Bug 3906 - net ads join failed on 3.0.23rc2/rc3
Summary: net ads join failed on 3.0.23rc2/rc3
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Build environment (show other bugs)
Version: 3.4.0
Hardware: Other Windows XP
: P1 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-06-30 21:40 UTC by Ying Li
Modified: 2016-12-05 15:18 UTC (History)
7 users (show)

See Also:


Attachments
raw ethereal trace for net ads join (440 bytes, application/octet-stream)
2006-07-06 11:42 UTC, Ying Li
no flags Details
Proposed patch: Use resolved IP address instead of short DNS name (1.50 KB, patch)
2007-07-12 19:46 UTC, SATOH Fumiyasu
no flags Details
Updated patch for 3.2.8 (v3-2-test) (1.21 KB, patch)
2009-02-05 07:49 UTC, SATOH Fumiyasu
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ying Li 2006-06-30 21:40:50 UTC
net ads join couldn't work on both Linux(Fedora Core 5)and HP-UX, in  3.0.23rc2 and rc3. From ethereal traffic, only see a CLDAP request/response on the wire(no any kerberos), and the response gave an error due to a null Distringgushed Name on the request. Here is traffic of net ads join for Windows 2003 DC.

Lightweight Directory Access Protocol, Search Entry
    Message Id: 4
    Message Type: Search Entry (0x04)
    Message Length: 154
    Distinguished Name: (null)
    Attribute: netlogon
        Value: \027
Lightweight Directory Access Protocol, Search Result
    Message Id: 4
    Message Type: Search Result (0x05)
    Message Length: 7
    Result Code: Success (0x00)
    Matched DN: (null)
    Error Message: (null)

#0  ads_connect (ads=0x40082728) at samba-3.0.23rc3/source/libads/ldap.c:329
#1  0x49ebc in ads_startup () at samba-3.0.23rc3/source/utils/net_ads.c:280
#2  0x4bdf0 in net_ads_join_ok () at samba-3.0.23rc3/source/utils/net_ads.c:829
#3  0x4be60 in net_ads_testjoin (argc=0, argv=0x4002e3b4) at samba-3.0.23rc3/source/utils/net_ads.c:845
#4  0x46b5c in net_run_function (argc=1, argv=0x4002e3b0, table=0x7f7f0d10, usage_fn=0x4001771a <net_ads_usage>) at samba-3.0.23rc3/source/utils/net.c:130
#5  0x4ec28 in net_ads (argc=1, argv=0x4002e3b0) at samba-3.0.23rc3/source/utils/net_ads.c:1870
#6  0x46b5c in net_run_function (argc=2, argv=0x4002e3ac, table=0x40001378, usage_fn=0x400174f2 <net_help>) at samba-3.0.23rc3/source/utils/net.c:130
#7  0x493a0 in main (argc=3, argv=0x7f7f078c) at samba-3.0.23rc3/source/utils/net.c:986

net ads testjoin has the same issue.
[2006/06/30 19:38:03, 0] utils/net_ads.c:ads_startup(288)
  ads_connect: Operations error
Join to domain is not valid

The same configurations krb5.conf, smb.conf can work with 3.0.22. I think this seems to be a bug, and not found in bugzilla.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-07-01 03:21:03 UTC
Please attach the output of 'net ads join --debuglevel=10' 
and raw ethereal network trace. Thanks.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-07-01 12:31:26 UTC
also include the output from 'net ads lookup'.  Thanks.
Comment 3 Ying Li 2006-07-03 13:51:15 UTC
(In reply to comment #1)
> Please attach the output of 'net ads join --debuglevel=10' 
> and raw ethereal network trace. Thanks.

