The Samba-Bugzilla – Bug 10891
Joining Samba3 BDC fails with Samba4.2 rc1
Last modified: 2016-07-31 02:42:11 UTC
Joining a classic Samba3/OpenLDAP BDC fails with Samba 4.2 rc1. The error message is "Machine is a Domain Controller".
Created attachment 10365 [details]
patch for master to allow join as a classic DC
Ironically, I came across this over the past few months, particularly when looking at inter-domain trusts, but didn't think there was a real-world use case.
I've tidied up the patches, and with Garming have added tests, and these are in autobuild.
BTW, would you mind describing what you use the self-join for? I think it is a great thing, and some code would be much easier if we could assume it was always present, but didn't expect it was done often.
There was a time when a squid>NTLM>winbind authentication showed performance issues and "wbinfo -t" would fail on BDCs when they were not "joined into the domain". Maybe that changed in the meantime. Also "net rpc testjoin" indicates that the system is not a proper member of the domain, which at least is irritating. Thanks for the quick patch, it solved the issue in my tests.
I still get a message "No realm has been specified! Do you really want to join an Active Directory server?" which is related to the "create krb5 conf" parameter and looks like a bit weird question given that a net rpc join was performed. Configuring the "realm" parameter in smb.conf didn't silence the message. But this seems harmless.
Created attachment 10527 [details]
Created attachment 10528 [details]
This is real backport. Please review more carefully. Thanks!
Comment on attachment 10527 [details]
Comment on attachment 10528 [details]
4.1 does not have that issue, so no need to modify libnetjoin there.
If we ever add the schannel patch from bug #10440 we also need to apply the v4-2-test patch from here!
Fixed in Samba 4.3 with b299409410751ff3c8c775bd073e34d914a54efc
Sadly this didn't get assigned to Karolin correctly so wasn't merged to 4.2 while that was in non-security maintenance.