Tried upgrading a couple of working samba-3.0.22 boxes that are currently members of our ads domain to samba-3.0.23a. Before the upgrade: $ kinit foo@BAR.com $ net ads testjoin $ net ads join works fine. After the upgrade $ net ads testjoin $ net ads join both hang. So I tried $ net ads testjoin -d4 and found that it returns: [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1502) get_dc_list: returning 2 ip addresses in an unordered list [2006/07/24 10:12:27, 4] libsmb/namequery.c:get_dc_list(1503) get_dc_list: 2.0.0.0:389 73.78.47.85:1160662094 which is *totally* not right for our site (not even close). ???? running the aforementioned command using samba-3.0.22 does return the correct values for get_dc_list.
Please attach a level 10 debug log from net and a raw network trace from ethereal. I rewrote the DNS lookup routines for 3.0.23.
Is this a non-intel Linux platform ?
These are i686 RHEL4 boxes. Damn it, must have been a local problem (our campus AD servers have been known to go into la-la land on occasion). Now, ~30 minutes later, I can no longer reproduce the problem.
If this pops back up, let me know. I've been testing pretty thoroughly against Windows 2000 DNS. Unless there some packet format that I haven't seen, it should be fine.
OK, I think I can now reproduce. It's dependant on what's exactly in /etc/krb5.conf. If I have in /etc/krb5.conf: [libdefaults] default_realm = UNL.EDU [realms] UNL.EDU = { default_domain = unl.edu } [domain_realm] unl.edu = UNL.EDU .unl.edu = UNL.EDU Things fail as before. If I instead I manually specify kdc and admin server [realms] UNL.EDU = { kdc = foo.UNL.EDU admin_server = foo.UNL.EDU default_domain = unl.edu } It works.
That makes no sense. The get_dc_list() talks directly to DNS. Can you attach the debug logs and network traces? Thanks.
> That makes no sense Tell me about it! (:
Things seem to be working here again. It must have been a wild coincidence that my *5* previous attempts to confirm a change in krb5.conf made a difference, because now it works both ways. I think I need a drink.
I think I found the bug. The problem is when the Addition Records section of the DNS reply does not contain A records for all the SRV names. Will attach a patch.
Created attachment 2061 [details] zero memory for dc list
This should fix the problem.
Jerry, many thanks (for that patch and for saving my sanity).
My fault. Thanks for following up and testing.