[2006/07/03 11:46:19, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2006/07/03 11:46:19, 3] param/loadparm.c:lp_load(4945)
  lp_load: refreshing parameters
[2006/07/03 11:46:19, 3] param/loadparm.c:init_globals(1410)
  Initialising global parameters
[2006/07/03 11:46:19, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.co
nf"
[2006/07/03 11:46:19, 3] param/loadparm.c:do_section(3687)
  Processing section "[global]"
  doing parameter workgroup = cifsw2k3r2dom
  doing parameter realm = CIFSW2K3R2DOM.CUP.HP.COM
  doing parameter password server = hpcif49
  doing parameter server string = Samba server
  doing parameter security = ads
  doing parameter log file = /var/opt/samba/log.%m
  doing parameter max log size = 10000
  doing parameter log level = 10
  doing parameter socket options = TCP_NODELAY
  doing parameter read only = no
  doing parameter idmap uid = 40000-60000
  doing parameter idmap gid = 40000-60000
[2006/07/03 11:46:19, 4] param/loadparm.c:lp_load(4976)
  pm_process() returned Yes
[2006/07/03 11:46:19, 7] param/loadparm.c:lp_servicenumber(5112)
  lp_servicenumber: couldn't find homes
[2006/07/03 11:46:19, 10] param/loadparm.c:set_server_role(4221)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2LE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16LE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16LE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2BE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2BE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16BE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16BE
[2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF8
    66  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    67    Registered charset UTF8
    68  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
    69    Attempting to register new charset UTF-8
    70  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    71    Registered charset UTF-8
    72  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
    73    Attempting to register new charset ASCII
    74  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    75    Registered charset ASCII
    76  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
    77    Attempting to register new charset 646
    78  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    79    Registered charset 646
    80  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
    81    Attempting to register new charset ISO-8859-1
    82  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    83    Registered charset ISO-8859-1
    84  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
    85    Attempting to register new charset UCS2-HEX
    86  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
    87    Registered charset UCS2-HEX
    88  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    89    Substituting charset 'roman8' for LOCALE
    90  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    91    Substituting charset 'roman8' for LOCALE
    92  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    93    Substituting charset 'roman8' for LOCALE
    94  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    95    Substituting charset 'roman8' for LOCALE
    96  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    97    Substituting charset 'roman8' for LOCALE
    98  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
    99    Substituting charset 'roman8' for LOCALE
   100  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   101    Substituting charset 'roman8' for LOCALE
   102  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   103    Substituting charset 'roman8' for LOCALE
   104  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   105    Substituting charset 'roman8' for LOCALE
   106  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   107    Substituting charset 'roman8' for LOCALE
   108  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   109    Substituting charset 'roman8' for LOCALE
   110  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   111    Substituting charset 'roman8' for LOCALE
   112  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   113    Substituting charset 'roman8' for LOCALE
   114  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   115    Substituting charset 'roman8' for LOCALE
   116  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   117    Substituting charset 'roman8' for LOCALE
   118  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   119    Substituting charset 'roman8' for LOCALE
   120  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   121    Substituting charset 'roman8' for LOCALE
   122  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   123    Substituting charset 'roman8' for LOCALE
   124  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   125    Substituting charset 'roman8' for LOCALE
   126  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
   127    Substituting charset 'roman8' for LOCALE
   128  [2006/07/03 11:46:19, 2] lib/util_unistr.c:init_valid_table(249)
   129    creating default valid table
   130  [2006/07/03 11:46:19, 5] lib/util.c:init_names(286)
   131    Netbios name list:-
   132    my_netbios_names[0]="HPCFS64"
   133  [2006/07/03 11:46:19, 2] lib/interface.c:add_interface(81)
   134    added interface ip=10.13.116.64 bcast=10.13.119.255 nmask=255.255.248.0
   135  [2006/07/03 11:46:19, 2] lib/interface.c:add_interface(81)
   136    added interface ip=16.91.116.171 bcast=16.91.119.255 nmask=255.255.252.0
   137  [2006/07/03 11:46:21, 6] libads/ldap.c:ads_find_dc(219)
   138    ads_find_dc: looking for realm 'CIFSW2K3R2DOM.CUP.HP.COM'
   139  [2006/07/03 11:46:21, 8] libsmb/namequery.c:get_sorted_dc_list(1525)
   140    get_sorted_dc_list: attempting lookup using [ads]
   141  [2006/07/03 11:46:21, 5] lib/gencache.c:gencache_init(60)
   142    Opening cache file at /usr/local/samba/var/locks/gencache.tdb
   143  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_get(285)
   144    Returning expired cache entry: key = SAF/DOMAIN/CIFSW2K3R2DOM.CUP.HP.COM,
value = 15.13.115.49, timeout = Fri Jun 16 17:51:17 2006
   145  [2006/07/03 11:46:21, 5] libsmb/namequery.c:saf_fetch(105)
   146    saf_fetch: failed to find server for "CIFSW2K3R2DOM.CUP.HP.COM" domain
   147  [2006/07/03 11:46:21, 3] libsmb/namequery.c:get_dc_list(1401)
   148    get_dc_list: preferred server list: "15.13.115.49, hpcif49"
   149  [2006/07/03 11:46:21, 10] libsmb/namequery.c:internal_resolve_name(1112)
   150    internal_resolve_name: looking up hpcif49#20
   151  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_get(285)
   152    Returning expired cache entry: key = NBT/HPCIF49#20, value = 16.91.116.99:
0, timeout = Mon Jul  3 10:45:24 2006
   153  [2006/07/03 11:46:21, 5] libsmb/namecache.c:namecache_fetch(195)
   154    no entry for hpcif49#20 found.
   155  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_del(218)
   156    Deleting cache entry (key = NBT/HPCIF49#20)
   157  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_lmhosts(939)
   158    resolve_lmhosts: Attempting lmhosts lookup for name hpcif49<0x20>
   159  [2006/07/03 11:46:21, 4] libsmb/namequery.c:startlmhosts(631)
   160    startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
   161  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_wins(836)
   162    resolve_wins: Attempting wins lookup for name hpcif49<0x20>
   163  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_wins(839)
   164    resolve_wins: WINS server resolution selected and no WINS servers listed.
   165  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_hosts(1002)
   166    resolve_hosts: Attempting host lookup for name hpcif49<0x20>
   167  [2006/07/03 11:46:21, 10] libsmb/namequery.c:remove_duplicate_addrs2(408)
   168    remove_duplicate_addrs2: looking for duplicate address/port pairs
   169  [2006/07/03 11:46:21, 5] libsmb/namecache.c:namecache_store(130)
   170    namecache_store: storing 1 address for hpcif49#20: 16.91.116.99:0
   171  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_set(128)
   172    Adding cache entry with key = NBT/HPCIF49#20; value = 16.91.116.99:0 and t
imeout = Mon Jul  3 11:57:21 2006
   173     (660 seconds ahead)
   174  [2006/07/03 11:46:21, 10] libsmb/namequery.c:internal_resolve_name(1229)
   175    internal_resolve_name: returning 1 addresses: 16.91.116.99:0
   176  [2006/07/03 11:46:21, 10] libsmb/namequery.c:remove_duplicate_addrs2(408)
   177    remove_duplicate_addrs2: looking for duplicate address/port pairs
   178  [2006/07/03 11:46:21, 4] libsmb/namequery.c:get_dc_list(1503)
   179    get_dc_list: returning 2 ip addresses in an ordered list
   180  [2006/07/03 11:46:21, 4] libsmb/namequery.c:get_dc_list(1505)
   181    get_dc_list: 15.13.115.49:389 16.91.116.99:389
   182  [2006/07/03 11:46:21, 5] libads/ldap.c:ads_try_connect(125)
   183    ads_try_connect: sending CLDAP request to 15.13.115.49
   184  [2006/07/03 11:46:36, 1] libads/cldap.c:recv_cldap_netlogon(206)
   185    no reply received to cldap netlogon
   186  [2006/07/03 11:46:36, 3] libads/ldap.c:ads_try_connect(134)
   187    ads_try_connect: CLDAP request 15.13.115.49 failed.
   188  [2006/07/03 11:46:36, 10] libsmb/conncache.c:add_failed_connection_entry(139
)
   189    add_failed_connection_entry: added domain CIFSW2K3R2DOM.CUP.HP.COM (15.13.
115.49) to failed conn cache
   190  [2006/07/03 11:46:36, 5] libads/ldap.c:ads_try_connect(125)
   191    ads_try_connect: sending CLDAP request to 16.91.116.99
   192  [2006/07/03 11:46:36, 10] libsmb/namequery.c:saf_store(70)
   193    saf_store: domain = [CIFSW2K3R2DOM], server = [16.91.116.99], expire = [11
51953296]
   194  [2006/07/03 11:46:36, 10] lib/gencache.c:gencache_set(128)
   195    Adding cache entry with key = SAF/DOMAIN/CIFSW2K3R2DOM; value = 16.91.116.
99 and timeout = Mon Jul  3 12:01:36 2006
   196     (900 seconds ahead)
   197  [2006/07/03 11:46:36, 3] libads/ldap.c:ads_connect(283)
   198    Connected to LDAP server 16.91.116.99
   199  [2006/07/03 11:46:36, 0] utils/net_ads.c:ads_startup(288)
   200    ads_connect: Operations error
   201  [2006/07/03 11:46:36, 2] utils/net.c:main(988)
   202    return code = -1
Comment 4 Ying Li 2006-07-03 13:59:35 UTC
(In reply to comment #2)
> also include the output from 'net ads lookup'.  Thanks.

