Date: Mon, 06 Jul 2020 13:46:57 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 247802] net/samba410 samba_dnsupdate fails running with -g Message-ID: <bug-247802-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247802 Bug ID: 247802 Summary: net/samba410 samba_dnsupdate fails running with -g Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: byrnejb@harte-lyne.ca Assignee: timur@FreeBSD.org Flags: maintainer-feedback?(timur@FreeBSD.org) [root@smb4-1 ~ (master)]# freebsd-version 12.1-RELEASE-p6 [root@smb4-1 ~ (master)]# pkg info -x samba samba-nsupdate-9.14.2_1 samba410-4.10.15 [root@smb4-1 ~ (master)]# cat /usr/local/etc/smb4.conf [global] . . . # DNS=20=20 dns forwarder =3D 192.168.18.161 216.185.71.33 # Note diff: sbin vs. bin and _ vs. - and dns vs. ns dns update command =3D /usr/local/sbin/samba_dnsupdate nsupdate command =3D /usr/local/bin/samba-nsupdate -d -g #allow dns updates =3D secure only | nonsecure | disabled allow dns updates =3D nonsecure rndc command =3D /usr/bin/true . . . [root@smb4-1 ~ (master)]# samba_dnsupdate --verbose IPs: ['192.168.18.161'] . . . Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca SMB4-1.brockley.harte-lyne.ca 389 as _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca. Traceback (most recent call last): File "/usr/local/sbin/samba_dnsupdate", line 320, in check_dns_name ans =3D check_one_dns_name(normalised_name, d.type, d) File "/usr/local/sbin/samba_dnsupdate", line 296, in check_one_dns_name ans =3D resolver.query(name, name_type) File "/usr/local/lib/python3.7/site-packages/dns/resolver.py", line 992, = in query timeout =3D self._compute_timeout(start, lifetime) File "/usr/local/lib/python3.7/site-packages/dns/resolver.py", line 799, = in _compute_timeout raise Timeout(timeout=3Dduration) dns.exception.Timeout: The DNS operation timed out after 30.00392723083496 seconds During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/sbin/samba_dnsupdate", line 851, in <module> elif not check_dns_name(d): File "/usr/local/sbin/samba_dnsupdate", line 322, in check_dns_name raise Exception("Timeout while waiting to contact a working DNS server while looking for %s as %s" % (d, normalised_name)) Exception: Timeout while waiting to contact a working DNS server while look= ing for SRV _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca SMB4-1.brockley.harte-lyne.ca 389 as _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca. If the -g is removed from 'nsupdate command =3D /usr/local/bin/samba-nsupda= te' then the error disappears. If the -g is retained and smb4.conf contains: 'allow dns updates =3D secure= only' then the following error is encountered instead: [root@smb4-1 ~ (master)]# samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca SMB4-1.brockley.harte-lyne.ca 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca SMB4-1.brockley.harte-lyne.ca 389 (add) Starting GENSEC mechanism gssapi_krb5_sasl GSSAPI credentials for SMB4-1$@BROCKLEY.HARTE-LYNE.CA will expire in 35998 = secs Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca = as SMB4-1$ Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca. 900 IN SRV 0 100 389 SMB4-1.brockley.harte-lyne.ca. ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADSIG) Failed nsupdate: 2 Failed update of 29 entries Given the difficulties I experience when enabling secure updates as detailed here and elsewhere I need to ask: do secure dns updates actually work with = the internal DNS in samba410 on FreeBSD? Are they supposed to? In other words:= is this a feature that is not fully implemented? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-247802-7788>