[Samba] ddns failure on Ubuntu client

L.P.H. van Belle belle at bazuin.nl
Tue Jun 3 06:04:22 MDT 2014


Steve.. 

whats in your krb5.conf ? 

Greetz, 

Louis

 

>-----Oorspronkelijk bericht-----
>Van: steve.lcb at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens steve
>Verzonden: dinsdag 20 mei 2014 14:08
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] ddns failure on Ubuntu client
>
>Hi
>I'm trying to get an Ubuntu 14.04 client to update its rr to a working 
>bind dns DC with Samba 4.1.7. The setup is the same as with 
>our openSUSE 
>clients with sssd 1.11.15
>sssd.conf
>id_provider = ad
>auth_provider = ad
>access_provider = ad
>ldap_id_mapping = False
>
>/etc/hosts
>127.0.0.1    lubuntu-laptop.hh3.site lubuntu-laptop
>127.0.1.1 localhost
>
>But it is sending a request for the wrong zone:
>
>Kerberos: ENC-TS Pre-authentication succeeded -- 
>LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
>Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: 
>unset endtime: 
>2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35
>Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, 
>aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 
>26, using 
>arcfour-hmac-md5/arcfour-hmac-md5
>Kerberos: Requested flags: renewable-ok
>Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
>ipv4:192.168.1.22:40240 
>for ldap/hh16.hh3.site at HH3.SITE [canonicalize, renewable]
>Kerberos: TGS-REQ authtime: 2014-05-20T14:01:35 starttime: 
>2014-05-20T14:01:35 endtime: 2014-05-21T00:01:35 renew till: 
>2014-05-21T14:01:35
>Terminating connection - 'kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
>single_terminate: reason[kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() 
>- NT_STATUS_CONNECTION_DISCONNECTED]
>Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
>ipv4:192.168.1.22:40241 
>for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable]
>Kerberos: Searching referral for a.root-servers.net
>Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server 
>DNS/a.root-servers.net at HH3.SITE that was not found
>Failed find a single entry for 
>(&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trus
>tPartner=ROOT-SERVERS.NET))): 
>got 0
>Kerberos: samba_kdc_fetch: could not find principal in DB
>Kerberos: Server not found in database: 
>krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb
>Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241
>Terminating connection - 'kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
>single_terminate: reason[kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() 
>- NT_STATUS_CONNECTION_DISCONNECTED]
>Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
>ipv4:192.168.1.22:40242 
>for DNS/a.root-servers.net at HH3.SITE [renewable]
>Kerberos: Server not found in database: 
>DNS/a.root-servers.net at HH3.SITE: 
>no such entry found in hdb
>Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40242
>Terminating connection - 'kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
>single_terminate: reason[kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() 
>- NT_STATUS_CONNECTION_DISCONNECTED]
>Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
>ipv4:192.168.1.22:40243 
>for DNS/a.root-servers.net at HH3.SITE [canonicalize, renewable]
>Kerberos: Searching referral for a.root-servers.net
>Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server 
>DNS/a.root-servers.net at HH3.SITE that was not found
>Failed find a single entry for 
>(&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trus
>tPartner=ROOT-SERVERS.NET))): 
>got 0
>Kerberos: samba_kdc_fetch: could not find principal in DB
>Kerberos: Server not found in database: 
>krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb
>Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40243
>Terminating connection - 'kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
>single_terminate: reason[kdc_tcp_call_loop: 
>tstream_read_pdu_blob_recv() 
>- NT_STATUS_CONNECTION_DISCONNECTED]
>Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
>ipv4:192.168.1.22:40244 
>for DNS/a.root-servers.net at HH3.SITE [renewable]
>Kerberos: Server not found in database: 
>DNS/a.root-servers.net at HH3.SITE: 
>no such entry found in hdb
>Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40244
>
>The worrying thing is that we can still get tickets even though it has 
>the wrong A record in DNS.
>What is this, 'a.root-servers.net' business? Why not our domain?
>What have we overlooked?
>Thanks,
>Steve
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list