./net ads lookup
Information for Domain Controller: 16.91.116.99

Response Type: SAMLOGON
GUID: ad462da4-fc89-4526-a184-ef2d991c1b98
Flags:
        Is a PDC:                                   yes
        Is a GC of the forest:                      yes
        Is an LDAP server:                          yes
        Supports DS:                                yes
        Is running a KDC:                           yes
        Is running time services:                   yes
        Is the closest DC:                          yes
        Is writable:                                yes
        Has a hardware clock:                       yes
        Is a non-domain NC serviced by LDAP server: no
Forest:                 CIFSW2K3R2DOM.CUP.HP.COM
Domain:                 CIFSW2K3R2DOM.CUP.HP.COM
Domain Controller:      hpcif49.CIFSW2K3R2DOM.CUP.HP.COM
Pre-Win2k Domain:       CIFSW2K3R2DOM
Pre-Win2k Hostname:     HPCIF49
Site Name:              Default-First-Site-Name
Site Name (2):          Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
Comment 5 Gerald (Jerry) Carter (dead mail address) 2006-07-03 14:04:20 UTC
Please attach a raw ethereal trace to help diagnose this error in the logs:

  Connected to LDAP server 16.91.116.99
  ads_connect: Operations error
Comment 6 Ying Li 2006-07-03 14:18:02 UTC
(In reply to comment #1)
> Please attach the output of 'net ads join --debuglevel=10' 
> and raw ethereal network trace. Thanks.

