Bug 8241 - winbind cannot find domain controller when using ipv6
Summary: winbind cannot find domain controller when using ipv6
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.4.9
Hardware: All FreeBSD
: P5 major
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-17 04:18 UTC by drookie
Modified: 2019-07-31 13:55 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description drookie 2011-06-17 04:18:54 UTC 
FreeBSD 8.2-RELEASE

security = ads

Samba as domain member. Controllers on Win2008 R2.
When using IPv4 all is fine.

Today I added IPv6 on controllers, winbind stopped working when using IPv6.
I.e. when

password server = <NAME>, which resolves to AAAA, winbind says

===Cut===
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret
===Cut===

when I set password server to IPv4 address, all is fine again.
Before you will start to blame me for lack of IPv6 connectivity, I want to say that IPv6 is working in this LAN for about half-a-year.
Samba server can ping6 domains controller.
Furthermore, when issuing kinit I see in tcpdump that it gets tickets by using ipv6. Samba is used by squid to authenticate users on this server. Users are succesfully connecting to squid via IPv6.
Disturbing strings in log:

===Cut===
[2011/06/09 22:13:58,  3] winbindd/winbindd_cm.c:1597(connection_ok)
  connection_ok: Connection to HQ-GC.norma.com for domain SOFTLAB is not connected
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
  .cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
  .cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
===Cut===
(lots of these)

fd00::32d  is the address of the domain controller. SOFTLAB is my Win2008 domain. HQ-GC.norma.com is the name of the domain controller.

krb5.conf looks like this (Kerberos seems to be working using IPv6, as I already said):

===Cut===
[libdefaults]
default_realm = NORMA.COM

default_keytab_name = /etc/krb5.keytab

[realms]
NORMA.COM = {
    kdc = tcp/hq-gc.norma.com
    admin_server = hq-gc.norma.com
}

[domain_realm]
.kerberos.server = NORMA.COM

[logging]
default = SYSLOG:INFO
===Cut===
Comment 1 Björn Jacke 2018-03-27 22:05:07 UTC 
sorry for the late reply. IPv6 support was improved some in the meantime, can you say how this works with recent samba versions for you now?
Comment 2 Stefan Metzmacher 2019-07-31 13:55:58 UTC 
This works fine for me in recent releases on a ipv6 only linux member running winbindd.

Please reopen if recent FreeBSD and winbindd don't work.