Problems with Samba 4 Beta 1 and a possible bug that was previously reported
Trever L. Adams
trever.adams at gmail.com
Mon Jun 18 12:04:47 MDT 2012
On 06/12/2012 08:36 AM, Trever L. Adams wrote:
> On 06/08/2012 03:12 AM, Trever L. Adams wrote:
>> On 06/07/2012 12:57 AM, Andrew Bartlett wrote:
>>> We will need many more details on both issues before we can go.
>>> further. Perhaps we can start by how 'samba 20 ate my installations',
>>> and what exactly you did after that. Thanks, Andrew Bartlett
>> From the Samba server:
>> failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure.
>> Minor code may provide more information, Minor = Success.
>> gss-api source name (accept) is MACHINE_NAME$@DOMAIN.ORG
>> process_gsstkey(): dns_tsigerror_noerror
>>
>>
>> Attempting to get further information, I have moved the profiles out of
>> profiles and tried logging in with no success. I still haven't been able
>> to figure out the read only problem nor with Firefox start-up.
>>
>> Thank you for any help,
>> Trever
> Sorry, I included the wrong lines from bind. I didn't read it correctly.
> It appears that almost all transactions give the unspecified error with
> dns_tsigerror_noerror. That doesn't seem right, but it happens even with
> successful samba registering the DC itself (samba dns update script from
> S4).
>
> However, I am seeing the following log on ANY no "nsupdate -g" updates
> from any other system (net ads dns register):
>
> client 10.0.0.21#44821: updating zone 'DOMAIN/NONE': update
> unsuccessful: host.DOMAIN/A: 'RRset exists (value dependent)'
> prerequisite not satisfied (NXRRSET)
>
> This happens if there is such an entry. It happens if the entry has been
> deleted. It happens if the NEVER existed.
>
> Again, I am using bind 9.9. Is this one of the weirdness problems that
> was mentioned?
>
> Trever
>
Ok, I think I have a handle on some of what is going on.
1) ntuser.dat has to be removed when recreating domains:
1a) Might as well just move profile and appdata out of the way and move
what you need back in, fixing ownership and permisssions, this helps
things be easier.
2) The firefox problem was caused by some weird corruption. I restored
the original profile, problem went away.
3) Samba and smbd were crashing like crazy at one point. It appears this
was problems with Fedora 17 as updates (krb5-libs-1.10-7.fc17.x86_64
,bind-license-9.9.1-2.P1.fc17.noarch, bind-libs-9.9.1-2.P1.fc17.x86_64,
bind-9.9.1-2.P1.fc17.x86_64, bind-utils-9.9.1-2.P1.fc17.x86_64,
bind-libs-lite-9.9.1-2.P1.fc17.x86_64,
krb5-workstation-1.10-7.fc17.x86_64, libcurl-7.24.0-4.fc17.x86_64,
curl-7.24.0-4.fc17.x86_64, libsss_sudo-1.8.4-12.fc17.x86_64,
libsss_sudo-1.8.4-13.fc17.x86_64) seem to have caused named (bind)
crashes to go away as well as lockups in smbd and samba. Also, I did
update Samba 4 to 4.0.0beta2-GIT-9afd4be.
Remaining problems may be something on my end. My network (multiple /24
IPv4 and multiple /64 IPv6) has multiple domains running. The DHCPD
server tells everyone that 10.1.1.1 is the DNS server. 10.something.else
is the sambaserver.
I am getting two errors. Is this caused by SAMBASERVER not being
10.1.1.1? If so, is there a recommended way of doing this as 10.1.1.1
has a lot of DNS information that is not on the SAMBASERVER? Also, this
is weird because some clients successfully update, others don't. This
may or may not be differences between windows versions (I have XP, Vista
and 7). Anyway, I think they are related, I have tried to pull them out
of the log, so there may be overlap:
1)
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#61767: ns_client_detach:
ref = 0
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#61767: endrequest
client @0x7f08600f3ca0: udprecv
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: new TCP connection
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: replace
clientmgr @0x7f08600e7f30: get client
clientmgr @0x7f08600e7f30: recycle
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: read
client @0x7f08606549a0: accept
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: TCP request
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: using view '_default'
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: request is not signed
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: recursion available
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: query
failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure.
