Univention Bugzilla – Bug 33250
IPv6: Samba 4 does not start correctly on IPv6-only system
Last modified: 2013-12-12 11:29:56 CET
IPv6-only installation, DC master, S4 The DC master DNS SRV record is missing: # host -t srv _domaincontroller_master._tcp."$(hostname -d)" Host _domaincontroller_master._tcp.s4.test not found: 3(NXDOMAIN) The kerberos-adm also fails: # host -t srv _kerberos-adm._tcp."$(hostname -d)" Host _kerberos-adm._tcp.s4.test not found: 3(NXDOMAIN) But the other SRV records work # host -t srv _ldap._tcp."$(hostname -d)" _ldap._tcp.s4.test has SRV record 0 100 389 master.s4.test. # host -t srv _kerberos._udp."$(hostname -d)" _kerberos._udp.s4.test has SRV record 0 100 88 master.s4.test. # host -t srv _kerberos._tcp."$(hostname -d)" _kerberos._tcp.s4.test has SRV record 0 100 88 master.s4.test. The service records are correct according to univention-ldapsearch: # univention-ldapsearch -xLLL relativeDomainName=_domaincontroller_master._tcp dn: relativeDomainName=_domaincontroller_master._tcp,zoneName=s4.test,cn=dns,d c=s4,dc=test objectClass: top objectClass: dNSZone objectClass: univentionObject univentionObjectType: dns/srv_record sRVRecord: 0 0 0 master.s4.test. dNSTTL: 10800 relativeDomainName: _domaincontroller_master._tcp zoneName: s4.test But univention-s4search fails: # univention-s4search Failed to connect to ldap URL 'ldaps://master.s4.test' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED Failed to connect to 'ldaps://master.s4.test' with backend 'ldaps': (null) Failed to connect to ldaps://master.s4.test - (null) Normal host resolutions also works # host "$(hostname -f)" master.s4.test has IPv6 address 2001:[…]:ff12:0:4:10 # host "$(hostname)" master.s4.test has IPv6 address 2001:[…]:ff12:0:4:10 but reverse DNS does not: # host 2001:[…]:ff12:0:4:10 Host 0.1.0.0.4.0.0.0.0.0.0.0.2.1.f.f.[…].1.0.0.2.ip6.arpa not found: 3(NXDOMAIN)
After setting dns/backend=ldap and rebooting: SRV records work: # host -t srv _domaincontroller_master._tcp."$(hostname -d)" _domaincontroller_master._tcp.s4.test has SRV record 0 0 0 master.s4.test. # host -t srv _kerberos-adm._tcp."$(hostname -d)" _kerberos-adm._tcp.s4.test has SRV record 0 100 88 master.s4.test. reverse DNS also works, but univention-s4search fails, still.
(In reply to Janek Walkenhorst from comment #0) > But univention-s4search fails: > # univention-s4search > Failed to connect to ldap URL 'ldaps://master.s4.test' - LDAP client > internal > error: NT_STATUS_CONNECTION_REFUSED > Failed to connect to 'ldaps://master.s4.test' with backend 'ldaps': (null) > Failed to connect to ldaps://master.s4.test - (null) That is the main problem. The connector does not synchronize any data because the search fails: $ tail -1 /var/log/univention/connector-status.log Warning: Can't initialize LDAP-Connections, wait ... It works after adding a virtual IPv4 interface, for example ifconfig eth0:0 1.1.1.1 /etc/init.d/samba4 restart
*** Bug 29870 has been marked as a duplicate of this bug. ***
According to the patch from 2011 WINS only does IPv4. The patch intention was to make wrepl not use IPv6, maybe this patch needs to be updated.. https://git.samba.org/samba.git/?p=samba.git;a=commit;h=b34013d5377926303d1ea60259f6853c8684cf8b
Problem is the wrepl (wins replication) process. In an ipv6 environment wrepl fails to start with [2012/12/19 18:14:07, 0] ../source4/smbd/service_task.c:35(task_server_terminate) task_server_terminate: [wreplsrv_task_init: wreplsrv_open_winsdb() failed] and then everything collapses. This is the main problem and should be fixed in "source4/wrepl_server/wrepl_server.c" Workaround: As far as i understand, netbios and ipv6 do not get along with each other. http://en.wikipedia.org/wiki/NetBIOS "NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6)." So we could deactivate wins in ipv6(only) setup's with: -> ucr set windows/wins-support='no' This seems to deactivate wrepl as well and samba4 starts fine.
2013-11-20-univention-samba4.yaml univention-samba4 in ucs_3.2-0-errata3.2-0 Added test to 96univention-samba4.inst whether ipv4 addresses are configured. If not, wins support is deactivated.
This doesn't fix updated systems, maybe add the typical version-specific update code block to the postinst script.
(In reply to Arvid Requate from comment #7) > This doesn't fix updated systems, maybe add the typical version-specific > update code block to the postinst script. done
Verified: * New join OK * Update without join OK * Advisory OK
http://errata.univention.de/ucs/3.2/6.html