*Excellent* analysis from Rebecca Gellman <rebecca@starfleet-net.co.uk>: So I did some digging into the source code, and I think I've found the issue. Around line 120 of source3/libads/cldap.c: for (i=0; i<num_servers; i++) { NTSTATUS status; status = cldap_socket_init(state->cldap, NULL, /* local_addr */ state->servers[i], &state->cldap[i]); if (tevent_req_nterror(req, status)) { return tevent_req_post(req, ev); } /* Code omitted for brevity */ } This is in cldap_multi_netlogon_send(), a function that sends CLDAP requests to multiple DCs in one go. The loop here sets up a socket for each DC. cldap_socket_init() in turn (possibly several calls deeper) sets up the UDP socket, and calls connect() on it, which fails with "Network unreachable". This bubbles up the chain and comes back to cldap_multi_netlogon_send() as NT_STATUS_NETWORK_UNREACHABLE. Note however the return from the function: it returns an error if *any* of the servers queried returned an error, even if any of them succeeded. In my case, even though server 0 (IPv4) succeeds, this call returns an error because server 1 (IPv6) could not be reached. To reiterate, this is in Samba 4.2.10, which ships with Debian 8 (Jessie), and occurs when running "net ads workgroup".
Created attachment 12584 [details] git-am fix for master.
Created attachment 12585 [details] git-am fix for master.
Created attachment 12591 [details] git-am fix for 4.5.next, 4.4.next. With cherry-pick from master info included. Ralph please review !
Reassigning to Karolin for inclusion in 4.4 and 4.5.
(In reply to Ralph Böhme from comment #4) Pushed to autobuild-v4-{5,4}-test.
(In reply to Karolin Seeger from comment #5) Pushed to both branches. Closing out bug report. Thanks!