15999 – net ads join still fails with multiple DCs

Bug 15999 - net ads join still fails with multiple DCs

Summary: net ads join still fails with multiple DCs

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.23.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Pavel Filipenský
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-02-12 19:18 UTC by Pavel Filipenský
Modified:	2026-02-25 09:49 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Filipenský 2026-02-12 19:18:08 UTC

During joining a domain with multiple DCs we need to deal with situation that machine account is created using LDAP at one of the DCs and there is a window till the account is replicated to the other DCs.

The fix in https://bugzilla.samba.org/show_bug.cgi?id=15905 makes sure that keytab code calls ads_init() with a particular DC (the one which was used for creating the machine account). 

However there are two more calls during libnet_Join() that might talk to DC and we must make sure that it is the right DC:


libnet_join_post_processing_ads_modify() (etype update)
libnet_join_post_verify() (domain membership verification)

The fix will follow.

Comment 1 Pavel Filipenský 2026-02-25 09:49:02 UTC

Fix in progress: https://gitlab.com/samba-team/samba/-/merge_requests/4435