This bug is reported on the 'net ads testjoin' command but is probably applicable to any component that uses libads to find a domain controller, e.g. when winbindd locates a domain controller for an ldap or smb connection. To reproduce: - Set up two AD sites - site1 and site2. - Join a samba host as a member server to the domain, put it in site1, configure its DNS to be different than the site1 DC (so that when the DC goes down we still have DNS) - run 'net ads testjoin' - OK - shut down the DC on site1 (or just block CLDAP via Windows firewall) - run 'net ads testjoin' Expected result - success (fallback to site2) Actual - failure Output with log level set to 1: ads_cldap_netlogon: did not get a reply ads_find_dc: failed to find a valid DC on our site (Site1), trying to find another DC Got a positive name query response from XXXXX ( XXXXX ) samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x2a0cf540] mpx_fde[(nil)] fd[12] - disabling ads_cldap_netlogon: did not get a reply ads_connect: No logon servers Join to domain is not valid: No logon servers return code = -1
Created attachment 11135 [details] Proposed fix ('git show' output)
Correction - for the bug to occur, netbios has to be enabled (disable netbios = false), which is the default.
A different version of the proposed fix has been merged into master before the v4-3 fork, so this should be fixed in 4.3.0. See commits: 4d8241e017da534a933e28a0fd26e862ffae8038 28f51b915947061555ee12f8fbe0e5fab91f4194