DNS resolution in 'make test'

Andreas Schneider asn at samba.org
Thu Sep 4 07:38:36 MDT 2014 

On Thursday 04 September 2014 14:36:50 Andrew Bartlett wrote:
> On Wed, 2014-09-03 at 12:08 +0200, Andreas Schneider wrote:
> > Hi,
> > 
> > while working on MIT Kerberos stuff it became clear that we need to talk
> > to
> > DNS server to ask it about SRV records for the KDC.
> > 
> > I've did some investigation and wrote a resolv_wrapper library to wrap
> > res_init(), res_query() and res_search(). It is a really simple wrapper
> > and
> > I'm able to talk to the Samba DNS server in 'make test' now!
> > 
> > asn at magrathea:~/workspace/projects/samba/git>
> > LD_PRELOAD=$LD_PRELOAD:libresolv_wrapper.so
> > SOCKET_WRAPPER_PCAP_FILE=kinit.pcap RESOLV_WRAPPER_DEBUGLEVEL=5
> > RESOLV_WRAPPER_NAMESERVER="127.0.0.21"
> > KRB5_CONFIG=/home/asn/workspace/projects/samba/git/krb5_kinit.conf
> > KRB5_TRACE=/dev/stdout kinit Administrator at SAMBA.EXAMPLE.COM
> > [17918] 1409738193.686386: Getting initial credentials for
> > Administrator at SAMBA.EXAMPLE.COM
> > [17918] 1409738193.686668: Sending request (194 bytes) to
> > SAMBA.EXAMPLE.COM
> > [17918] 1409738193.688507: Resolving hostname localdc.samba.example.com.
> > [17918] 1409738193.689448: Sending initial UDP request to dgram
> > 127.0.0.21:88 [17918] 1409738193.695803: Received answer (510 bytes) from
> > dgram
> > 127.0.0.21:88
> > [17918] 1409738193.696451: Response was not from master KDC
> > [17918] 1409738193.696499: Received error from KDC: -1765328359/Additional
> > pre-authentication required
> > [17918] 1409738193.696560: Processing preauth types: 136, 19, 2, 133
> > [17918] 1409738193.696594: Selected etype info: etype aes256-cts, salt
> > "SAMBA.EXAMPLE.COMAdministrator", params ""
> > [17918] 1409738193.696612: Received cookie: MIT
> > Password for Administrator at SAMBA.EXAMPLE.COM:
> > 
> > w00t!
> > 
> > 
> > Soon available in your Samba master tree! :)
> 
> Nice!  This will make the subdomain stuff much more practical, and the
> make test environment much less 'special'.
> 
> Now we just need to get rid of my horrid dns_hosts_file hack :-)

The samba4 target works just fine without the dns_hosts_file, but not the 
samba3 doesn't.

If I remove it, then 'net ads join' fails. We try to lookup 
'_ldap._tcp.dc._msdcs.SAMBA-TEST' it fails with dns_hosts_file and without. 
The difference is that if the dns_hosts_file lookup fails, it is not a hard 
failure and we fallback to a netbios lookup.

This isn't the case if I remove the dns_hosts_file and it tries a real dns 
lookup.


I don't know the codepath it takes yet and which error is the issue here that 
we don't fallback.


	-- andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list