The Samba-Bugzilla – Bug 4923
Red X on domaincontroller symbol
Last modified: 2008-10-07 07:42:19 UTC
It is reproducible in the following way:
- Launch the computer administration MMC
- Change the workstation to the SAMBA machine (Right click - "Connect to other machine..."
- Then you see the red X
What do you think could that be?
Andrew, have you any clues on that?
Did you reproduce now this strange symbol?
This (opening the computer management) works for me. Some elements of the Computer Management tool don't work, but this is not particularly unexpected.
Please file detailed bugs on each component. Particularly useful would be a rationale on why to focus on a particular tool, to help us prioritize.
Maybe another easier way to reproduce the problem:
(please try it from a Windows domain member logged in with the domain administrator of a SAMBA 4 domain)
- Right click on "My Computers" icon and select "Management"
- Then you right click on the computer icon in top of the tree "Computer Management" and choose something like "Change workstation to administer"
Be sure that in the top of the dialog is selected "Global Catalog".
You should see the domain controller and the members, but the domain controller has a little red "X" in the lower-right corner.
I can 'connect to another computer' fine. It asks for a computer name, but the version I use doesn't give an opportunity to browse (only to possibly search using the normal search dialogs).
I'm running computer manager 5.1.2600.0 - perhaps different versions have different behaviors.
Interesting! I'll have to try to find another way to demonstrate you this problem. Maybe this has been changed after Windows 2000. You use Windows XP, I'm right?
Yes, I've been testing on WinXP SP2 with the admin tools installed from the Win2k3 DVD.
Yes, I saw now that the dialog in Windows XP changed.
Created attachment 3342 [details]
I generated now a log about this. When I did this, I noticed a KERBEROS_RESPONSE_TOO_BIG error. Maybe that could be related to this issue?
KERBEROS_RESPONSE_TOO_BIG is standard and perfectly normal
I've studied now the netlogon attribute from the CLDAP request and have compared them with the table presented in the WSPP docs (http://msdn.microsoft.com/en-us/library/cc201036.aspx). The first two bytes seem to be correct, but that the third and fourth one is completely clear with SAMBA 4. But in the docs there are listed some flags.
Is this behaviour compatible with Windows 2k oder 2k3 Server and therefore the other bits were introduced later?
Created attachment 3350 [details]
A simple patch adding the bits
Unfortunately, the patch doesn't seem to change the behaviour of the Windows 2000 computer management console. But I'd apply it anyway to match as much as possible the Windows Server (maybe a blackbox test with it would be good, but I don't have one) behaviour.
I don't like those bits being unconditional, and untested.
Can you please expand the CLDAP test to check this and the other flags for sanity, and don't assume we are always a forest root - it is easy enough to check if the root dn and domain DN are equal. See ldb_get_root_basedn and ldb_get_default_basedn
Created attachment 3460 [details]
An enhanced version of the patch
This version of the patch adds the bits, the right check for the forest root (following your last comment) and doesn't set the bit NBT_SERVER_DS_DNS_DOMAIN because I think we don't provide a "defaultNamingContext" attribute in the rootDSE object yet.
Created attachment 3461 [details]
The enhanced torture testsuite
Created attachment 3462 [details]
The final version of the CLDAP Netlogon patch
Naturally we provide also a "defaultNamingContext" (looking at "provision_rootdse_add.ldif"). Considering this the domain name is equal to the default naming context and we can set the flag.
Sorry for the late reply.
The patch looks good, but the testsuite does not:
Just printing the flags won't help ensure this is correct - the testsuite needs to check for expected values. Do a CLDAP search for the defaultNamingContext and rootDomainNamingContext and compare them in the torture code. Then you can examine if the server set the flags correctly.
Created attachment 3478 [details]
The enhanced torture testsuite
Improved testsuite following your latest comment.
Nice work, applied!
Now to ponder the original bug :-)
I don't see the checkin (SAMBA 4 main branch)!
Also this has been fixed!