Bug 8241 - winbind cannot find domain controller when using ipv6
winbind cannot find domain controller when using ipv6
Status: NEW
Product: Samba 3.4
Classification: Unclassified
Component: Winbind
3.4.9
All FreeBSD
: P5 major
: ---
Assigned To: Michael Adam
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-06-17 04:18 UTC by drookie
Modified: 2011-06-17 04:18 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description drookie 2011-06-17 04:18:54 UTC
FreeBSD 8.2-RELEASE

security = ads

Samba as domain member. Controllers on Win2008 R2.
When using IPv4 all is fine.

Today I added IPv6 on controllers, winbind stopped working when using IPv6.
I.e. when

password server = <NAME>, which resolves to AAAA, winbind says

===Cut===
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret
===Cut===

when I set password server to IPv4 address, all is fine again.
Before you will start to blame me for lack of IPv6 connectivity, I want to say that IPv6 is working in this LAN for about half-a-year.
Samba server can ping6 domains controller.
Furthermore, when issuing kinit I see in tcpdump that it gets tickets by using ipv6. Samba is used by squid to authenticate users on this server. Users are succesfully connecting to squid via IPv6.
Disturbing strings in log:

===Cut===
[2011/06/09 22:13:58,  3] winbindd/winbindd_cm.c:1597(connection_ok)
  connection_ok: Connection to HQ-GC.norma.com for domain SOFTLAB is not connected
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
  .cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
  .cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58,  0] libads/kerberos.c:693(print_kdc_line)
  print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known
===Cut===
(lots of these)

fd00::32d  is the address of the domain controller. SOFTLAB is my Win2008 domain. HQ-GC.norma.com is the name of the domain controller.

krb5.conf looks like this (Kerberos seems to be working using IPv6, as I already said):

===Cut===
[libdefaults]
default_realm = NORMA.COM

default_keytab_name = /etc/krb5.keytab

[realms]
NORMA.COM = {
    kdc = tcp/hq-gc.norma.com
    admin_server = hq-gc.norma.com
}

[domain_realm]
.kerberos.server = NORMA.COM

[logging]
default = SYSLOG:INFO
===Cut===