(In reply to comment #3)
> (In reply to comment #1)
> > Please attach the output of 'net ads join --debuglevel=10' 
> > and raw ethereal network trace. Thanks.
> [2006/07/03 11:46:19, 5] lib/debug.c:debug_dump_status(391)
>   INFO: Current debug levels:
>     all: True/10
>     tdb: False/0
>     printdrivers: False/0
>     lanman: False/0
>     smb: False/0
>     rpc_parse: False/0
>     rpc_srv: False/0
>     rpc_cli: False/0
>     passdb: False/0
>     sam: False/0
>     auth: False/0
>     winbind: False/0
>     vfs: False/0
>     idmap: False/0
>     quota: False/0
>     acls: False/0
>     locking: False/0
>     msdfs: False/0
>     dmapi: False/0
> [2006/07/03 11:46:19, 3] param/loadparm.c:lp_load(4945)
>   lp_load: refreshing parameters
> [2006/07/03 11:46:19, 3] param/loadparm.c:init_globals(1410)
>   Initialising global parameters
> [2006/07/03 11:46:19, 3] param/params.c:pm_process(572)
>   params.c:pm_process() - Processing configuration file
> "/usr/local/samba/lib/smb.co
> nf"
> [2006/07/03 11:46:19, 3] param/loadparm.c:do_section(3687)
>   Processing section "[global]"
>   doing parameter workgroup = cifsw2k3r2dom
>   doing parameter realm = CIFSW2K3R2DOM.CUP.HP.COM
>   doing parameter password server = hpcif49
>   doing parameter server string = Samba server
>   doing parameter security = ads
>   doing parameter log file = /var/opt/samba/log.%m
>   doing parameter max log size = 10000
>   doing parameter log level = 10
>   doing parameter socket options = TCP_NODELAY
>   doing parameter read only = no
>   doing parameter idmap uid = 40000-60000
>   doing parameter idmap gid = 40000-60000
> [2006/07/03 11:46:19, 4] param/loadparm.c:lp_load(4976)
>   pm_process() returned Yes
> [2006/07/03 11:46:19, 7] param/loadparm.c:lp_servicenumber(5112)
>   lp_servicenumber: couldn't find homes
> [2006/07/03 11:46:19, 10] param/loadparm.c:set_server_role(4221)
>   set_server_role: role = ROLE_DOMAIN_MEMBER
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UCS-2LE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UCS-2LE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF-16LE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF-16LE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UCS-2BE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UCS-2BE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF-16BE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF-16BE
> [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF8
>     66  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     67    Registered charset UTF8
>     68  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>     69    Attempting to register new charset UTF-8
>     70  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     71    Registered charset UTF-8
>     72  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>     73    Attempting to register new charset ASCII
>     74  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     75    Registered charset ASCII
>     76  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>     77    Attempting to register new charset 646
>     78  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     79    Registered charset 646
>     80  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>     81    Attempting to register new charset ISO-8859-1
>     82  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     83    Registered charset ISO-8859-1
>     84  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(105)
>     85    Attempting to register new charset UCS2-HEX
>     86  [2006/07/03 11:46:19, 5] lib/iconv.c:smb_register_charset(113)
>     87    Registered charset UCS2-HEX
>     88  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     89    Substituting charset 'roman8' for LOCALE
>     90  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     91    Substituting charset 'roman8' for LOCALE
>     92  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     93    Substituting charset 'roman8' for LOCALE
>     94  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     95    Substituting charset 'roman8' for LOCALE
>     96  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     97    Substituting charset 'roman8' for LOCALE
>     98  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>     99    Substituting charset 'roman8' for LOCALE
>    100  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    101    Substituting charset 'roman8' for LOCALE
>    102  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    103    Substituting charset 'roman8' for LOCALE
>    104  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    105    Substituting charset 'roman8' for LOCALE
>    106  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    107    Substituting charset 'roman8' for LOCALE
>    108  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    109    Substituting charset 'roman8' for LOCALE
>    110  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    111    Substituting charset 'roman8' for LOCALE
>    112  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    113    Substituting charset 'roman8' for LOCALE
>    114  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    115    Substituting charset 'roman8' for LOCALE
>    116  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    117    Substituting charset 'roman8' for LOCALE
>    118  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    119    Substituting charset 'roman8' for LOCALE
>    120  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    121    Substituting charset 'roman8' for LOCALE
>    122  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    123    Substituting charset 'roman8' for LOCALE
