samba-tool gpo listall failing - what's going on please

Matt Grant matt at mattgrant.net.nz
Mon Nov 7 05:01:12 UTC 2022 

Hi!

Please find a patch for this problem attached.  Found that only AAAA reply
was being ignored, and an A requested, which of course gave no reply as not
in DNS!!!

Will get this attached to a bug report.

Cheers,

Matt

--
diff --git a/source4/libcli/resolve/dns_ex.c
b/source4/libcli/resolve/dns_ex.c
index 0bb3ba02287..0525d0d019a 100644
--- a/source4/libcli/resolve/dns_ex.c
+++ b/source4/libcli/resolve/dns_ex.c
@@ -81,7 +81,7 @@ struct dns_records_container {
  uint32_t count;
 };

-static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *a_num,
+static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t *addr_num,
   char ***cur_addrs, uint32_t total,
   struct dns_request *reply, int port)
 {
@@ -151,8 +151,8 @@ static int reply_to_addrs(TALLOC_CTX *mem_ctx, uint32_t
*a_num,
  rr->name->pLabelList->label);
  if (addrs[total]) {
  total++;
- if (rr->type == QTYPE_A) {
- (*a_num)++;
+ if (rr->type == QTYPE_A || rr->type == QTYPE_AAAA) {
+ (*addr_num)++;
  }
  }
  }
@@ -211,7 +211,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
  struct dns_request *reply;
  struct dns_records_container ret;
  char **addrs = NULL;
- uint32_t a_num, total;
+ uint32_t addr_num, total;
  uint16_t qtype;
  TALLOC_CTX *tmp_ctx;
  DNS_ERROR err;
@@ -236,12 +236,13 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
  }
  }

- a_num = total = 0;
- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total, reply, port);
+ addr_num = total = 0;
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total, reply, port);

- if (qtype == QTYPE_AAAA && a_num == 0) {
+ if (qtype == QTYPE_AAAA && addr_num == 0) {
  /*
- * DNS server didn't returned A when asked for AAAA records.
+ * DNS server didn't returned A when asked for AAAA records,
+ * and no AAAA record returned either
  * Most of the server do it, let's ask for A specificaly.
  */
  err = dns_lookup(tmp_ctx, name, QTYPE_A, &reply);
@@ -249,7 +250,7 @@ static struct dns_records_container
get_a_aaaa_records(TALLOC_CTX *mem_ctx,
  goto done;
  }

- total = reply_to_addrs(tmp_ctx, &a_num, &addrs, total,
+ total = reply_to_addrs(tmp_ctx, &addr_num, &addrs, total,
  reply, port);

  }


On Mon, 7 Nov 2022 at 15:04, Matt Grant <matt at mattgrant.net.nz> wrote:

> Hi!
>
> More information.  finddcs() fails if there is only an AAAA for the DC,
> and no A record!
>
> Pretty messy in there.  Should I be looking
> in source4/libcli/resolve/dns_ex.c, get_a_aaaa_records()?  That multi
> threaded stuff does not look very readable or debuggable...
>
> Debug level 12 is not giving me any useful traces.
>
> Cheers,
>
> Matt Grant
>
> On Mon, 7 Nov 2022 at 13:48, Matt Grant <matt at mattgrant.net.nz> wrote:
>
>> Hi!
>>
>> Got samba-tool gpo listall failing as well as the other samba-tool gpo
>> commands with the same error.  Command output follows.  This is on Samba
>> 4.16.5.
>>
>> Need to get it going to initialise and administer GPOs properly.
>>
>> Thank you!
>>
>> Matt Grant
>> --
>> smb-ad1: -admin- [~]
>> $ sudo samba-tool gpo listall -d3
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> ldb_wrap open of secrets.ldb
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'ncalrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'http_negotiate' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> interpret_interface: Adding interface fd14:828:ba69:12::2/64
>> interpret_interface: Adding interface fd14:828:ba69:12::2/64
>> interpret_interface: Adding interface fd14:828:ba69:12::2/64
>> interpret_interface: Adding interface fd14:828:ba69:12::2/64
>> resolve_lmhosts: Attempting lmhosts lookup for name _ldap._
>> tcp.SMB.ANATHOTH.NET<0x0>
>> dns child failed to find name '_ldap._tcp.SMB.ANATHOTH.NET' of type SRV
>> finddcs: Failed to find SRV record for _ldap._tcp.SMB.ANATHOTH.NET
>> ERROR(runtime): uncaught exception - ('Could not find a DC for domain',
>> NTSTATUSError(3221225524, 'The object name is not found.'))
>>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
>> 186, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 469, in
>> run
>>     self.url = dc_url(self.lp, self.creds, H)
>>   File "/usr/lib/python3/dist-packages/samba/netcmd/gpo.py", line 127, in
>> dc_url
>>     raise RuntimeError("Could not find a DC for domain", e)
>>
>> smb-ad1: -admin- [~]
>> $ view +127 /usr/lib/python3/dist-packages/samba/netcmd/gpo.py
>>
>> smb-ad1: -admin- [~]
>> $ host -t SRV _ldap._tcp.SMB.ANATHOTH.NET
>> _ldap._tcp.SMB.ANATHOTH.NET has SRV record 0 100 389
>> smb-ad1.smb.anathoth.net.
>>
>> smb-ad1: -admin- [~]
>> $ host smb-ad1.smb.anathoth.net.
>> smb-ad1.smb.anathoth.net has IPv6 address fd14:828:ba69:12::2
>>
>> smb-ad1: -admin- [~]
>> $
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-finddcs-only-aaaa-in-dns-fix.patch
Type: text/x-patch
Size: 2022 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20221107/857429db/samba-finddcs-only-aaaa-in-dns-fix.bin>

More information about the samba-technical mailing list