Bug 33250 - IPv6: Samba 4 does not start correctly on IPv6-only system
IPv6: Samba 4 does not start correctly on IPv6-only system
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-0-errata
Assigned To: Felix Botner
Arvid Requate
:
: 29870 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-11 15:13 CET by Janek Walkenhorst
Modified: 2013-12-12 11:29 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2013-11-11 15:13:14 CET
IPv6-only installation, DC master, S4

The DC master DNS SRV record is missing:
 # host  -t srv _domaincontroller_master._tcp."$(hostname -d)"
 Host _domaincontroller_master._tcp.s4.test not found: 3(NXDOMAIN)

The kerberos-adm also fails:
 # host  -t srv _kerberos-adm._tcp."$(hostname -d)"
 Host _kerberos-adm._tcp.s4.test not found: 3(NXDOMAIN)

But the other SRV records work
 # host -t srv _ldap._tcp."$(hostname -d)"
 _ldap._tcp.s4.test has SRV record 0 100 389 master.s4.test.
 # host -t srv _kerberos._udp."$(hostname -d)"
 _kerberos._udp.s4.test has SRV record 0 100 88 master.s4.test.
 # host -t srv _kerberos._tcp."$(hostname -d)"
 _kerberos._tcp.s4.test has SRV record 0 100 88 master.s4.test.

The service records are correct according to univention-ldapsearch:
 # univention-ldapsearch -xLLL relativeDomainName=_domaincontroller_master._tcp
 dn: relativeDomainName=_domaincontroller_master._tcp,zoneName=s4.test,cn=dns,d
  c=s4,dc=test
 objectClass: top
 objectClass: dNSZone
 objectClass: univentionObject
 univentionObjectType: dns/srv_record
 sRVRecord: 0 0 0 master.s4.test.
 dNSTTL: 10800
 relativeDomainName: _domaincontroller_master._tcp
 zoneName: s4.test

But univention-s4search fails:
 # univention-s4search 
 Failed to connect to ldap URL 'ldaps://master.s4.test' - LDAP client internal
 error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldaps://master.s4.test' with backend 'ldaps': (null)
 Failed to connect to ldaps://master.s4.test - (null)

Normal host resolutions also works
 # host "$(hostname -f)"
 master.s4.test has IPv6 address 2001:[…]:ff12:0:4:10
 # host "$(hostname)"
 master.s4.test has IPv6 address 2001:[…]:ff12:0:4:10
but reverse DNS does not:
 # host 2001:[…]:ff12:0:4:10
 Host 0.1.0.0.4.0.0.0.0.0.0.0.2.1.f.f.[…].1.0.0.2.ip6.arpa not found: 3(NXDOMAIN)
Comment 1 Janek Walkenhorst univentionstaff 2013-11-11 16:43:25 CET
After setting dns/backend=ldap and rebooting:

SRV records work:
 # host  -t srv _domaincontroller_master._tcp."$(hostname -d)"
 _domaincontroller_master._tcp.s4.test has SRV record 0 0 0 master.s4.test.
 # host  -t srv _kerberos-adm._tcp."$(hostname -d)"
 _kerberos-adm._tcp.s4.test has SRV record 0 100 88 master.s4.test.
reverse DNS also works,
but univention-s4search fails, still.
Comment 2 Stefan Gohmann univentionstaff 2013-11-12 07:40:02 CET
(In reply to Janek Walkenhorst from comment #0)
> But univention-s4search fails:
>  # univention-s4search 
>  Failed to connect to ldap URL 'ldaps://master.s4.test' - LDAP client
> internal
>  error: NT_STATUS_CONNECTION_REFUSED
>  Failed to connect to 'ldaps://master.s4.test' with backend 'ldaps': (null)
>  Failed to connect to ldaps://master.s4.test - (null)

That is the main problem. The connector does not synchronize any data because the search fails:

$ tail -1 /var/log/univention/connector-status.log
Warning: Can't initialize LDAP-Connections, wait ...


It works after adding a virtual IPv4 interface, for example
 ifconfig eth0:0 1.1.1.1
 /etc/init.d/samba4 restart
Comment 3 Felix Botner univentionstaff 2013-11-20 13:21:02 CET
*** Bug 29870 has been marked as a duplicate of this bug. ***
Comment 4 Arvid Requate univentionstaff 2013-11-20 13:36:09 CET
According to the patch from 2011 WINS only does IPv4. The patch intention was to make wrepl not use IPv6, maybe this patch needs to be updated..
https://git.samba.org/samba.git/?p=samba.git;a=commit;h=b34013d5377926303d1ea60259f6853c8684cf8b
Comment 5 Felix Botner univentionstaff 2013-11-20 14:01:42 CET
Problem is the wrepl (wins replication) process. In an ipv6 environment wrepl fails to start with 

[2012/12/19 18:14:07,  0] ../source4/smbd/service_task.c:35(task_server_terminate)
  task_server_terminate: [wreplsrv_task_init: wreplsrv_open_winsdb() failed]

and then everything collapses.

This is the main problem and should be fixed in "source4/wrepl_server/wrepl_server.c"

Workaround:

As far as i understand, netbios and ipv6 do not get along with each other. 
http://en.wikipedia.org/wiki/NetBIOS
"NetBIOS name resolution is not supported by Microsoft for Internet Protocol Version 6 (IPv6)."

So we could deactivate wins in ipv6(only) setup's with: 

  -> ucr set windows/wins-support='no'

This seems to deactivate wrepl as well and samba4 starts fine.
Comment 6 Felix Botner univentionstaff 2013-11-20 16:03:39 CET
2013-11-20-univention-samba4.yaml
univention-samba4 in ucs_3.2-0-errata3.2-0

Added test to 96univention-samba4.inst whether ipv4 addresses are configured. If not, wins support is deactivated.
Comment 7 Arvid Requate univentionstaff 2013-12-09 16:21:57 CET
This doesn't fix updated systems, maybe add the typical version-specific update code block to the postinst script.
Comment 8 Felix Botner univentionstaff 2013-12-09 17:07:01 CET
(In reply to Arvid Requate from comment #7)
> This doesn't fix updated systems, maybe add the typical version-specific
> update code block to the postinst script.

done
Comment 9 Arvid Requate univentionstaff 2013-12-10 19:43:47 CET
Verified:
 * New join OK
 * Update without join OK
 * Advisory OK
Comment 10 Moritz Muehlenhoff univentionstaff 2013-12-12 11:29:56 CET
http://errata.univention.de/ucs/3.2/6.html