[Samba] Ubuntu client ddns failure

Rowland Penny rowlandpenny at googlemail.com
Tue May 20 07:35:31 MDT 2014 

On 20/05/14 14:12, steve wrote:
> Hi
> I'm trying to get an Ubuntu 14.04 client to update its rr to a working 
> bind dns DC with Samba 4.1.7. The setup is the same as with our 
> openSUSE clients with sssd 1.11.15
> sssd.conf
> id_provider = ad
> auth_provider = ad
> access_provider = ad
> ldap_id_mapping = False
>
> /etc/hosts
> 127.0.0.1    lubuntu-laptop.hh3.site lubuntu-laptop
> 127.0.1.1 localhost
>
Don't know if this is your problem, but you have got /etc/hosts wrong, 
shouldn't it be:

127.0.0.1    localhost
127.0.1.1    lubuntu-laptop.hh3.site    lubuntu-laptop

Rowland

> But it is sending a request for the wrong zone:
>
> Kerberos: ENC-TS Pre-authentication succeeded -- 
> LUBUNTU-LAPTOP$@HH3.SITE using arcfour-hmac-md5
> Kerberos: AS-REQ authtime: 2014-05-20T14:01:35 starttime: unset 
> endtime: 2014-05-21T00:01:35 renew till: 2014-05-21T14:01:35
> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, 
> aes128-cts-hmac-sha1-96, arcfour-hmac-md5, des3-cbc-sha1, 25, 26, 
> using arcfour-hmac-md5/arcfour-hmac-md5
> Kerberos: Requested flags: renewable-ok
> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
> ipv4:192.168.1.22:40240 for ldap/hh16.hh3.site at HH3.SITE [canonicalize, 
> renewable]
> Kerberos: TGS-REQ authtime: 2014-05-20T14:01:35 starttime: 
> 2014-05-20T14:01:35 endtime: 2014-05-21T00:01:35 renew till: 
> 2014-05-21T14:01:35
> Terminating connection - 'kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
> ipv4:192.168.1.22:40241 for DNS/a.root-servers.net at HH3.SITE 
> [canonicalize, renewable]
> Kerberos: Searching referral for a.root-servers.net
> Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server 
> DNS/a.root-servers.net at HH3.SITE that was not found
> Failed find a single entry for 
> (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): 
> got 0
> Kerberos: samba_kdc_fetch: could not find principal in DB
> Kerberos: Server not found in database: 
> krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40241
> Terminating connection - 'kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
> ipv4:192.168.1.22:40242 for DNS/a.root-servers.net at HH3.SITE [renewable]
> Kerberos: Server not found in database: 
> DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40242
> Terminating connection - 'kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
> ipv4:192.168.1.22:40243 for DNS/a.root-servers.net at HH3.SITE 
> [canonicalize, renewable]
> Kerberos: Searching referral for a.root-servers.net
> Kerberos: Returning a referral to realm ROOT-SERVERS.NET for server 
> DNS/a.root-servers.net at HH3.SITE that was not found
> Failed find a single entry for 
> (&(objectClass=trustedDomain)(|(flatname=ROOT-SERVERS.NET)(trustPartner=ROOT-SERVERS.NET))): 
> got 0
> Kerberos: samba_kdc_fetch: could not find principal in DB
> Kerberos: Server not found in database: 
> krbtgt/ROOT-SERVERS.NET at HH3.SITE: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40243
> Terminating connection - 'kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: reason[kdc_tcp_call_loop: 
> tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
> Kerberos: TGS-REQ LUBUNTU-LAPTOP$@HH3.SITE from 
> ipv4:192.168.1.22:40244 for DNS/a.root-servers.net at HH3.SITE [renewable]
> Kerberos: Server not found in database: 
> DNS/a.root-servers.net at HH3.SITE: no such entry found in hdb
> Kerberos: Failed building TGS-REP to ipv4:192.168.1.22:40244
>
> The worrying thing is that we can still get tickets even though it has 
> the wrong A record in DNS.
> What is this, 'a.root-servers.net' business? Why not our domain?
> What have we overlooked?
> Thanks,
> Steve
>

More information about the samba mailing list