DNS resolution in 'make test'
asn at samba.org
Thu Sep 4 07:38:36 MDT 2014
On Thursday 04 September 2014 14:36:50 Andrew Bartlett wrote:
> On Wed, 2014-09-03 at 12:08 +0200, Andreas Schneider wrote:
> > Hi,
> > while working on MIT Kerberos stuff it became clear that we need to talk
> > to
> > DNS server to ask it about SRV records for the KDC.
> > I've did some investigation and wrote a resolv_wrapper library to wrap
> > res_init(), res_query() and res_search(). It is a really simple wrapper
> > and
> > I'm able to talk to the Samba DNS server in 'make test' now!
> > asn at magrathea:~/workspace/projects/samba/git>
> > LD_PRELOAD=$LD_PRELOAD:libresolv_wrapper.so
> > SOCKET_WRAPPER_PCAP_FILE=kinit.pcap RESOLV_WRAPPER_DEBUGLEVEL=5
> > RESOLV_WRAPPER_NAMESERVER="127.0.0.21"
> > KRB5_CONFIG=/home/asn/workspace/projects/samba/git/krb5_kinit.conf
> > KRB5_TRACE=/dev/stdout kinit Administrator at SAMBA.EXAMPLE.COM
> >  1409738193.686386: Getting initial credentials for
> > Administrator at SAMBA.EXAMPLE.COM
> >  1409738193.686668: Sending request (194 bytes) to
> > SAMBA.EXAMPLE.COM
> >  1409738193.688507: Resolving hostname localdc.samba.example.com.
> >  1409738193.689448: Sending initial UDP request to dgram
> > 127.0.0.21:88  1409738193.695803: Received answer (510 bytes) from
> > dgram
> > 127.0.0.21:88
> >  1409738193.696451: Response was not from master KDC
> >  1409738193.696499: Received error from KDC: -1765328359/Additional
> > pre-authentication required
> >  1409738193.696560: Processing preauth types: 136, 19, 2, 133
> >  1409738193.696594: Selected etype info: etype aes256-cts, salt
> > "SAMBA.EXAMPLE.COMAdministrator", params ""
> >  1409738193.696612: Received cookie: MIT
> > Password for Administrator at SAMBA.EXAMPLE.COM:
> > w00t!
> > Soon available in your Samba master tree! :)
> Nice! This will make the subdomain stuff much more practical, and the
> make test environment much less 'special'.
> Now we just need to get rid of my horrid dns_hosts_file hack :-)
The samba4 target works just fine without the dns_hosts_file, but not the
If I remove it, then 'net ads join' fails. We try to lookup
'_ldap._tcp.dc._msdcs.SAMBA-TEST' it fails with dns_hosts_file and without.
The difference is that if the dns_hosts_file lookup fails, it is not a hard
failure and we fallback to a netbios lookup.
This isn't the case if I remove the dns_hosts_file and it tries a real dns
I don't know the codepath it takes yet and which error is the issue here that
we don't fallback.
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
More information about the samba-technical