[Samba] howto test ddns

shadrock uhuru niyalevi at gmail.com
Sat Aug 2 15:12:10 MDT 2014 

hi
using the instructions from this page
http://linuxcostablanca.blogspot.co.uk/2013/04/sssd-in-samba-40.html i
added sssd,
it was the sssd log that indicated that something was wrong with ddns
upate so i needed to establish whether the problem was on samba side or
sssd side
this is why i was testing it on ashanti,
after reading your advice i changed the test on the DC
i changed the nsupdate command to update the dns record for a server
called testserver with ip address 10.2.1.50 instead of ashanti,
this worked and updated without error,

which brings me back to the sssd startup output,
i have added the upper case server name to the keytab to see if it made
a difference.
the startup runs without error until it get to the dns update section,

this is the first error -
    tkey query failed: GSSAPI error: Major = Unspecified GSS failure. 
Minor code may provide more information, Minor = Server not found in
Kerberos database.
and this is the second -
    could not find enclosing zone

have you any idea why sssd is trying to nsupdate ashanti on startup ?

sudo klist -k -K /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 ashanti$@TISSISAT.CO.UK (0x3d193b5de35b7010)
   1 ashanti$@TISSISAT.CO.UK (0x3d193b5de35b7010)
   1 ashanti$@TISSISAT.CO.UK (0xe15ce7729bc37077442e0771c0faaf48)
   1 ASHANTI$@TISSISAT.CO.UK (0x3d193b5de35b7010)
   1 ASHANTI$@TISSISAT.CO.UK (0x3d193b5de35b7010)
   1 ASHANTI$@TISSISAT.CO.UK (0xe15ce7729bc37077442e0771c0faaf48)

sssd -i -d7
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [main] (0x0400):
ldap_child started.
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): total buffer size: 38
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): realm_str size: 14
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): got realm_str: TISSISAT.CO.UK
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): princ_str size: 8
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): got princ_str: ASHANTI$
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): keytab_name size: 0
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
(0x1000): lifetime: 86400
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]]
[ldap_child_get_tgt_sync] (0x0100): Principal name is:
[ASHANTI$@TISSISAT.CO.UK]
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]]
[ldap_child_get_tgt_sync] (0x0100): Using keytab [default]
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [prepare_response]
(0x0400): Building response for result [0]
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [pack_buffer]
(0x1000): result [0] krberr [0] msgsize [42] msg
[FILE:/var/lib/sss/db/ccache_TISSISAT.CO.UK]
(Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [main] (0x0400):
ldap_child completed successfully
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[read_pipe_handler] (0x0400): EOF received, client finished
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[sdap_get_tgt_recv] (0x0400): Child responded: 0
[FILE:/var/lib/sss/db/ccache_TISSISAT.CO.UK], expired on [1407046694]
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[sdap_cli_auth_step] (0x0100): expire timeout is 900
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[sdap_cli_auth_step] (0x1000): the connection will expire at 1407011594
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]] [sasl_bind_send]
(0x0100): Executing sasl bind mech: gssapi, user: ASHANTI$
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x1000): Waiting for child [2199].
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x0100): child [2199] finished successfully.
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[fo_set_port_status] (0x0100): Marking port 0 of server
'ashanti.tissisat.co.uk' as 'working'
(Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
[set_server_common_status] (0x0100): Marking server
'ashanti.tissisat.co.uk' as 'working'
[snip]
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[ad_dyndns_update_send] (0x0400): Performing update
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
'ashanti' in DNS
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record
of 'ashanti' in DNS
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[request_watch_destructor] (0x0400): Deleting request watch
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[resolv_gethostbyname_next] (0x0200): No more address families to retry
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[resolv_gethostbyname_next] (0x0100): No more hosts databases to retry
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_msg_create_common] (0x0200): Creating update message for realm
[TISSISAT.CO.UK].
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[be_nsupdate_create_fwd_msg] (0x0400):  -- Begin nsupdate message --
realm TISSISAT.CO.UK
update delete ashanti. in A
send
update delete ashanti. in AAAA
send
update add ashanti. 3600 in A 10.2.1.6
send
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[be_nsupdate_create_fwd_msg] (0x0400):  -- End nsupdate message --
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_args]
(0x0200): nsupdate auth type: GSS-TSIG
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [ad_online_cb]
(0x0400): The AD provider is online
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
code may provide more information, Minor = Server not found in Kerberos
database.
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x1000): Waiting for child [1990].
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x0020): child [1990] failed with status [1].
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status
[256]
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_done]
(0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS
update failed
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with
server name
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_msg_create_common] (0x0200): Creating update message for
server [ashanti.tissisat.co.uk] and realm [TISSISAT.CO.UK]
.(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[be_nsupdate_create_fwd_msg] (0x0400):  -- Begin nsupdate message --
server ashanti.tissisat.co.uk
realm TISSISAT.CO.UK
update delete ashanti. in A
send
update delete ashanti. in AAAA
send
update add ashanti. 3600 in A 10.2.1.6
send
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[be_nsupdate_create_fwd_msg] (0x0400):  -- End nsupdate message --
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[write_pipe_handler] (0x0400): All data has been sent!
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_args]
(0x0200): nsupdate auth type: GSS-TSIG
could not find enclosing zone
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x1000): Waiting for child [1994].
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[child_sig_handler] (0x0020): child [1994] failed with status [1].
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status
[256]
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_done]
(0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS
update failed
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed
[1432158228]: Dynamic DNS update failed
(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
[ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed
[1432158228]: Dynamic DNS update failed
(Sat Aug  2 19:18:09 2014) [sssd] [services_startup_timeout] (0x0400):
Handling timeout

Shadrock

More information about the samba mailing list