Loading...

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.4
Component/s: samba
Labels:
- SAMBA-POST

Fixed in Build:
samba-4.20.2-2.el9
Regression:
None
Severity:
Low

Pool Team:

rhel-sst-idm-sssd
Sub-System Group:

ssg_idm

Story Points:
0
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/131667
Test Coverage:

RegressionOnly

Experience:
Architecture:

All

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

samba-gpupdate fails to fetch certificate authorities:

[root@ip-10-0-192-159 ~]# /usr/sbin/samba-gpupdate --rsop
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
lp_load_ex: refreshing parameters
Freeing parametrics:
Processing section "[global]"
doing parameter netbios name = IP10159
doing parameter apply group policies = yes
doing parameter workgroup = SMB
doing parameter security = ads
doing parameter realm = SMB.COM
doing parameter kerberos method = secrets and keytab
doing parameter client signing = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter log level = 9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
doing parameter idmap config * : range = 10000-20000
doing parameter wins server = 10.0.192.119
doing parameter password server = *
doing parameter create krb5 conf = no
pm_process() returned Yes
lp_servicenumber: couldn't find homes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
smb2: 9
smb2_credits: 9
dsdb_audit: 9
dsdb_json_audit: 9
dsdb_password_audit: 9
dsdb_password_json_audit: 9
dsdb_transaction_audit: 9
dsdb_transaction_json_audit: 9
dsdb_group_audit: 9
dsdb_group_json_audit: 9
pm_process() returned Yes
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 1 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00\AF\D5\C4\C1sN\F5RRfv\C7)(objectClass=domain)) -> 1
gendb_search_v: DC=smb,DC=com NULL -> 1
Using binding ncacn_np:ad.smb.com[,seal]
Mapped to DCERPC endpoint \pipe\netlogon
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs
signed SMB2 message (sign_algo_id=1)
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
signed SMB2 message (sign_algo_id=1)
denis prints hostname: IP10159$
signed SMB2 message (sign_algo_id=1)
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
signed SMB2 message (sign_algo_id=1)
Opening cache file at /var/lib/samba/lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'SMB.COM': "Default-First-Site-Name"
namecache_fetch: no entry for ad.smb.com#20 found.
resolve_hosts: Attempting host lookup for name ad.smb.com<0x20>
namecache_store: storing 1 address for ad.smb.com#20: 10.0.192.119
Connecting to 10.0.192.119 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_creds_prepare_krb5: Doing kinit for IP10159$@SMB.COM to access ad.smb.com
cli_session_setup_spnego_send: Connect to ad.smb.com as IP10159$@SMB.COM using SPNEGO
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Resultant Set of Policy
Computer Policy

GPO: Disable-RC4-etype
===================================================================================================================================
CSE: gp_access_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_krb_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_scripts_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_centrify_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_centrify_crontab_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_smb_conf_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_msgs_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_symlink_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_files_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_openssh_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_motd_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_issue_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_startup_scripts_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_access_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_gnome_settings_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_cert_auto_enroll_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_firefox_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_chromium_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_chrome_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_firewalld_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
===================================================================================================================================

GPO: Default Domain Policy
===================================================================================================================================
CSE: gp_access_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_krb_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_scripts_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_centrify_sudoers_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_centrify_crontab_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_smb_conf_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_msgs_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_symlink_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_files_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_openssh_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_motd_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_issue_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_startup_scripts_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: vgp_access_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_gnome_settings_ext
-----------------------------------------------------------------
-----------------------------------------------------------------
CSE: gp_cert_auto_enroll_ext
-----------------------------------------------------------------
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain SMB.COM
finddcs: looking for SRV records for _ldap._tcp.SMB.COM
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe'
finddcs: DNS SRV response 1 at '10.0.192.119'
finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe
finddcs: performing CLDAP query on 10.0.192.119
finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported.
print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported.
print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported.
print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported.
print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported.
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Advancing clock by 2 seconds to cope with clock skew
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 131, in <module>
rsop(lp, creds, store, gp_extensions, username, opts.target)
File "/usr/lib64/python3.9/site-packages/samba/gp/gpclass.py", line 1069, in rsop
for section, settings in ext.rsop(gpo_obj).items():
File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 508, in rsop
cas = fetch_certification_authorities(ldb)
File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 159, in fetch_certification_authorities
'cACertificate': get_string(es['cACertificate'][0])
File "/usr/lib64/python3.9/site-packages/samba/common.py", line 104, in get_string
tmp = bytesorstring.decode('utf8')
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

This is fixed with 157335ee93eb866f9b6a47486a5668d6e76aced5

We should backport this.

links to

RHBA-2024:131667 samba bug fix and enhancement update

Samba Bug 15551

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates