Bug 10006 - Primary domain is not marked as offline if NETLOGON connection fails during trusted domains query on startup
Primary domain is not marked as offline if NETLOGON connection fails during t...
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: Winbind
unspecified
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-10 12:21 UTC by Daniel Gan-Levi
Modified: 2013-07-15 07:46 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Gan-Levi 2013-07-10 12:21:06 UTC
The immediate consequence of this is that trusted domain list remains empty indefinitely, causing login failures for all users of those domains.
There is an obvious bug in the code that causes it (although I'm not sure what the solution should be):
In winbind_cache.c, function trusted_domains(), under do_query label there is a call to trusted_domains() method of the domain's backend. If this backend is ADS, trusted_domains() in winbindd_ads.c gets called. It calls cm_connect_netlogon() and if it fails, returns NT_STATUS_UNSUCCESSFUL. Now back in winbind_cache.c, this status is _not_ among the statuses that cause set_domain_offline() to get called, therefore the domain stays marked as online and timer is not set to retry.

The problem seems to be the same as described in bug #3798, from 2006(!).
Comment 1 Andrew Bartlett 2013-07-15 07:37:43 UTC
Have you created a patch to test your theory?
Comment 2 Daniel Gan-Levi 2013-07-15 07:46:33 UTC
(In reply to comment #1)
> Have you created a patch to test your theory?

As have mentioned, I am not sure what the solution should be. I have added NT_STATUS_UNSUCCESSFUL to the list of the statuses that are checked against in trusted_domains() [winbind_cache.c], and yes, I saw the domain marked again as online after 10 seconds and trusted domain list now gets populated. But that would be too broad a catch, wouldn't it?