>    124  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    125    Substituting charset 'roman8' for LOCALE
>    126  [2006/07/03 11:46:19, 5] lib/charcnv.c:charset_name(81)
>    127    Substituting charset 'roman8' for LOCALE
>    128  [2006/07/03 11:46:19, 2] lib/util_unistr.c:init_valid_table(249)
>    129    creating default valid table
>    130  [2006/07/03 11:46:19, 5] lib/util.c:init_names(286)
>    131    Netbios name list:-
>    132    my_netbios_names[0]="HPCFS64"
>    133  [2006/07/03 11:46:19, 2] lib/interface.c:add_interface(81)
>    134    added interface ip=10.13.116.64 bcast=10.13.119.255
> nmask=255.255.248.0
>    135  [2006/07/03 11:46:19, 2] lib/interface.c:add_interface(81)
>    136    added interface ip=16.91.116.171 bcast=16.91.119.255
> nmask=255.255.252.0
>    137  [2006/07/03 11:46:21, 6] libads/ldap.c:ads_find_dc(219)
>    138    ads_find_dc: looking for realm 'CIFSW2K3R2DOM.CUP.HP.COM'
>    139  [2006/07/03 11:46:21, 8] libsmb/namequery.c:get_sorted_dc_list(1525)
>    140    get_sorted_dc_list: attempting lookup using [ads]
>    141  [2006/07/03 11:46:21, 5] lib/gencache.c:gencache_init(60)
>    142    Opening cache file at /usr/local/samba/var/locks/gencache.tdb
>    143  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_get(285)
>    144    Returning expired cache entry: key =
> SAF/DOMAIN/CIFSW2K3R2DOM.CUP.HP.COM,
> value = 15.13.115.49, timeout = Fri Jun 16 17:51:17 2006
>    145  [2006/07/03 11:46:21, 5] libsmb/namequery.c:saf_fetch(105)
>    146    saf_fetch: failed to find server for "CIFSW2K3R2DOM.CUP.HP.COM"
> domain
>    147  [2006/07/03 11:46:21, 3] libsmb/namequery.c:get_dc_list(1401)
>    148    get_dc_list: preferred server list: "15.13.115.49, hpcif49"
>    149  [2006/07/03 11:46:21, 10]
> libsmb/namequery.c:internal_resolve_name(1112)
>    150    internal_resolve_name: looking up hpcif49#20
>    151  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_get(285)
>    152    Returning expired cache entry: key = NBT/HPCIF49#20, value =
> 16.91.116.99:
> 0, timeout = Mon Jul  3 10:45:24 2006
>    153  [2006/07/03 11:46:21, 5] libsmb/namecache.c:namecache_fetch(195)
>    154    no entry for hpcif49#20 found.
>    155  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_del(218)
>    156    Deleting cache entry (key = NBT/HPCIF49#20)
>    157  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_lmhosts(939)
>    158    resolve_lmhosts: Attempting lmhosts lookup for name hpcif49<0x20>
>    159  [2006/07/03 11:46:21, 4] libsmb/namequery.c:startlmhosts(631)
>    160    startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts.
> Error
> was No such file or directory
>    161  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_wins(836)
>    162    resolve_wins: Attempting wins lookup for name hpcif49<0x20>
>    163  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_wins(839)
>    164    resolve_wins: WINS server resolution selected and no WINS servers
> listed.
>    165  [2006/07/03 11:46:21, 3] libsmb/namequery.c:resolve_hosts(1002)
>    166    resolve_hosts: Attempting host lookup for name hpcif49<0x20>
>    167  [2006/07/03 11:46:21, 10]
> libsmb/namequery.c:remove_duplicate_addrs2(408)
>    168    remove_duplicate_addrs2: looking for duplicate address/port pairs
>    169  [2006/07/03 11:46:21, 5] libsmb/namecache.c:namecache_store(130)
>    170    namecache_store: storing 1 address for hpcif49#20: 16.91.116.99:0
>    171  [2006/07/03 11:46:21, 10] lib/gencache.c:gencache_set(128)
>    172    Adding cache entry with key = NBT/HPCIF49#20; value = 16.91.116.99:0
> and t
> imeout = Mon Jul  3 11:57:21 2006
>    173     (660 seconds ahead)
>    174  [2006/07/03 11:46:21, 10]
> libsmb/namequery.c:internal_resolve_name(1229)
>    175    internal_resolve_name: returning 1 addresses: 16.91.116.99:0
>    176  [2006/07/03 11:46:21, 10]
> libsmb/namequery.c:remove_duplicate_addrs2(408)
>    177    remove_duplicate_addrs2: looking for duplicate address/port pairs
>    178  [2006/07/03 11:46:21, 4] libsmb/namequery.c:get_dc_list(1503)
>    179    get_dc_list: returning 2 ip addresses in an ordered list
>    180  [2006/07/03 11:46:21, 4] libsmb/namequery.c:get_dc_list(1505)
>    181    get_dc_list: 15.13.115.49:389 16.91.116.99:389
>    182  [2006/07/03 11:46:21, 5] libads/ldap.c:ads_try_connect(125)
>    183    ads_try_connect: sending CLDAP request to 15.13.115.49
>    184  [2006/07/03 11:46:36, 1] libads/cldap.c:recv_cldap_netlogon(206)
>    185    no reply received to cldap netlogon
>    186  [2006/07/03 11:46:36, 3] libads/ldap.c:ads_try_connect(134)
>    187    ads_try_connect: CLDAP request 15.13.115.49 failed.
>    188  [2006/07/03 11:46:36, 10]
> libsmb/conncache.c:add_failed_connection_entry(139
> )
>    189    add_failed_connection_entry: added domain CIFSW2K3R2DOM.CUP.HP.COM
> (15.13.
> 115.49) to failed conn cache
>    190  [2006/07/03 11:46:36, 5] libads/ldap.c:ads_try_connect(125)
>    191    ads_try_connect: sending CLDAP request to 16.91.116.99
>    192  [2006/07/03 11:46:36, 10] libsmb/namequery.c:saf_store(70)
>    193    saf_store: domain = [CIFSW2K3R2DOM], server = [16.91.116.99], expire
> = [11
> 51953296]
>    194  [2006/07/03 11:46:36, 10] lib/gencache.c:gencache_set(128)
>    195    Adding cache entry with key = SAF/DOMAIN/CIFSW2K3R2DOM; value =
> 16.91.116.
> 99 and timeout = Mon Jul  3 12:01:36 2006
>    196     (900 seconds ahead)
>    197  [2006/07/03 11:46:36, 3] libads/ldap.c:ads_connect(283)
>    198    Connected to LDAP server 16.91.116.99
>    199  [2006/07/03 11:46:36, 0] utils/net_ads.c:ads_startup(288)
>    200    ads_connect: Operations error
>    201  [2006/07/03 11:46:36, 2] utils/net.c:main(988)
>    202    return code = -1

