From owner-freebsd-ports-bugs@freebsd.org Mon Jul 6 13:46:59 2020 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28BF53683E5 for ; Mon, 6 Jul 2020 13:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4B0n1H0KTVz44VV for ; Mon, 6 Jul 2020 13:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id 0A0A1368895; Mon, 6 Jul 2020 13:46:59 +0000 (UTC) Delivered-To: ports-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 09D3F36880E for ; Mon, 6 Jul 2020 13:46:59 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B0n1G6YYQz44VT for ; Mon, 6 Jul 2020 13:46:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C49E01F3DC for ; Mon, 6 Jul 2020 13:46:58 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 066Dkw6m066366 for ; Mon, 6 Jul 2020 13:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 066DkwBp066365 for ports-bugs@FreeBSD.org; Mon, 6 Jul 2020 13:46:58 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 247802] net/samba410 samba_dnsupdate fails running with -g Date: Mon, 06 Jul 2020 13:46:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: byrnejb@harte-lyne.ca X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: timur@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2020 13:46:59 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247802 Bug ID: 247802 Summary: net/samba410 samba_dnsupdate fails running with -g Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: timur@FreeBSD.org Reporter: byrnejb@harte-lyne.ca Assignee: timur@FreeBSD.org Flags: maintainer-feedback?(timur@FreeBSD.org) [root@smb4-1 ~ (master)]# freebsd-version 12.1-RELEASE-p6 [root@smb4-1 ~ (master)]# pkg info -x samba samba-nsupdate-9.14.2_1 samba410-4.10.15 [root@smb4-1 ~ (master)]# cat /usr/local/etc/smb4.conf [global] . . . # DNS=20=20 dns forwarder =3D 192.168.18.161 216.185.71.33 # Note diff: sbin vs. bin and _ vs. - and dns vs. ns dns update command =3D /usr/local/sbin/samba_dnsupdate nsupdate command =3D /usr/local/bin/samba-nsupdate -d -g #allow dns updates =3D secure only | nonsecure | disabled allow dns updates =3D nonsecure rndc command =3D /usr/bin/true . . . [root@smb4-1 ~ (master)]# samba_dnsupdate --verbose IPs: ['192.168.18.161'] . . . Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca SMB4-1.brockley.harte-lyne.ca 389 as _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca. Traceback (most recent call last): File "/usr/local/sbin/samba_dnsupdate", line 320, in check_dns_name ans =3D check_one_dns_name(normalised_name, d.type, d) File "/usr/local/sbin/samba_dnsupdate", line 296, in check_one_dns_name ans =3D resolver.query(name, name_type) File "/usr/local/lib/python3.7/site-packages/dns/resolver.py", line 992, = in query timeout =3D self._compute_timeout(start, lifetime) File "/usr/local/lib/python3.7/site-packages/dns/resolver.py", line 799, = in _compute_timeout raise Timeout(timeout=3Dduration) dns.exception.Timeout: The DNS operation timed out after 30.00392723083496 seconds During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/sbin/samba_dnsupdate", line 851, in elif not check_dns_name(d): File "/usr/local/sbin/samba_dnsupdate", line 322, in check_dns_name raise Exception("Timeout while waiting to contact a working DNS server while looking for %s as %s" % (d, normalised_name)) Exception: Timeout while waiting to contact a working DNS server while look= ing for SRV _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca SMB4-1.brockley.harte-lyne.ca 389 as _ldap._tcp.Default-First-Site-Name._sites.brockley.harte-lyne.ca. If the -g is removed from 'nsupdate command =3D /usr/local/bin/samba-nsupda= te' then the error disappears. If the -g is retained and smb4.conf contains: 'allow dns updates =3D secure= only' then the following error is encountered instead: [root@smb4-1 ~ (master)]# samba_dnsupdate --verbose -d8 --all-names . . . update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca SMB4-1.brockley.harte-lyne.ca 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca SMB4-1.brockley.harte-lyne.ca 389 (add) Starting GENSEC mechanism gssapi_krb5_sasl GSSAPI credentials for SMB4-1$@BROCKLEY.HARTE-LYNE.CA will expire in 35998 = secs Successfully obtained Kerberos ticket to DNS/SMB4-1.brockley.harte-lyne.ca = as SMB4-1$ Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.brockley.harte-lyn= e.ca. 900 IN SRV 0 100 389 SMB4-1.brockley.harte-lyne.ca. ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADSIG) Failed nsupdate: 2 Failed update of 29 entries Given the difficulties I experience when enabling secure updates as detailed here and elsewhere I need to ask: do secure dns updates actually work with = the internal DNS in samba410 on FreeBSD? Are they supposed to? In other words:= is this a feature that is not fully implemented? --=20 You are receiving this mail because: You are the assignee for the bug.=