Minor code may provide more information, Minor = Success.
gss-api source name (accept) is windowsclient$@example.com
process_gsstkey(): dns_tsigerror_noerror
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036
(1252-ms-7.3-e20d8.acd95d69-b95a-11e1-439c-0018f34ced22): send
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036
(1252-ms-7.3-e20d8.acd95d69-b95a-11e1-439c-0018f34ced22): sendto
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036
(1252-ms-7.3-e20d8.acd95d69-b95a-11e1-439c-0018f34ced22): senddone
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036
(1252-ms-7.3-e20d8.acd95d69-b95a-11e1-439c-0018f34ced22): next
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036
(1252-ms-7.3-e20d8.acd95d69-b95a-11e1-439c-0018f34ced22): endrequest
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: read
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: next
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: request failed: end
of file
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: endrequest
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#53036: closetcp
client 10.0.1.1#52662: UDP request
client 10.0.1.1#52662: using view '_default'
client 10.0.1.1#52662: request is not signed
client 10.0.1.1#52662: recursion available
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507/key
SAMBASERVER\$\@example.com: sendto
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507/key
SAMBASERVER\$\@example.com: senddone
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507/key
SAMBASERVER\$\@example.com: next
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507/key
SAMBASERVER\$\@example.com: ns_client_detach: ref = 0
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507/key
SAMBASERVER\$\@example.com: endrequest
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507: read
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507: next
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507: request failed: end
of file
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507: endrequest
client fd00:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#58507: closetcp
client 10.0.1.1#14684: UDP request
client 10.0.1.1#14684: using view '_default'
client 10.0.1.1#14684: request is not signed
client 10.0.1.1#14684: recursion available
client 10.0.1.1#14684: query
client 10.0.1.1#14684 (windowsclient.example.com): ns_client_attach: ref = 1
client 10.0.1.1#14684 (windowsclient.example.com): query
'windowsclient.example.com/SOA/IN' approved
client 10.0.1.1#14684 (windowsclient.example.com): send
client 10.0.1.1#14684 (windowsclient.example.com): sendto
client 10.0.1.1#14684 (windowsclient.example.com): senddone
client 10.0.1.1#14684 (windowsclient.example.com): next
client 10.0.1.1#14684 (windowsclient.example.com): ns_client_detach: ref = 0
client 10.0.1.1#14684 (windowsclient.example.com): endrequest
client @0x7f08600b85f0: udprecv
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: UDP request
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: using view '_default'
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: request is not signed
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: recursion available
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: update
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: ns_client_attach:
ref = 1
samba_dlz: starting transaction on zone example.com
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: updating zone
'example.com/NONE': prerequisites are OK
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: update
'example.com/IN' denied
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: updating zone
'example.com/NONE': rolling back
samba_dlz: cancelling transaction on zone example.com
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: send
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: sendto
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: senddone
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: next
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: ns_client_detach:
ref = 0
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56726: endrequest
client @0x7f08600f3ca0: udprecv
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: new TCP connection
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: replace
clientmgr @0x7f08600e7f30: get client
clientmgr @0x7f08600e7f30: recycle
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: read
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: TCP request
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: using view '_default'
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: request is not signed
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: recursion available
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: query
failed gss_inquire_cred: GSSAPI error: Major = Unspecified GSS failure.
Minor code may provide more information, Minor = Success.
gss-api source name (accept) is windowsclient$@example.com
process_gsstkey(): dns_tsigerror_noerror
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647
(1252-ms-7.2-98c86.acd95d69-b95a-11e1-439c-0018f34ced22): send
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647
(1252-ms-7.2-98c86.acd95d69-b95a-11e1-439c-0018f34ced22): sendto
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647
(1252-ms-7.2-98c86.acd95d69-b95a-11e1-439c-0018f34ced22): senddone
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647
(1252-ms-7.2-98c86.acd95d69-b95a-11e1-439c-0018f34ced22): next
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647
(1252-ms-7.2-98c86.acd95d69-b95a-11e1-439c-0018f34ced22): endrequest
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: read
client @0x7f086080aa30: accept
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: next
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: request failed: end
of file
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: endrequest
client 2001:XXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX#56647: closetcp
client 10.0.1.1#52441: UDP request
client 10.0.1.1#52441: using view '_default'
client 10.0.1.1#52441: request is not signed
Thank you,
Trever
--
"The world is a dangerous place to live; not because of the people who
are evil, but because of the people who don't do anything about it." --
Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120618/461f3242/attachment.pgp>
More information about the samba-technical
mailing list