Open kclinden opened 2 years ago
When setting up likewise I do the following:
root@photon3 [ /opt/likewise/bin ]# ./domainjoin-cli setname photon3
root@photon3 [ ~ ]# /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1
root@photon3 [ /opt/likewise/bin ]# /opt/likewise/bin/lwsm restart lwio
Stopping service reverse dependency: vmafd
Stopping service reverse dependency: lsass
Stopping service reverse dependency: rdr
Stopping service: lwio
Starting service: lwio
Starting service reverse dependency: rdr
Starting service reverse dependency: lsass
Starting service reverse dependency: vmafd
root@photon3 [ /opt/likewise/bin ]# /opt/likewise/bin/domainjoin-cli --loglevel verbose --logfile somefile.log join home.lab klinden
Joining to AD Domain: home.lab
With Computer DNS Name: photon3.home.lab
partial coredump
Apr 08 20:38:19 photon3.home.lab systemd-coredump[1423]: Process 1371 (lsassd) of user 0 dumped core.
Stack trace of thread 1416:
#0 0x00007f1bfa0e77ea raise (libc.so.6)
#1 0x00007f1bfa0e8881 abort (libc.so.6)
#2 0x00007f1bf9db4e2f OpenSSLDie (libcrypto.so.1.0.0)
#3 0x00007f1bf9dbb845 MD5_Init (libcrypto.so.1.0.0)
#4 0x00007f1bf76fe7a8 n/a (liblsass_auth_provider_ad_open.so)
#5 0x00007f1bf76fddc2 n/a (liblsass_auth_provider_ad_open.so)
#6 0x00007f1bf76f8fd3 n/a (liblsass_auth_provider_ad_open.so)
#7 0x00007f1bf76f7707 LsaJoinDomain (liblsass_auth_provider_ad_open.so)
#8 0x00007f1bf769066d n/a (liblsass_auth_provider_ad_open.so)
#9 0x00007f1bf7698c2b AD_ProviderIoControl (liblsass_auth_provider_ad_open.so)
#10 0x00007f1bfa5f8a9a LsaSrvProviderIoControl (liblsaserverapi.so.0)
#11 0x00007f1bfa5f1b4d n/a (liblsaserverapi.so.0)
#12 0x00007f1bfa5077d2 n/a (liblwmsg.so.0)
#13 0x00007f1bf9fd8c5f n/a (liblwbase.so.0)
#14 0x00007f1bf9fd79d3 n/a (liblwbase.so.0)
#15 0x00007f1bf9fd7b27 n/a (liblwbase.so.0)
#16 0x00007f1bfa271f87 n/a (libpthread.so.0)
#17 0x00007f1bfa1a560f __clone (libc.so.6)
Stack trace of thread 1392:
#0 0x00007f1bfa277d7c pthread_cond_wait (libpthread.so.0)
#1 0x00007f1bfa2bb8b1 dcethread_cond_wait (libdcerpc.so.1)
#2 0x00007f1bfa2bb94d dcethread_cond_wait_throw (libdcerpc.so.1)
#3 0x00007f1bfa31e4a3 n/a (libdcerpc.so.1)
#4 0x00007f1bfa2bb0c5 n/a (libdcerpc.so.1)
#5 0x00007f1bfa271f87 n/a (libpthread.so.0)
#6 0x00007f1bfa1a560f __clone (libc.so.6)
Stack trace of thread 1391:
#0 0x00007f1bfa277d7c pthread_cond_wait (libpthread.so.0)
#1 0x00007f1bfa2bb8b1 dcethread_cond_wait (libdcerpc.so.1)
#2 0x00007f1bfa2bb94d dcethread_cond_wait_throw (libdcerpc.so.1)
#3 0x00007f1bfa31e4a3 n/a (libdcerpc.so.1)
#4 0x00007f1bfa2bb0c5 n/a (libdcerpc.so.1)
#5 0x00007f1bfa271f87 n/a (libpthread.so.0)
#6 0x00007f1bfa1a560f __clone (libc.so.6)
Stack trace of thread 1390:
#0 0x00007f1bfa277d7c pthread_cond_wait (libpthread.so.0)
#1 0x00007f1bfa2bb8b1 dcethread_cond_wait (libdcerpc.so.1)
#2 0x00007f1bfa2bb94d dcethread_cond_wait_throw (libdcerpc.so.1)
#3 0x00007f1bfa31e4a3 n/a (libdcerpc.so.1)
#4 0x00007f1bfa2bb0c5 n/a (libdcerpc.so.1)
#5 0x00007f1bfa271f87 n/a (libpthread.so.0)
#6 0x00007f1bfa1a560f __clone (libc.so.6)
Stack trace of thread 1389:
#0 0x00007f1bfa277d7c pthread_cond_wait (libpthread.so.0)
#1 0x00007f1bfa2bb8b1 dcethread_cond_wait (libdcerpc.so.1)
#2 0x00007f1bfa2bb94d dcethread_cond_wait_throw (libdcerpc.so.1)
#3 0x00007f1bfa31e4a3 n/a (libdcerpc.so.1)
#4 0x00007f1bfa2bb0c5 n/a (libdcerpc.so.1)
#5 0x00007f1bfa271f87 n/a (libpthread.so.0)
#6 0x00007f1bfa1a560f __clone (libc.so.6)
I am not totally sure, but I think it might be occurring here. https://github.com/vmware/likewise-open/blob/2b535fa27889eeee24844f65ad3550f92c76f5e2/lsass/server/auth-providers/ad-open-provider/join/join.c#L1761
We should use AES instead of md5 or rc4.
This would be covered in section 3.2.2.4 AES Cipher Usage
of the MS-SAMR.pdf
Describe the bug
System fails to join active directory with error
Error: LW_ERROR_ERRNO_ECONNREFUSED [code 0x00009d49]
This only happens when the Photon Kernel is configured in fips mode.
Reproduction steps
Expected behavior
system joins domain successfully.
Additional context
lsass error
lsass verbose logs