From Heath Kehoe <heath@digitalartefacts.com>: We have an AD environment backed entirely by Samba4. We have a remote location where I spun up a Samba4 instance and made it a DC. The remote subnet is connected to our "main" subnet via VPN, with both IPv4 and IPv6. I set up an AD Site for the remote location and assigned the appropriate subnets (both v4 and v6) to it. However, a Windows client at the remote location never associated with the correct site, in that 'nltest /dsgetsite' always returned the default site. Also, that client would sometimes use a DC at the main site; and worse, clients at the main site sometimes bound to the DC at the remote site's DC causing long login times. So I tracked down what Samba was doing to match a client to a site. I found samdb_client_site_name() which in turn uses socket_allow_access() which led to masked_match() in source4/lib/socket/access.c that clearly only worked with IPv4 addresses. Since we are using IPv6, clients failed to be matched to any site.
Created attachment 12656 [details] git-am fix for master. Test patch.
this patch is in master and in realeases since 4.6.