Bug 7369 - Backends/DNS: dynamic dns updates generate several errors
Summary: Backends/DNS: dynamic dns updates generate several errors
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
Depends on:
Reported: 2010-04-16 15:34 UTC by Dirk Pauli
Modified: 2011-04-06 13:02 UTC (History)
2 users (show)

See Also:

0001-s4-dns-Use-SAMDB-Credentials-to-connect-to-LDAP-back.patch (2.77 KB, patch)
2010-04-22 11:48 UTC, Endi Sukma Dewata
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Pauli 2010-04-16 15:34:31 UTC
I installed a samba 4 (samba version 4.0.0alpha12-GIT-4567bf9) provisioned against openLdap 2.4.21 on Ubuntu 9.10.

When starting samba via
samba -i -M single
I always get those error messages:
samba -i -M single
samba version 4.0.0alpha12-GIT-4567bf9 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
samba: using 'single' process model
FIXME: Using new system session for hdb
/usr/local/samba/sbin/samba_dnsupdate: Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <SASL(-13): user not found: no secret in database> <>
/usr/local/samba/sbin/samba_dnsupdate: Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
/usr/local/samba/sbin/samba_dnsupdate: module partition initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module show_deleted initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module extended_dn_out_openldap initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module schema_load initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module kludge_acl initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module operational initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module acl initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module descriptor initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module objectclass initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module asq initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module server_sort initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module paged_results initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module lazy_commit initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module rootdse initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module samba_dsdb initialization failed
/usr/local/samba/sbin/samba_dnsupdate: Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 252, in <module>
/usr/local/samba/sbin/samba_dnsupdate:     sub_vars = get_subst_vars()
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 198, in get_subst_vars
/usr/local/samba/sbin/samba_dnsupdate:     lp=lp)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 47, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/__init__.py", line 111, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     self.connect(url, flags, options)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 54, in connect
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate: _ldb.LdbError: (80, None)
dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_ACCESS_DENIED
Testing kcctpl_create_intersite_connections
Comment 1 Matthias Dieter Wallnöfer 2010-04-17 07:45:30 UTC
Endi are you able to help us here?
Comment 2 Endi Sukma Dewata 2010-04-22 11:48:33 UTC
Created attachment 5649 [details]

The samba_dnsupdate has been modified to use the SAMDB credentials from the secrets database when LDAP backend is used. The patch has been tested with the default, OpenLDAP, and FDS backends; the error message no longer appear.
Comment 3 Matthias Dieter Wallnöfer 2010-04-22 12:15:20 UTC
abartlet, tridge, what do you say?
Comment 4 Andrew Bartlett 2010-04-22 16:19:11 UTC
While I agree the fix will work, I don't want a solution that works for this script only, but leaves any other script just as broken. 

I'm thinking along the lines of attaching to the LDB (not the credentials) a hook to describe the SASL mechanism that must be used for this connection. 

That way, we can force this to DIGEST-MD5 and avoid this pain for all sam.ldb connections (and remove another similar nasty hack in the KDC). 
Comment 5 Andrew Bartlett 2010-05-10 19:43:58 UTC
I'm happy for this script to be used until I find time to do something better. 
Comment 6 Matthias Dieter Wallnöfer 2010-09-11 12:43:04 UTC
Does the "samba_dnsupdate" problem still persist?
Comment 7 Dirk Pauli 2010-09-12 11:20:42 UTC
Don't know and don't care as with denying the fix for Bug 7042, Samba with OpenLDap backend renders unusable for me so I moved away from that.
Comment 8 Matthias Dieter Wallnöfer 2011-04-06 13:02:06 UTC
I close this since the s4 OpenLDAP/FedoraDS backends have been deprecated - and are unsupported from now on.

I'm sorry to say this but we really lack the resources to maintain them.