Jelmer,
Have you seen the libpcap files which I have attached? In particular,
the first eight packets of the lo capture made while kinit was run,
which I attached to
https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/comments/4
comment #4?
1 0.000000 127.0.0.1 -> 127.0.0.1 DNS 109 Standard query SRV
_kerberos._udp.IRISHTOWN.LOCALONLY.RVCOMERFORD.IE
2 0.018521 127.0.0.1 -> 127.0.0.1 DNS 202 Standard query response SRV
0 100 88 blackbox.irishtown.localonly.rvcomerford.ie
3 0.018804 127.0.0.1 -> 127.0.0.1 DNS 109 Standard query SRV
_kerberos._tcp.IRISHTOWN.LOCALONLY.RVCOMERFORD.IE
4 0.026521 127.0.0.1 -> 127.0.0.1 DNS 202 Standard query response SRV
0 100 88 blackbox.irishtown.localonly.rvcomerford.ie
5 0.026815 127.0.0.1 -> 127.0.0.1 DNS 103 Standard query A
blackbox.irishtown.localonly.rvcomerford.ie
6 0.035305 127.0.0.1 -> 127.0.0.1 DNS 133 Standard query response A
10.37.55.20
7 0.035411 10.37.55.20 -> 10.37.55.20 KRB5 274 AS-REQ
8 0.035427 10.37.55.20 -> 10.37.55.20 ICMP 302 Destination unreachable
(Port unreachable)
As you would expect, packets 1-6 are all to and from port 53 UDP, while
7 and 8 are to and from port 88 UDP. I can promise you that no DNS
requests go out over eth0 or virbr0 as a result of
sudo kinit -V administra...@irishtown.localonly.rvcomerford.ie
being run locally on blackbox. Bearing that in mind, and looking at the
sequence of packets above, I have to admit that I can see only four
possible explanations:
0) kinit is privately cacheing some bad DNS information from the past
somewhere rather than making new DNS requests. This seems unlikely to me
for a number of reasons: just for one thing, purging and then
reinstalling the krb5-user package doesn't seem to change what DNS
requests kinit chooses to make at all.
1) kinit itself is misbehaving somehow. This also seems unlikely to me.
2) kinit is getting wrong information from the DNS server it is
querying, the one at 127.0.0.1 , port 53 UDP. As best I can tell, the
information above makes it clear that kinit is not trying to make DNS
requests to any other address or port, and that it is not having any
difficulty making DNS requests to and getting valid DNS responses from
127.0.0.1:53 UDP. So - to the best of my little understanding - the only
likely way in which my DNS setup could be causing kinit to go wrong here
is by causing the 127.0.0.1:53 UDP server to give incorrect information.
But this is an almost pristine install of 12.04b2 Server. The only
choices made during install which would be likely to affect DNS setup
were giving some static IP settings - address 10.37.55.20, netmask
255.255.255.0, gateway 10.37.55.1, nameserver 10.37.55.20 - and choosing
the package tasks "Virtual Machine host" and (of course) "DNS server"
(as well as "OpenSSH server"). After install, the only changes which I
made to BIND settings were to insert
include "/var/lib/samba/private/named.conf";
into /etc/bind/named.conf , and
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
inside the options { [...] } brackets in /etc/bind/named.conf.options,
more or less exactly as instructed by the Samba 4 HOWTO and the output
of the provision command. Nor, as far as I can see, has any other
program or package altered the BIND config files: you can see for
yourself by reading
https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/comments/2
comment #2. Nor have I installed anything which is likely to have messed
with the DNS setup, except for the bind4 package and its dependencies of
course. Long story short: if the DNS setup is hosed then in all
probability it's the fault of either the Samba4 HOWTO or the DLZ module
(or some other part of the Samba4 package).
There's also the fact that, of the two DNS requests sent by kinit, one
at least seems to get exactly the correct response, at least according
to the HOWTO
http://wiki.samba.org/index.php/Samba4/HOWTO#Step_8_Configure_DNS .
3) kinit is getting correct information from the DNS server, and the
fact that there is nobody listening at port 88 UDP (see
https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/comments/5
comment #5) is in fact a bug.
Leo.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/976138
Title:
kerberos setup fails, with broken krb5.conf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