Frame 5 (151 bytes on wire, 151 bytes captured)
Ethernet II, Src: 16.91.116.171 (00:11:0a:80:41:82), Dst: 16.91.116.99 (00:30:6e:05:77:de)
Internet Protocol, Src: 16.91.116.171 (16.91.116.171), Dst: 16.91.116.99 (16.91.116.99)
User Datagram Protocol, Src Port: 52232 (52232), Dst Port: 389 (389)
Lightweight Directory Access Protocol
    LDAP Message, Search Request
        Message Id: 4
        Message Type: Search Request (0x03)
        Message Length: 102
        Response In: 6
        Base DN: (null)
        Scope: Base (0x00)
        Dereference: Never (0x00)
        Size Limit: 0
        Time Limit: 0
        Attributes Only: False
        Filter: (&(DnsDomain=CIFSW2K3R2DOM.CUP.HP.COM)(Host=HPCFS64)(NtVer=\006))
        Attribute: NetLogon

No.     Time        Source                Destination           Protocol Info
      6 32.760976   16.91.116.99          16.91.116.171         CLDAP    MsgId=4 Search Entry, 1 result

Frame 6 (233 bytes on wire, 233 bytes captured)
Ethernet II, Src: 16.91.116.99 (00:30:6e:05:77:de), Dst: 16.91.116.171 (00:11:0a:80:41:82)
Internet Protocol, Src: 16.91.116.99 (16.91.116.99), Dst: 16.91.116.171 (16.91.116.171)
User Datagram Protocol, Src Port: 389 (389), Dst Port: 52232 (52232)
Lightweight Directory Access Protocol
    LDAP Message, Search Entry
        Message Id: 4
        Message Type: Search Entry (0x04)
        Message Length: 154
        Response To: 5
        Time: 0.000349000 seconds
        Distinguished Name: (null)
        Attribute: netlogon
            Type: 23
            Flags: 0x000003fd
                .... .... .... .... .... .0.. .... .... = NDNC: Domain is NOT non-domain nc serviced by ldap server
                .... .... .... .... .... ..1. .... .... = Good Time Serv: This dc has a GOOD TIME SERVICE (i.e. hardware clock)
                .... .... .... .... .... ...1 .... .... = Writable: This dc is WRITABLE
                .... .... .... .... .... .... 1... .... = Closest: This is the CLOSEST dc (unreliable?)
                .... .... .... .... .... .... .1.. .... = Time Serv: This dc is running TIME SERVICES (ntp)
                .... .... .... .... .... .... ..1. .... = KDC: This is a KDC (kerberos)
                .... .... .... .... .... .... ...1 .... = DS: This dc supports DS
                .... .... .... .... .... .... .... 1... = LDAP: This is an LDAP server
                .... .... .... .... .... .... .... .1.. = GC: This is a GLOBAL CATALOGUE of forest
                .... .... .... .... .... .... .... ...1 = PDC: This is a PDC
            Domain GUID: A42D46AD89FC2645A184EF2D991C1B98
            Forest: CIFSW2K3R2DOM.CUP.HP.COM
            Domain: CIFSW2K3R2DOM.CUP.HP.COM
            Hostname: hpcif49.CIFSW2K3R2DOM.CUP.HP.COM
            NetBios Domain: CIFSW2K3R2DOM
            NetBios Hostname: HPCIF49
            User:
            Site: Default-First-Site-Name
            Client Site: Default-First-Site-Name
            Version: 5
            LM Token: 0xffff
            NT Token: 0xffff
    LDAP Message, Search Result
        Message Id: 4
        Message Type: Search Result (0x05)
        Message Length: 7
        Response To: 5
        Time: 0.000349000 seconds
        Result Code: success (0x00)
        Matched DN: (null)
        Error Message: (null)
Comment 7 Gerald (Jerry) Carter (dead mail address) 2006-07-03 14:31:57 UTC
Ying,  I asked for a raw ethereal trace.  Text dumps of packets 
are not help. Please capture the entire join process and *attach*
the raw packet trace to the report. Thanks.
Comment 8 Ying Li 2006-07-06 11:42:10 UTC
Created attachment 2019 [details]
raw ethereal trace for net ads join

raw ethereal trace for "net ads join -Uadministrator"
Comment 9 Ying Li 2006-07-21 13:13:09 UTC
Hi Jerry,

I found ldap_open(server, port) for openldap 2.3.24/2.3.21 versions returned an error 242(no route to host), when config.ldap_server_name = cldap_replay.hostname. Here is my scenario.

Windows2k3 DC
- hostname: myhost.adsdomain.dept.company.com
- DNS Server configured, and forwarder to other DNS server in company.

krb5.conf:
[realms]
        ADSDOMAIN.DEPT.COMAPNY.COM = {
        kdc = myhost.dept.company.com:88
        admin_server = myhost.dept.company.com
}
[domain_realm]
.dept.company.com = ADSDOMAIN.DEPT.COMAPNY.COM

Kinit OK.
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@MYDOMAIN.DEPT.COMPANY.COM

Valid starting     Expires            Service principal
07/21/06 09:28:52  07/21/06 19:26:55  krbtgt/MYDOMAIN.DEPT.COMPANY.COM
@MYDOMAIN.DEPT.COMPANY.COM
        renew until 07/21/06 19:28:52

After ads_ldap_netlogon() call of ads_try_connec() in ldap.c, 
cldap_reply contains:
forest: ADSDOMAIN.DEPT.COMPANY.COM
domain: ADSDOMAIN.DEPT.COMPANY.COM
hostname: myhost.ADSDOMAIN.DEPT.COMPANY.COM
netbios_domain: ADSDOMAIN.DEPT.COMPANY.COM
netbios_hostname: MYHOST

Then the code transfer to ads
	ads->config.ldap_server_name   = SMB_STRDUP(cldap_reply.hostname); 
	strupper_m(cldap_reply.domain);
	ads->config.realm              = SMB_STRDUP(cldap_reply.domain);
	ads->config.bind_path          = ads_build_dn(ads->config.realm);
	ads->server.workgroup          = SMB_STRDUP(cldap_reply.netbios_domain);

From my testing, using cldap_reply.netbios_hostname (not cldap_reply.hostname) for ldap_open call can fix the problem.
	ads->config.ldap_server_name = SMB_STRDUP(cldap_reply.netbios_hostname);

I don't know if it's used for all cases.
thanks.
Comment 10 Blindauer Emmanuel (dead mail address) 2006-07-24 01:59:58 UTC
I'm having the same issue with 3.0.23a
Comment 11 Blindauer Emmanuel (dead mail address) 2006-07-24 02:08:10 UTC
Actually, the bug is reproducible only if the DNS used by the client isn't one of the DC, not sure if it is really a bug...

