Dynamic DNS updates with the internal DNS are not working in master and 4.7. [2017/09/06 11:03:50.958794, 1, pid=17121, effective(0, 0), real(0, 0)] ../auth/kerberos/gssapi_helper.c:388(gssapi_check_packet) GSS VerifyMic failed: A token had an invalid Message Integrity Check (MIC): Success [2017/09/06 11:03:50.958805, 0, pid=17121, effective(0, 0), real(0, 0)] ../source4/auth/gensec/gensec_gssapi.c:1344(gensec_gssapi_check_packet) gssapi_check_packet(hdr_signing=0,sig_size=28,data=124,pdu=124) failed: NT_STATUS_ACCESS_DENIED Reproducer: Provision an AD DC with internal DNS samba_dnsupdate --verbose --all-names
How was this not picked up by the dns_tkey tests, or the samba_dnsupdate tests? What do we need to extend those tests to do?
Marking as blocking 4.7 until triaged.
I dunno. Do we run: samba_dnsupdate --verbose --all-names I don't think so because it looks for the current interfaces and ip addresses of it ...
I've just tried this on a Debian Stretch with a 4.7.0rc5 build, which uses Samba's Heimdal. All records were created successfully (besides the tsig verify failures).
I also get this with: HEAD is now at 07bb954d929... VERSION: Bump version up to 4.5.0pre1 Seems like the MIC verification is broken since quite some time or the issue is with nssupdate which we really should get rid of.
BTW, Bug 11520 tracks the previous failure up to 4.5.
I've tested the fixes from bug #11520. I guess it is a change in nsupdate or nsupdate is broken?
Removing the regression flag, as this clearly isn't a regression.
It's also not working in - 4.5.14-SerNet-Ubuntu-17.trusty - 4.6.9-SerNet-Ubuntu-12.trusty
This bug was referenced in samba master: ae23d512a724650ae2de1178ac43deff8266aa56 c594cbad4af97031bb7b5b0eb2fb228b00acf646 c741d0f3969abe821e8ee2a10f848159eb2749fe ce591464cb12ab00a5d5752a7cea5f909c3c3f1b 6e997f93d53ac45af79aec030bad73f51bdc5629 f8dfa9b33bdedffbe2e3b6e229ffae4beb3c712e cd747307d845f3cff723a7916aeeb31458f19202 27d92fa808c6617353c36fdb230504e880f4925b 1b1e7e06cf6ebd283de73c351267d53b42663d2f b0af60e7850e656ef98edeac657c66b853080dab 740bda87a80b97816d892e8f7aae28759f6916ec 3c7cb85eaf8371be55a371601cc354440dab7a94 b9b03ca503c43c7ee06df6c331839bd47f9eac8c de4ed363d378f2065a4634f94af80ea0e3965c96 8324d0739dfdd0a081c403e298a9038ee7df681f 848318338b2972f331e067bf1c8d6c7dac0748c8 88457da00d4110b419f7a7ccabcd542fa77e463f 753428a3b6c488c4aacea04d2ddb9ea73244695a 708a6fae6978e1462e1a53f4ee08f11b51a5637a a56627b0d125ef7b456bebe307087f324f1f0422 fa0f23e69eaf4f475bc9dc9aa0e23c7bd5208250 3467d1491490830d61d16cb6278051daf48466fc bd0235cd515d5602ed9501bfc810a2487364ea10 ae7538af04435658d2ba6dcab109beecb6c5f13e 5906ed94f2c5c68e83c63e7c201534eeb323cfe7 db350bc573b378fb0615bdd8592cc9c62f6db146 76fec2668e73b9d15447abee551d5c04148aaf27 ed61c57e02309b738e73fb12877a0a565b627724
Created attachment 18329 [details] Patches for v4-20-test
Created attachment 18330 [details] Patches for v4-19-test
Pushed to autobuild-v4-{20,19}-test.
This bug was referenced in samba v4-20-test: 19fc5bb6b9d75ddb1b031817c7ee7688d7ca587f 3bd80a2545a57b88e58cedf5f9d7281fef15b361 c00749edb35115e111739473d7db57f33bff55a3 f7f0518b46a9d5c26fc6a362105c463bc6865817 9cfc2e24331139dd4f8a4d2feb3bf335bd8cb049 12d4e452410f29cb23e130ddeaf44592ba98b7b2 e58fe908371c46b9e0e4518e7f9614ac796a584a 85784854629c406f23cc46f075012696b59b392c da7c313740d01f85c1c2f4e0c6bdecaa5bedbbfa c7a936ecd2723440f46eb1423135fcb391164943 501a25a1f07dc71699ae9610010b13d05d652573 6438249cf1e52375c343f61dce8100cba614997e 7dabac46b5ac13949c450424d54f8cf4b39733e0 fdfd4e8adcee923909a0dc64cce5c867fb6c2a23 bda80382eb5f501eda1764c57832c8a386490427 ff0afdd1b056d26af785fc34209eded06615c9a4 5a98bc50263c03a8302587f8f5e6baf62e1234b5 9137bb66ab48d1220d88537c9a403a376439da28 a7f3293ddf764aa370db0147e245d73b687f29e4 ed8ef00c297026350ea79e79248f2b9a0eaabe6b 6e395cabf38b6ad42fbdcb56e72f08940cb070f3 7ddd758da50cc04a527061209c2f809b66b56f1f 299818567ea8238a791942428bcf9887e9738ac8 3b36f447040d28bfc6494e84edbf98f947cba2a3 f663b386156afec4a8d8bd5f99b5ffe7f365f144 fdd61d60caa96ca585f94916873a3485de1acf5b 89817ed2165320185d7254872a5c875cb04f12d1 df54d3fdda9cf9ad526c25fa13bca2daf75df356
