[Samba] howto test ddns

Rowland Penny rowlandpenny at googlemail.com
Sat Aug 2 15:26:52 MDT 2014 

On 02/08/14 22:12, shadrock uhuru wrote:
> hi
> using the instructions from this page
> http://linuxcostablanca.blogspot.co.uk/2013/04/sssd-in-samba-40.html i
> added sssd,
> it was the sssd log that indicated that something was wrong with ddns
> upate so i needed to establish whether the problem was on samba side or
> sssd side
> this is why i was testing it on ashanti,
> after reading your advice i changed the test on the DC
> i changed the nsupdate command to update the dns record for a server
> called testserver with ip address 10.2.1.50 instead of ashanti,
> this worked and updated without error,

This proves that nsupdate is working.

> which brings me back to the sssd startup output,
> i have added the upper case server name to the keytab to see if it made
> a difference.
> the startup runs without error until it get to the dns update section,
>
> this is the first error -
>      tkey query failed: GSSAPI error: Major = Unspecified GSS failure.
> Minor code may provide more information, Minor = Server not found in
> Kerberos database.
> and this is the second -
>      could not find enclosing zone
>
> have you any idea why sssd is trying to nsupdate ashanti on startup ?
>
> sudo klist -k -K /etc/krb5.keytab
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>     1 ashanti$@TISSISAT.CO.UK (0x3d193b5de35b7010)
>     1 ashanti$@TISSISAT.CO.UK (0x3d193b5de35b7010)
>     1 ashanti$@TISSISAT.CO.UK (0xe15ce7729bc37077442e0771c0faaf48)
>     1 ASHANTI$@TISSISAT.CO.UK (0x3d193b5de35b7010)
>     1 ASHANTI$@TISSISAT.CO.UK (0x3d193b5de35b7010)
>     1 ASHANTI$@TISSISAT.CO.UK (0xe15ce7729bc37077442e0771c0faaf48)
>
> sssd -i -d7
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [set_tgt_child_timeout] (0x0400): Setting 6 seconds timeout for tgt child
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [main] (0x0400):
> ldap_child started.
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): total buffer size: 38
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): realm_str size: 14
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): got realm_str: TISSISAT.CO.UK
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): princ_str size: 8
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): got princ_str: ASHANTI$
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): keytab_name size: 0
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [unpack_buffer]
> (0x1000): lifetime: 86400
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]]
> [ldap_child_get_tgt_sync] (0x0100): Principal name is:
> [ASHANTI$@TISSISAT.CO.UK]
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]]
> [ldap_child_get_tgt_sync] (0x0100): Using keytab [default]
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [prepare_response]
> (0x0400): Building response for result [0]
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [pack_buffer]
> (0x1000): result [0] krberr [0] msgsize [42] msg
> [FILE:/var/lib/sss/db/ccache_TISSISAT.CO.UK]
> (Sat Aug  2 21:18:14 2014) [[sssd[ldap_child[2199]]]] [main] (0x0400):
> ldap_child completed successfully
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [read_pipe_handler] (0x0400): EOF received, client finished
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [sdap_get_tgt_recv] (0x0400): Child responded: 0
> [FILE:/var/lib/sss/db/ccache_TISSISAT.CO.UK], expired on [1407046694]
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [sdap_cli_auth_step] (0x0100): expire timeout is 900
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [sdap_cli_auth_step] (0x1000): the connection will expire at 1407011594
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]] [sasl_bind_send]
> (0x0100): Executing sasl bind mech: gssapi, user: ASHANTI$
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x1000): Waiting for child [2199].
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x0100): child [2199] finished successfully.
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [fo_set_port_status] (0x0100): Marking port 0 of server
> 'ashanti.tissisat.co.uk' as 'working'
> (Sat Aug  2 21:18:14 2014) [sssd[be[tissisat.co.uk]]]
> [set_server_common_status] (0x0100): Marking server
> 'ashanti.tissisat.co.uk' as 'working'
> [snip]
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [ad_dyndns_update_send] (0x0400): Performing update
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of
> 'ashanti' in DNS
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [resolv_gethostbyname_dns_parse] (0x1000): Parsing an A reply
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [request_watch_destructor] (0x0400): Deleting request watch
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record
> of 'ashanti' in DNS
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [request_watch_destructor] (0x0400): Deleting request watch
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [resolv_gethostbyname_next] (0x0200): No more address families to retry
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_msg_create_common] (0x0200): Creating update message for realm
> [TISSISAT.CO.UK].
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [be_nsupdate_create_fwd_msg] (0x0400):  -- Begin nsupdate message --
> realm TISSISAT.CO.UK
> update delete ashanti. in A
> send
> update delete ashanti. in AAAA
> send
> update add ashanti. 3600 in A 10.2.1.6
> send
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [be_nsupdate_create_fwd_msg] (0x0400):  -- End nsupdate message --
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_args]
> (0x0200): nsupdate auth type: GSS-TSIG
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [ad_online_cb]
> (0x0400): The AD provider is online
> tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor
> code may provide more information, Minor = Server not found in Kerberos
> database.
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x1000): Waiting for child [1990].
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x0020): child [1990] failed with status [1].
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status
> [256]
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_done]
> (0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS
> update failed
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [sdap_dyndns_update_done] (0x0080): nsupdate failed, retrying with
> server name
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_msg_create_common] (0x0200): Creating update message for
> server [ashanti.tissisat.co.uk] and realm [TISSISAT.CO.UK]
> .(Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [be_nsupdate_create_fwd_msg] (0x0400):  -- Begin nsupdate message --
> server ashanti.tissisat.co.uk
> realm TISSISAT.CO.UK
> update delete ashanti. in A
> send
> update delete ashanti. in AAAA
> send
> update add ashanti. 3600 in A 10.2.1.6
> send
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [be_nsupdate_create_fwd_msg] (0x0400):  -- End nsupdate message --
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [write_pipe_handler] (0x0400): All data has been sent!
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_child_stdin_done] (0x1000): Sending nsupdate data complete
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_args]
> (0x0200): nsupdate auth type: GSS-TSIG
> could not find enclosing zone
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x1000): Waiting for child [1994].
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [child_sig_handler] (0x0020): child [1994] failed with status [1].
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [nsupdate_child_handler] (0x0040): Dynamic DNS child failed with status
> [256]
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]] [be_nsupdate_done]
> (0x0040): nsupdate child execution failed [1432158228]: Dynamic DNS
> update failed
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [ad_dyndns_sdap_update_done] (0x0040): Dynamic DNS update failed
> [1432158228]: Dynamic DNS update failed
> (Sat Aug  2 19:18:05 2014) [sssd[be[tissisat.co.uk]]]
> [ad_dyndns_nsupdate_done] (0x0040): Updating DNS entry failed
> [1432158228]: Dynamic DNS update failed
> (Sat Aug  2 19:18:09 2014) [sssd] [services_startup_timeout] (0x0400):
> Handling timeout
>
> Shadrock
I feel that dns on your server is not set up correctly, it seems that 
even though you now have /etc/hosts set up, something else is wrong. 
What have you got in your networking file (on debian this is 
/etc/network/interfaces, don't know what it is on archlinux) ?

Rowland

More information about the samba mailing list