New tests for DNS behaviour for new DCs (was: Re: Aw: [PATCH] Improve krb5 KDC tests, kdc behaviour)

Andrew Bartlett abartlet at
Fri Jan 30 12:03:40 MST 2015

On Fri, 2015-01-30 at 11:18 +0100, support at wrote:
> Andrew,
> may you and garmin add KDC ldap forest srv dns checks , that
> explicitly run after an  join as an DC had been done please ?
> Sample from latest sernet 4.1.x samba :
> not registered with our KDC:  Miscellaneous failure (see text): Server
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> An join as DC shuold 
> - add dns A entrys
> - add dns srv forest entries
> - add ldap srv register itsself 
> - add IN NS entries , register itsself as NS 
> All this missing things affects VPN based AD stabilty. 

These all seem reasonable things, but I'm not sure how this connects to
the tests I'm writing here, except that you suggest extra tests should
be written.  

Our test suite is fully open source, and I would suggest that adding
such checks on the startup of the vampire_dc or promoted_dc environment,
or as part of a unit test that joins the domain, establishes DNS and
leaves again would be very worthwhile.   Patches are most welcome, do
let me know if you need some assistance in creating them.


Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list