Ying Li: what for DNS do you use ?
Comment 12 Ying Li 2006-07-24 11:17:01 UTC
(In reply to comment #11)
> Actually, the bug is reproducible only if the DNS used by the client isn't one of the DC, not sure if it is really a bug...
> Ying Li: what for DNS do you use ?

Yes. You are right. I used a DNS server that was NOT that DNS Windows DC configured with in my DC. For example:
- a public DNS-A in company.
- Windows DC configured DNS-B, forwardered to DNS-A.
- /etc/resolv.conf using DNS-A.
- kinit OK. But net ads join failed.
Comment 13 Gerald (Jerry) Carter (dead mail address) 2006-08-30 14:06:48 UTC
a fulle trace of the net ads join.  Not just the CLDAP packet on port 389.
Also please test the 3.0.23c-gwc-2 patch at http://www.samba.org/~jerry/patches/.
Thanks.
Comment 14 Bahram C. 2006-11-07 11:26:25 UTC
I also have noticed the same problem on Debian-Sarge 2.4.21 even using the latest Samba patches for 3.0.23c.

The problem goes away when I use the DC REALM as my DNS, as described above by Blindauer.

We really depend on the new features provided in 3.0.23, however this bug is blocking us. I would be happy if I can assist on fixing this.
Comment 15 Bahram C. 2006-11-16 15:09:15 UTC
I also noticed that under the same situation, "net ads info" can not get server's current time. I'm not sure if this is a related bug or something else.


# net ads info -w rolaid0 -UAdministrator%scs
Failed to get server's current time!
LDAP server: 192.168.26.202
LDAP server name: rolaid.ROLAID.2K3AD.NET
Realm: ROLAID.2K3AD.NET
Bind Path: dc=ROLAID,dc=2K3AD,dc=NET
LDAP port: 389
Server time: Wed, 31 Dec 1969 20:00:00 GMT-4
KDC server: 192.168.26.202
Server time offset: 0


As before, setting the AD domain controller to be my DNS will resolve this problem.

# cat /etc/resolv.conf
nameserver 192.168.26.202          <=== This line solves the problem
nameserver 127.0.0.1
domain weavernet.null

However, I can't always apply this work around.
Comment 16 Bahram C. 2007-02-09 11:05:34 UTC
I noticed this in samba-technical digest and thought it could be relevant to this this bug.


Subject:
Re: DNS query with Netbios domain
From:Todd Stecher <todd.stecher@isilon.com>
Date:Thu, 8 Feb 2007 23:55:19 -0800
To:Todd Stecher <todd.stecher@isilon.com>
CC:samba-technical <samba-technical@samba.org>

It looks like this was a bug in winbindd_cm.c / get_dcs() which is remedied in 3.0.25 as part of the site proximity fixes.


On Feb 8, 2007, at 11:33 PM, Todd Stecher wrote:

> Given an ADS domain foobar.zippy.com, I'm seeing quite a few DNS queries originating from resolve_ads() / ads_dns_query_dcs() with the form:
>
> _ldap._tcp.dc._msdcs.foobar
>
> I would typically expect to see this query actually take the form:
>
> _ldap._tcp.dc_msdcs.foobar.zippy.com
>
> In all of my years sniffing wire traffic in windows enterprises, I've never seen the first form - that just doesn't seem like a "real" DNS domain name / SRV query.  Is there some element of configuration I'm missing which would make this work?  Does anyone expect it to?  These queries fail pretty quickly on my system, but it seems like unnecessary overhead.
>
>
> Todd Stecher | Windows Interop Dev
> Isilon Systems    P +1-206-315-7500     F  +1-206-315-7501
> www.isilon.com    D +1-206-315-7638    M +1-425-205-1180
>
>

Todd Stecher | Windows Interop Dev
Isilon Systems    P +1-206-315-7500     F  +1-206-315-7501
www.isilon.com    D +1-206-315-7638    M +1-425-205-1180


Comment 17 SATOH Fumiyasu 2007-02-19 23:44:59 UTC
I can do the 'net ads join' with the following config
in /etc/hosts without modifying /etc/resolv.conf:

  127.0.0.1       localhost
  ## This host (Samba)
  10.0.0.17       blade.example.com blade loghost
  ## AD domain controller (workaround for Bug 3906)
  10.0.0.1        ads.example.com

My /etc/krb5.conf contains the following:

  [libdefaults]
  default_realm = EXAMPLE.COM
  [realms]
  EXAMPLE.COM = {
    kdc = ads.example.com
  }
  [domain_realms]
  example.com = EXAMPLE.COM
  .example.com = EXAMPLE.COM

I think that "password server = 10.0.0.1 (It's IP address of AD DC)"
in smb.conf can be used for workaround for this bug too. But it
does not help me. 
Comment 18 Bahram C. 2007-02-27 10:17:55 UTC
This discussion is also relevant:



Subject: setting dNSHostName at join
From: "Gerald (Jerry) Carter" <jerry@samba.org>
Date: Mon, 26 Feb 2007 20:03:19 -0600
To: Guenther Deschner <gd@samba.org>, samba-technical@samba.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Guenther,

If case the IRC logs gets lost....