This bug was referenced in samba v4-20-stable (Release samba-4.20.2): 19fc5bb6b9d75ddb1b031817c7ee7688d7ca587f 3bd80a2545a57b88e58cedf5f9d7281fef15b361 c00749edb35115e111739473d7db57f33bff55a3 f7f0518b46a9d5c26fc6a362105c463bc6865817 9cfc2e24331139dd4f8a4d2feb3bf335bd8cb049 12d4e452410f29cb23e130ddeaf44592ba98b7b2 e58fe908371c46b9e0e4518e7f9614ac796a584a 85784854629c406f23cc46f075012696b59b392c da7c313740d01f85c1c2f4e0c6bdecaa5bedbbfa c7a936ecd2723440f46eb1423135fcb391164943 501a25a1f07dc71699ae9610010b13d05d652573 6438249cf1e52375c343f61dce8100cba614997e 7dabac46b5ac13949c450424d54f8cf4b39733e0 fdfd4e8adcee923909a0dc64cce5c867fb6c2a23 bda80382eb5f501eda1764c57832c8a386490427 ff0afdd1b056d26af785fc34209eded06615c9a4 5a98bc50263c03a8302587f8f5e6baf62e1234b5 9137bb66ab48d1220d88537c9a403a376439da28 a7f3293ddf764aa370db0147e245d73b687f29e4 ed8ef00c297026350ea79e79248f2b9a0eaabe6b 6e395cabf38b6ad42fbdcb56e72f08940cb070f3 7ddd758da50cc04a527061209c2f809b66b56f1f 299818567ea8238a791942428bcf9887e9738ac8 3b36f447040d28bfc6494e84edbf98f947cba2a3 f663b386156afec4a8d8bd5f99b5ffe7f365f144 fdd61d60caa96ca585f94916873a3485de1acf5b 89817ed2165320185d7254872a5c875cb04f12d1 df54d3fdda9cf9ad526c25fa13bca2daf75df356
This bug was referenced in samba v4-19-test: 1c807412b88e5c2a125f4860ece0488a3d9f7c1e 1800543b0adc9027c6d6420c08344334ad0fefa5 313ca15a84576f8b877d2673bba9560bb068a058 606b7034f5d5ee45285e50534184c654245c8ad0 fdac589752ef86cca11b6569ae5a30978d5fda7e b1222378a29974109c2b20623770b93a93a8e726 a086e96f2692a313b97ce37c781ea97ff5c15d84 48be174b0216adc1de4aaa1a29ed7210189c1223 2741574e32f839eec1f3fdb582817492050ae055 16c21888ea4c2d5d9d77374cb05efdad622a984f e120078e2c3bea0435f8435e7b00ec8e31a0fbb6 f984b281c5fbe06328cc758a870baed175b46796 eb18b228d1b2994c205592963b30c6a55ab6538c 4bc0619b1e2a529881691e28b8efabe0e56abd21 4d4b39c102d3f4114343559644d3fd589ce0c69e 0ee7660ffe56a6da590bf655b00948fb8bdc4db3 e50968ed096920a7794993db968ef9dfa7db11ae d5c6276f5342a1b4d7f004157b45f2f81335805f 4a7d14efe475459f7ff1b84d1bdaab2baff5e104 662c467566638ed6b4ac56beaa71bcd396c82501 234503e23759a8984bac63826e0104788473bbdb cbf10a68e1c1b67cab3d5862461075d28ae176bf 7a457c6813d35c6a5c21df474b32bd9b24bb94d4 288744a74b5bbc99c40c6a66eda58efde6545d7d c7188e1746422ea97c316a130c61962e9b187e7b 6d3d87babdc8bfa72ee30f7b102155b49ba24748 c29dc6e79b031c6e807d64b04f2061a558b80ef1 fd58608723f9f76dc3d80d16d88d865aba916e59
Closing out bug report. Thanks!
This bug was referenced in samba v4-19-stable (Release samba-4.19.8): 1c807412b88e5c2a125f4860ece0488a3d9f7c1e 1800543b0adc9027c6d6420c08344334ad0fefa5 313ca15a84576f8b877d2673bba9560bb068a058 606b7034f5d5ee45285e50534184c654245c8ad0 fdac589752ef86cca11b6569ae5a30978d5fda7e b1222378a29974109c2b20623770b93a93a8e726 a086e96f2692a313b97ce37c781ea97ff5c15d84 48be174b0216adc1de4aaa1a29ed7210189c1223 2741574e32f839eec1f3fdb582817492050ae055 16c21888ea4c2d5d9d77374cb05efdad622a984f e120078e2c3bea0435f8435e7b00ec8e31a0fbb6 f984b281c5fbe06328cc758a870baed175b46796 eb18b228d1b2994c205592963b30c6a55ab6538c 4bc0619b1e2a529881691e28b8efabe0e56abd21 4d4b39c102d3f4114343559644d3fd589ce0c69e 0ee7660ffe56a6da590bf655b00948fb8bdc4db3 e50968ed096920a7794993db968ef9dfa7db11ae d5c6276f5342a1b4d7f004157b45f2f81335805f 4a7d14efe475459f7ff1b84d1bdaab2baff5e104 662c467566638ed6b4ac56beaa71bcd396c82501 234503e23759a8984bac63826e0104788473bbdb cbf10a68e1c1b67cab3d5862461075d28ae176bf 7a457c6813d35c6a5c21df474b32bd9b24bb94d4 288744a74b5bbc99c40c6a66eda58efde6545d7d c7188e1746422ea97c316a130c61962e9b187e7b 6d3d87babdc8bfa72ee30f7b102155b49ba24748 c29dc6e79b031c6e807d64b04f2061a558b80ef1 fd58608723f9f76dc3d80d16d88d865aba916e59