Bug 7369 - Backends/DNS: dynamic dns updates generate several errors
Summary: Backends/DNS: dynamic dns updates generate several errors
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P3 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-16 15:34 UTC by Dirk Pauli
Modified: 2011-04-06 13:02 UTC (History)
2 users (show)

See Also:

Attachments
0001-s4-dns-Use-SAMDB-Credentials-to-connect-to-LDAP-back.patch (2.77 KB, patch)
2010-04-22 11:48 UTC, Endi Sukma Dewata 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Pauli 2010-04-16 15:34:31 UTC 
Hi,
I installed a samba 4 (samba version 4.0.0alpha12-GIT-4567bf9) provisioned against openLdap 2.4.21 on Ubuntu 9.10.

When starting samba via
samba -i -M single
I always get those error messages:
samba -i -M single
samba version 4.0.0alpha12-GIT-4567bf9 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
samba: using 'single' process model
FIXME: Using new system session for hdb
/usr/local/samba/sbin/samba_dnsupdate: Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <SASL(-13): user not found: no secret in database> <>
/usr/local/samba/sbin/samba_dnsupdate: Failed to connect to 'ldapi://%2Fusr%2Flocal%2Fsamba%2Fprivate%2Fldap%2Fldapi'
/usr/local/samba/sbin/samba_dnsupdate: module partition initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module show_deleted initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module extended_dn_out_openldap initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module schema_load initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module kludge_acl initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module operational initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module acl initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module descriptor initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module objectclass initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module asq initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module server_sort initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module paged_results initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module lazy_commit initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module rootdse initialization failed
/usr/local/samba/sbin/samba_dnsupdate: module samba_dsdb initialization failed
/usr/local/samba/sbin/samba_dnsupdate: Unable to load modules for /usr/local/samba/private/sam.ldb: (null)
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 252, in <module>
/usr/local/samba/sbin/samba_dnsupdate:     sub_vars = get_subst_vars()
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/sbin/samba_dnsupdate", line 198, in get_subst_vars
/usr/local/samba/sbin/samba_dnsupdate:     lp=lp)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 47, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/__init__.py", line 111, in __init__
/usr/local/samba/sbin/samba_dnsupdate:     self.connect(url, flags, options)
/usr/local/samba/sbin/samba_dnsupdate:   File "/usr/local/samba/lib/python2.6/site-packages/samba/samdb.py", line 54, in connect
/usr/local/samba/sbin/samba_dnsupdate:     options=options)
/usr/local/samba/sbin/samba_dnsupdate: _ldb.LdbError: (80, None)
dsdb/dns/dns_update.c:234: Failed DNS update - NT_STATUS_ACCESS_DENIED
Testing kcctpl_create_intersite_connections
Comment 1 Matthias Dieter Wallnöfer 2010-04-17 07:45:30 UTC 
Endi are you able to help us here?
Comment 2 Endi Sukma Dewata 2010-04-22 11:48:33 UTC 
Created attachment 5649 [details]
0001-s4-dns-Use-SAMDB-Credentials-to-connect-to-LDAP-back.patch

The samba_dnsupdate has been modified to use the SAMDB credentials from the secrets database when LDAP backend is used. The patch has been tested with the default, OpenLDAP, and FDS backends; the error message no longer appear.
Comment 3 Matthias Dieter Wallnöfer 2010-04-22 12:15:20 UTC 
abartlet, tridge, what do you say?
Comment 4 Andrew Bartlett 2010-04-22 16:19:11 UTC 
While I agree the fix will work, I don't want a solution that works for this script only, but leaves any other script just as broken. 

I'm thinking along the lines of attaching to the LDB (not the credentials) a hook to describe the SASL mechanism that must be used for this connection. 

That way, we can force this to DIGEST-MD5 and avoid this pain for all sam.ldb connections (and remove another similar nasty hack in the KDC).
Comment 5 Andrew Bartlett 2010-05-10 19:43:58 UTC 
I'm happy for this script to be used until I find time to do something better.
Comment 6 Matthias Dieter Wallnöfer 2010-09-11 12:43:04 UTC 
Does the "samba_dnsupdate" problem still persist?
Comment 7 Dirk Pauli 2010-09-12 11:20:42 UTC 
Don't know and don't care as with denying the fix for Bug 7042, Samba with OpenLDap backend renders unusable for me so I moved away from that.
Comment 8 Matthias Dieter Wallnöfer 2011-04-06 13:02:06 UTC 
I close this since the s4 OpenLDAP/FedoraDS backends have been deprecated - and are unsupported from now on.

I'm sorry to say this but we really lack the resources to maintain them.