3.0.26a DNS update bug ?
Gerald (Jerry) Carter
jerry at samba.org
Wed Sep 12 13:35:07 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Martin Zielinski wrote:
> Hello!
>
> I'm using samba-3.0.26a and heimdal 0.7.2
>
> I failed creating a non-existing DNS entry on the ADS-DC during the
> domain join or the "net ads dns register" command (modifying an existing
> entry succeeds).
>
> I found out, that "dnsgss.c - dns_negotiate_sec_ctx()" calls the
> heimdal function "gss_import_name()" with an
> "oid" "\052\206\110\206\367\022\001\002\002\002".
>
> This oid does not exist in the heimdal sources. So gss_import_name will
> allways fail.
> And - as far as i understand it - the name has allready been resolved
> earlier with the krb5_parse_name function.
>
> So if I call:
> err = dns_negotiate_gss_ctx_int(mem_ctx, conn, keyname,
> host_principal, gss_ctx, srv_type );
>
> instead of
>
> err = dns_negotiate_gss_ctx_int(mem_ctx, conn, keyname,
> targ_name, gss_ctx, srv_type );
>
> the dns update succeeds (in heimdal gss_name_t and krb5_principal are
> the same).
>
> Bye,
> ~ Martin
>
> P.S. And no, I don't *really* know, what happens here, and I haven't
> tried it with MIT.
Thanks Martin, Would you file a bug on this. I know that I
have only tested the dns updates using the MIT libs.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG5+sLIR7qMdg1EfYRAufYAJ4lBGOEmXYY9ZfTiZSC0DKX4sKTAACgwoAv
oDzwjRNS3CDYUItmV1Y2X5Q=
=O6jC
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list