Bug 11321 - net ads testjoin fails to find an off-site DC if the on-site DC is unavailable
net ads testjoin fails to find an off-site DC if the on-site DC is unavailable
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2015-06-09 12:01 UTC by Uri Simchoni
Modified: 2016-09-13 16:04 UTC (History)
1 user (show)

See Also:

Proposed fix ('git show' output) (8.50 KB, patch)
2015-06-09 12:02 UTC, Uri Simchoni
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Uri Simchoni 2015-06-09 12:01:14 UTC
This bug is reported on the 'net ads testjoin' command but is probably applicable to any component that uses libads to find a domain controller, e.g. when winbindd locates a domain controller for an ldap or smb connection.

To reproduce:
- Set up two AD sites - site1 and site2.
- Join a samba host as a member server to the domain, put it in site1, configure its DNS to be different than the site1 DC (so that when the DC goes down we still have DNS)
- run 'net ads testjoin' - OK
- shut down the DC on site1 (or just block CLDAP via Windows firewall)
- run 'net ads testjoin'

Expected result - success (fallback to site2)
Actual - failure

Output with log level set to 1:
ads_cldap_netlogon: did not get a reply
ads_find_dc: failed to find a valid DC on our site (Site1), trying to find another DC
Got a positive name query response from XXXXX ( XXXXX )
samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x2a0cf540] mpx_fde[(nil)] fd[12] - disabling
ads_cldap_netlogon: did not get a reply
ads_connect: No logon servers
Join to domain is not valid: No logon servers
return code = -1
Comment 1 Uri Simchoni 2015-06-09 12:02:19 UTC
Created attachment 11135 [details]
Proposed fix ('git show' output)
Comment 2 Uri Simchoni 2015-06-09 18:51:16 UTC
Correction - for the bug to occur, netbios has to be enabled (disable netbios = false), which is the default.
Comment 3 Uri Simchoni 2015-09-04 19:15:28 UTC
A different version of the proposed fix has been merged into master before the v4-3 fork, so this should be fixed in 4.3.0.

See commits: