Joining a classic Samba3/OpenLDAP BDC fails with Samba 4.2 rc1. The error message is "Machine is a Domain Controller".
Created attachment 10365 [details] patch for master to allow join as a classic DC Ironically, I came across this over the past few months, particularly when looking at inter-domain trusts, but didn't think there was a real-world use case. I've tidied up the patches, and with Garming have added tests, and these are in autobuild.
BTW, would you mind describing what you use the self-join for? I think it is a great thing, and some code would be much easier if we could assume it was always present, but didn't expect it was done often. Thanks, Andrew Bartlett
There was a time when a squid>NTLM>winbind authentication showed performance issues and "wbinfo -t" would fail on BDCs when they were not "joined into the domain". Maybe that changed in the meantime. Also "net rpc testjoin" indicates that the system is not a proper member of the domain, which at least is irritating. Thanks for the quick patch, it solved the issue in my tests. I still get a message "No realm has been specified! Do you really want to join an Active Directory server?" which is related to the "create krb5 conf" parameter and looks like a bit weird question given that a net rpc join was performed. Configuring the "realm" parameter in smb.conf didn't silence the message. But this seems harmless.
Created attachment 10527 [details] v4-2-test patch
Created attachment 10528 [details] v4-1-test patch This is real backport. Please review more carefully. Thanks!
Comment on attachment 10527 [details] v4-2-test patch looks good
Comment on attachment 10528 [details] v4-1-test patch 4.1 does not have that issue, so no need to modify libnetjoin there.
If we ever add the schannel patch from bug #10440 we also need to apply the v4-2-test patch from here!
Fixed in Samba 4.3 with b299409410751ff3c8c775bd073e34d914a54efc Sadly this didn't get assigned to Karolin correctly so wasn't merged to 4.2 while that was in non-security maintenance.