(6:45:35 PM) gd: coffeedude: we need to be more
	graceful when joining and name_to_fqdn fails
	and where we are not using a keytab.
(6:46:16 PM) gd: coffeedude: also assuming that we can
	always write to "dnsHostName" is invalid.

(7:54:11 PM) coffeedude: gd: I disagree.
(7:55:03 PM) coffeedude: gd: if we can't get a valid
	fqdn krb5 cannot work.  I think it it is better
	to fail upfront than to leave an admin scratching
	his/her head later on.
(7:55:56 PM) coffeedude: gd: the current model does
	exactly what XP does.
(7:56:14 PM) coffeedude: gd: if we cannot update the hostname
	and SPN in AD, the just use security = domain.
(7:56:57 PM) coffeedude: gd: if you have a specific
	environment where this is failing and Windows is
	working, then we should do what Windows does.  But
	based on my invesigations, if Windows cannot
	update the dNSHostName or SPN it will fail the join.
(7:59:24 PM) coffeedude: gd: I should clarify, Windows
	XP will fail.  Windows 2000 will join but Krb5
	will never be available.



(8:03:29 PM) gd: coffeedude: I need to check back with
	my customer, but they kepp telling me, that they
	are not allowed to set dnsHostName (by LDAP security
	descriptor) but nicely do krb5 auth in the domain
	after joining.
(8:04:39 PM) gd: coffeedude: and where do you think we need
	a fqdn when using kerberos? (without a system keytab)
(8:05:00 PM) gd: coffeedude: we can *always* kinit
	as netbiosname$@realm.de.
(8:05:11 PM) gd: coffeedude: that is at least my understanding.
(8:05:57 PM) gd: coffeedude: so it is not required for the SPNs.
	Do I miss something?

(8:06:06 PM) coffeedude: The keytab has nothing to do with
	it.  How can a Windows client get a service ticket
	for an account with no SPN ?
(8:06:29 PM) coffeedude: gd: Just show me a trace of a Windows
	client doing Krb5 auth in the session setup with no SPN set.
(8:06:35 PM) coffeedude: for the target server of course in AD.
(8:07:10 PM) coffeedude: NTLM will continue to work of course,
	but that defeats the purpose of security =a ds.
(8:07:11 PM) gd: you mean for us as a smbd as a domain member?
(8:07:53 PM) coffeedude: gd: Yes.  Just show me a trace of
	a Windows client going \\server\share and sending
	Krb5 in the session setup if the Samba host has not
	SPN set in AD.
(8:08:06 PM) coffeedude: And no dNSHostName attribute
(8:08:35 PM) coffeedude: gd: I'm not trying to be stubborn
	on this, I just need proof in order to accept the POV.

(8:09:05 PM) gd: coffeedude: sure, no problem, I'll try to get
	such a trace

(8:09:47 PM) coffeedude: gd: Thinking a bit more, a Windows
	client might succeed even it it cannot write to
	the dNSHostName
(8:10:02 PM) coffeedude: if the value is already set
	properly.  That I could understand.
(8:10:18 PM) coffeedude: gd: and If you have traces, I'll
	be glad to change my tune.

(8:11:35 PM) gd: coffeedude: my customer has valid DNS,
	just the DNS entries replicate very slowly to
	the subdomains. (They are not using the builtin
	DNS in AD but an external one). Windows seems
	to be happy with that.

(8:11:56 PM) coffeedude: gd: it's not a question of valid DNS.
(8:12:55 PM) coffeedude: gd: Ahh....I think I see what you
	are saying now.  I still need to see a trace to
	understand it.  I'm still a bit skeptical of your
	customer (no offense).
(8:13:14 PM) coffeedude: gd: but I've been wrong before.....
(8:13:59 PM) coffeedude: gd: if I'm wrong, then we should
	simply bracket the set spn and hostname in a WITH_
	DNS_UPDATES block.

(8:14:01 PM) gd: coffeedude: sure, just relating to the
	first issue: name2fqdn fails as the replication
	is not finished yet. (they prepare their dns
	for joining machines).
(8:14:37 PM) gd: coffeedude: I made all that now dependent
	from the name2fqdn lookup success (converting
	to BOOL). still testing...

(8:15:13 PM) coffeedude: gd: if you can show me the session
	setup trace, then we'll figure it.  If however, I'm
	right about the krb5, then we have to know our fwdn
	in order to join (can be configured in /etc/hosts).








Comment 19 SATOH Fumiyasu 2007-07-12 19:46:39 UTC
Created attachment 2816 [details]
Proposed patch: Use resolved IP address instead of short DNS name

Because ads->config.ldap_server_name has a short (non-FQDN) hostname,
it cannot be resolved on some situation (e.g. DNS domainname and/or
search suffix != AD domainname) and ldap_open_with_timeout() failed.

I've applied this patch to Samba 3.0.24.
Comment 20 SATOH Fumiyasu 2009-02-05 07:49:21 UTC
Created attachment 3923 [details]
Updated patch for 3.2.8 (v3-2-test)
Comment 21 Björn Jacke 2012-09-09 18:58:24 UTC
looks like this is still an unsolved issue even in the latest versions?
Comment 22 Björn Jacke 2016-12-05 15:18:22 UTC
using a domain name which is not the AD realm is not supported. Further more not even using the realm in the DNS search list *must* fail then. There is no point in addding hooks to make such setups work somehow. Closing this as this is a broken setup acutally.