Re: [Samba] winbind and ipv6
On Fri, Jun 10, 2011 at 10:22:27AM +0600, Eugene M. Zheganin wrote: Hi. FreeBSD 8.2-RELEASE Samba 3.4.9 security = ads Samba as domain member. Controllers on Win2008 R2. When using IPv4 all is fine. Today I added IPv6 on controllers, winbind stopped working when using IPv6. I.e. when password server = NAME, which resolves to , winbind says ===Cut=== # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret ===Cut=== when I set password server to IPv4 address, all is fine again. Before you will start to blame me for lack of IPv6 connectivity, I want to say that IPv6 is working in this LAN for about half-a-year. Samba server can ping6 domains controller. Furthermore, when issuing kinit I see in tcpdump that it gets tickets by using ipv6. Samba is used by squid to authenticate users on this server. Users are succesfully connecting to squid via IPv6. Disturbing strings in log: ===Cut=== [2011/06/09 22:13:58, 3] winbindd/winbindd_cm.c:1597(connection_ok) connection_ok: Connection to HQ-GC.norma.com for domain SOFTLAB is not connected [2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line) print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known .cm_prepare_connection: Unknown error: 0 [2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line) print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known .cm_prepare_connection: Unknown error: 0 [2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line) print_kdc_line: can't resolve name for kdc with non-default port [fd00::32d]. Error hostname nor servname provided, or not known ===Cut=== (lots of these) Ok, we only get into this message when the following is true: if (port != 0 port != DEFAULT_KRB5_PORT) - which means the port is being resolved as a strange value. Can you reproduce with a debug level 10 log which should tell you what port it's tring to use ? That might give a hint as to what is the problem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind and ipv6
Hi.
FreeBSD 8.2-RELEASE
Samba 3.4.9
security = ads
Samba as domain member. Controllers on Win2008 R2.
When using IPv4 all is fine.
Today I added IPv6 on controllers, winbind stopped working when using IPv6.
I.e. when
password server = NAME, which resolves to , winbind says
===Cut===
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233)
Could not check secret
===Cut===
when I set password server to IPv4 address, all is fine again.
Before you will start to blame me for lack of IPv6 connectivity, I want
to say that IPv6 is working in this LAN for about half-a-year.
Samba server can ping6 domains controller.
Furthermore, when issuing kinit I see in tcpdump that it gets tickets by
using ipv6. Samba is used by squid to authenticate users on this server.
Users are succesfully connecting to squid via IPv6.
Disturbing strings in log:
===Cut===
[2011/06/09 22:13:58, 3] winbindd/winbindd_cm.c:1597(connection_ok)
connection_ok: Connection to HQ-GC.norma.com for domain SOFTLAB is
not connected
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
.cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
.cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
===Cut===
(lots of these)
fd00::32d is the address of the domain controller. SOFTLAB is my
Win2008 domain. HQ-GC.norma.com is the name of the domain controller.
krb5.conf looks like this (Kerberos seems to be working using IPv6, as I
already said):
===Cut===
[libdefaults]
default_realm = NORMA.COM
default_keytab_name = /etc/krb5.keytab
[realms]
NORMA.COM = {
kdc = tcp/hq-gc.norma.com
admin_server = hq-gc.norma.com
}
[domain_realm]
.kerberos.server = NORMA.COM
[logging]
default = SYSLOG:INFO
===Cut===
Any ideas ?
Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind and ipv6
Hi.
FreeBSD 8.2-RELEASE
Samba 3.4.9
security = ads
Samba as domain member. Controllers on Win2008 R2.
When using IPv4 all is fine.
Today I added IPv6 on controllers, winbind stopped working when using IPv6.
I.e. when
password server = NAME, which resolves to , winbind says
===Cut===
# wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233)
Could not check secret
===Cut===
when I set password server to IPv4 address, all is fine again.
Before you will start to blame me for lack of IPv6 connectivity, I want
to say that IPv6 is working in this LAN for about half-a-year.
Samba server can ping6 domains controller.
Furthermore, when issuing kinit I see in tcpdump that it gets tickets by
using ipv6. Samba is used by squid to authenticate users on this server.
Users are succesfully connecting to squid via IPv6.
Disturbing strings in log:
===Cut===
[2011/06/09 22:13:58, 3] winbindd/winbindd_cm.c:1597(connection_ok)
connection_ok: Connection to HQ-GC.norma.com for domain SOFTLAB is
not connected
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
.cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
.cm_prepare_connection: Unknown error: 0
[2011/06/09 22:13:58, 0] libads/kerberos.c:693(print_kdc_line)
print_kdc_line: can't resolve name for kdc with non-default port
[fd00::32d]. Error hostname nor servname provided, or not known
===Cut===
(lots of these)
fd00::32d is the address of the domain controller. SOFTLAB is my
Win2008 domain. HQ-GC.norma.com is the name of the domain controller.
krb5.conf looks like this (Kerberos seems to be working using IPv6, as I
already said):
===Cut===
[libdefaults]
default_realm = NORMA.COM
default_keytab_name = /etc/krb5.keytab
[realms]
NORMA.COM = {
kdc = tcp/hq-gc.norma.com
admin_server = hq-gc.norma.com
}
[domain_realm]
.kerberos.server = NORMA.COM
[logging]
default = SYSLOG:INFO
===Cut===
Any ideas ?
Thanks.
Eugene.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
