Bug 36749 – Samba 4.2rc2 DC Slave join fails in IPv6 only domain

Bug 36749 - Samba 4.2rc2 DC Slave join fails in IPv6 only domain


Summary:	Samba 4.2rc2 DC Slave join fails in IPv6 only domain

Status:	CLOSED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Janek Walkenhorst
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-11-17 13:41 CET by Arvid Requate
Modified:	2023-03-25 06:51 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	IPv6
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2014-11-17 13:41:18 CET

In the IPv6 PT a DC Slave join failed. This is the debug output:
=============================================================================
root@ucs-2418:~# samba-tool domain join --debuglevel=10 organisation.intranet DC --kerberos=no -UAdministrator%univention --realm=ORGANISATION.INTRANET --machinepass=jAYekafCPvFA3xzef2dj     
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[IPC$]"
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
Finding a writeable DC for domain 'organisation.intranet'
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=2001:4dd0:ff00:8c42:ff12::4 bcast= netmask=ffff:ffff:ffff:ffff::
finddcs: searching for a DC by DNS domain organisation.intranet
finddcs: looking for SRV records for _ldap._tcp.organisation.intranet
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.organisation.intranet<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed ucs-5963.organisation.intranet [0, 100, 389]
dns child failed to find name '_ldap._tcp.organisation.intranet' of type SRV
finddcs: Failed to find SRV record for _ldap._tcp.organisation.intranet
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'organisation.intranet'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 620, in run
    keep_existing=keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1168, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing, keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 80, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 274, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)
=============================================================================

But the SRV record is resolvable:
===================================================================
root@ucs-2418:~# host -t srv '_ldap._tcp.organisation.intranet'
_ldap._tcp.organisation.intranet has SRV record 0 100 389 ucs-5963.organisation.intranet.
===================================================================

Reading the messages carefully this part is pretty weird:
===================================================================
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed ucs-5963.organisation.intranet [0, 100, 389]
dns child failed to find name '_ldap._tcp.organisation.intranet' of type SRV
===================================================================


This looks like a resurrection of Bug 29526.

Comment 1 Arvid Requate

2014-11-17 13:55:08 CET

> This looks like a resurrection of Bug 29526.

But that patch has been accepted upstream long time ago. Playing with "name resolve order" didn't help, so the next step would be "univention-install gdb samba-dbg" and tracing  net ads join.

Comment 2 Janek Walkenhorst

2017-05-04 11:53:46 CEST

No problem in 4.2 PT