Bug 27212 – samba_dnsupdate funktioniert auf UCS@school 3.1 Samba 4 DC Slaves nicht zuverlässig

Bug 27212 - samba_dnsupdate funktioniert auf UCS@school 3.1 Samba 4 DC Slaves nicht zuverlässig


Summary:	samba_dnsupdate funktioniert auf UCS@school 3.1 Samba 4 DC Slaves nicht zuver...

Status:	RESOLVED DUPLICATE of bug 31651

Product:	UCS@school
Classification:	Unclassified
Component:	Samba 4 - Slave PDC
Version:	UCS@school 3.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 3.x
Assigned To:	Arvid Requate
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2012-05-21 19:22 CEST by Arvid Requate
Modified:	2013-09-05 10:19 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2012-05-21 19:22:30 CEST

Auf UCS@school 3.0 Samba 4 DC Slaves funktioniert samba_dnsupdate derzeit nicht:

root@slave:~# samba_dnsupdate 
Traceback (most recent call last):
  File "/usr/sbin/samba_dnsupdate", line 474, in <module>
    get_credentials(lp)
  File "/usr/sbin/samba_dnsupdate", line 118, in get_credentials
    creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for SLAVE$@ARUCS3S4X1.QA failed (KDC has no support for encryption type)


Der Service-Principal dns-slave funktioniert jedoch:

root@slave:~# kinit dns-slave
dns-slave@ARUCS3S4X1.QA's Password: 
root@slave:~# klist 
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: dns-slave@ARUCS3S4X1.QA

  Issued                Expires               Principal
Apr 16 22:43:59 2012  Apr 17 08:43:59 2012  krbtgt/ARUCS3S4X1.QA@ARUCS3S4X1.QA

Ich nehme an, dass es daran liegt, dass über die DNS Kerberos SRV Records der KDC des Master verwendet wird, der den Account aber nicht in seinem Backend findet.

Comment 1 Ingo Steuwer

2013-04-18 12:08:56 CEST

Aufgefallen an 2013012921000952 (UCS 3.1-1 mit UCS@school für UCS 3.1)

Von zwei DC Slaves wirft einer bei einem erneuten Join diesen Fehler:

----------
RUNNING 98univention-samba4slavepdc-dns.inst
Traceback (most recent call last):
  File "/usr/sbin/samba_dnsupdate", line 513, in <module>
    get_credentials(lp)
  File "/usr/sbin/samba_dnsupdate", line 126, in get_credentials
    creds.get_named_ccache(lp, ccachename)
RuntimeError: kinit for <REALM DC SLAVE> failed (KDC has
no support for encryption type)

EXITCODE=1

Do 18. Apr 11:13:05 CEST 2013
univention-run-join-scripts finished
--------------

Comment 2 Tim Petersen

2013-09-04 14:51:22 CEST

An Ticket #2013090421001215 wie im letzten Comment beschrieben aufgefallen - hier ebenfalls Rejoin eines Schulslaves.

Comment 3 Arvid Requate

2013-09-05 10:19:37 CEST

The issue of Ticket #2013090421001215 is unrelated as the customer manually edited the resolv.conf. Everything was fine after a ucr commit /etc/resolv.conf.

The generic issue has been fixed in UCS@school 3.1 R2.

*** This bug has been marked as a duplicate of bug 31651 ***