[Pkg-samba-maint] Bug#859101: regression: net: security update makes `net ads join` freeze when run a second time
Paul Wise
pabs at debian.org
Thu Mar 30 10:30:05 UTC 2017
Package: samba-common-bin
Version: 2:4.2.10+dfsg-0+deb8u1
Severity: serious
File: /usr/bin/net
Control: found -1 2:4.2.14+dfsg-0+deb8u4
X-Debbugs-CC: security at debian.org
The jessie security upgrade from samba 2:4.1.17+dfsg-2+deb8u2 to
2:4.2.10+dfsg-0+deb8u1 causes the `net ads join` command to freeze when
run on a system that has already been joined to the domain.
I've confirmed that the freeze does not happen on samba 4.1 using
snapshot.d.o. The issue still occurs with 2:4.2.14+dfsg-0+deb8u4.
When I increase the debug level to 15, it appears that it freezes while
trying to remove old keytab entries.
The command doesn't use much CPU so it appears to be a deadlock.
$ sudo apt install samba-common-bin smbclient
$ grep -A13 \\[global /etc/samba/smb.conf
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = TEST
realm = TEST.LOCAL
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
preferred master = no
domain master = No
password server = *
security = ADS
ldap timeout = 300
$ sudo net ads join -d15 -UAdministrator
...
Enter Administrator's password:
...
$ sudo net ads join -d15 -UAdministrator
...
Enter Administrator's password:
...
../source3/libads/kerberos_keytab.c:65: Will try to delete old keytab entries
../source3/libads/kerberos_keytab.c:139: Found old entry for principal: host/test46.test.local at TEST.LOCAL (kvno 6) - trying to remove it.
^C
$ sudo smbclient -Utester -L //testsbs01
Enter Indexer's password:
Domain=[TEST] OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003 5.2]
$ cat /etc/apt/sources.d/snapshot.list
deb http://snapshot.debian.org/archive/debian/20160103T163148Z/ jessie main
deb http://snapshot.debian.org/archive/debian-security/20160413T203215Z/ jessie/updates main
deb http://snapshot.debian.org/archive/debian/20160314T035958Z/ jessie main
deb http://snapshot.debian.org/archive/debian-security/20160312T072202Z/ jessie/updates main
-- System Information:
Debian Release: 8.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages samba-common-bin depends on:
ii libbsd0 0.7.0-2
ii libc6 2.19-18+deb8u7
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2
ii libncurses5 5.9+20140913-1+b1
ii libpopt0 1.16-10
ii libreadline6 6.3-8+b3
ii libtalloc2 2.1.2-0+deb8u1
ii libtdb1 1.3.6-0+deb8u1
ii libtevent0 0.9.28-0+deb8u1
ii libtinfo5 5.9+20140913-1+b1
ii libwbclient0 2:4.2.14+dfsg-0+deb8u4
ii python 2.7.9-1
ii python-samba 2:4.2.14+dfsg-0+deb8u4
pn python2.7:any <none>
ii samba-common 2:4.2.14+dfsg-0+deb8u4
ii samba-libs 2:4.2.14+dfsg-0+deb8u4
samba-common-bin recommends no packages.
Versions of packages samba-common-bin suggests:
pn heimdal-clients <none>
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20170330/608a7799/attachment.sig>
More information about the Pkg-samba-maint
mailing list