CLDAP requests are not always answered via the originating source IP address. A UDP reply via a different IP is usually discarded by the clients.
Apart from that this might also get blocked by firewall. We had the same problem already in nmbd with nbt netlogon packets.
Removing multihome network setups on Samba AD servers is the only way to work around this currently. Making level 10 log was not possible as we still can't use %I in smb.conf (bug #9898). But the problem is obious...
Hmmm. Looking at the cldap server code, it seems to keep the tsocket around and pass it from receiver to reply functions.
Björn, can you give more of a hint showing what codepaths reply from a different address ?
I'm not familiar with the code paths affecting this problem. I know metze did a lot of research and work on the UDP src address problem, maybe he can say something on this?
Does it work with bind interfaces only = yes ?
> Does it work with bind interfaces only = yes ?
those setups were broken with
interfaces = lo, eth0
bind interfaces only = yes