/libc.so.6(exit+0xc5)[0x734c69]
>>> smbd(exit_server+0x25c)[0xad1ae6]
>>> smbd(main+0x995)[0xad26a1]
>>> /lib/libc.so.6(__libc_start_main+0xc6)[0x71ede6]
>>> smbd[0x8d04f1]
>>> ======= Memory map: ========
>>>
>>>I snipped the Memory map area as it was pretty long. It appears that
>>>smbd takes a dive during a free operation. This looks exactly like
>>>failure that I got at the end of the 'net join' command.
>>>
>>>I did a 'yum update' hoping there was some fix out there that I
>>>hadn't yet picked up. All installed well, but same problem.
>>>
>>>The failure happens every time.
>>>
>>>So, What next?
>>
>>I'd try to get the samba source code from samba.org and build it myself.
>>The updates from Red Hat or Fedora are necessarily behind the current
>>release. My guess is that yours has a bug (trying to free an invalid
>>pointer is certainly and example of a coding bug). We are using 3.0.14a
>>ourselves, built from the source tarballs at samba.org.
>
>
> While I don't have a problem with doing this, I'm not sure that samba
> is the culprit, just a victum.
Well, actually we just installed Samba 3.0.20 last night. There are a
LOT of updates in it--so many that the Samba gang decided to skip
versions 3.0.15, .16, .17, .18 and .19 and went straight to .20.
> The net command fails the same way when I do a 'net join':
> *** glibc detected *** net: free(): invalid pointer: 0x00bd1db0 ***
> ======= Backtrace: =========
> /lib/libc.so.6[0x1be424]
> /lib/libc.so.6(__libc_free+0x77)[0x1be95f]
> /lib/libcom_err.so.2(remove_error_table+0x4b)[0x114abb]
> /usr/lib/libkrb5.so.3[0xb6f8c4]
> /usr/lib/libkrb5.so.3[0xb6f5c7]
> /usr/lib/libkrb5.so.3[0xbc09da]
> /lib/ld-linux.so.2[0xda4058]
> /lib/libc.so.6(exit+0xc5)[0x185c69]
> /lib/libc.so.6(__libc_start_main+0xce)[0x16fdee]
> net[0x3070f1]
> ======= Memory map: ========
>
> The addresses shown appear to be the same relative to each other.
> I haven't shot dumps since writing APAR's for IBM 20 years ago
> but looking at the backtrace I would guess that the free is being
> issued by libcom_err, perhaps as part of a request from libkrb5.
That's entirely possible. Have you upgraded the kerberos RPMs yet?
> All that aside, could the failure be caused by a bad config parm?
> I have a very minimal krb5.conf file. I have been trying
> variations of that. I stopped winbind and did a 'net join' test
> and it failed the same way, seems that winbind couldn't be a
> part of the problem. What else might be involved parameterwise?
I doubt it's a config issue. The trying to free an invalid pointer is
typically caused by a coding bug. I have no idea which parameter would
cause the thread of execution to go down this buggy path, but trying to
find it would take a full-up debug session.
> If it's not likely that a parameter change could work around the
> failure, what would you suggest as the next step?
>
> Which source items should I try first and where would I get them?
> (Gad I must be desparate to even ask this...)
First off, make sure you update Kerberos and possibly glibc. I can't
recall which system you have (I think it was CentOS), but update ASAP.
Under CentOS or a licensed version of RHEL, you should be able to
"up2date" it. For Fedora Core, use "yum -y update".
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Whoever said "Money can't buy friends" obviously never brought -
- donuts to the office. -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list