Bug 8803 - wbinfo --dsgetdcname errors
Summary: wbinfo --dsgetdcname errors
Alias: None
Product: Samba 3.3
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.3.9
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
Depends on:
Reported: 2012-03-09 01:59 UTC by kvthanga
Modified: 2020-12-29 10:30 UTC (History)
0 users

See Also:

Patch for dsgetdcname errors (1.19 KB, application/octet-stream)
2012-03-09 01:59 UTC, kvthanga
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description kvthanga 2012-03-09 01:59:31 UTC
Created attachment 7365 [details]
Patch for dsgetdcname errors

The dsgetdcname command in wbinfo calls winbindd to obtain the DC for a domain. Winbind does a SRV lookup to find the DC and then does a CLDAP request the validate the DC. 

I ran into a couple of issues when using v3.3.9. From the code it appears that these are also present in the latest v3.6.3. A possible fix is attached.

1) The CLDAP requests are done using hostname instead of the IP-address discovered from the SRV lookup. This means that for a multihomed host the CLDAP request may succeed if it gets sent to a working interface while  the interface from SRV response is down. In this case, winbind will incorrectly mark the IP in the SRV response as valid and cache that for 15 minutes.

2) The first dsgetdcname requests returns a KDC hostname instead of an ip address. This does not occur when a cached entry is returned.
Steps to repro:
rm /usr/local/samba/var/locks/gencache.tdb 
pkill winbindd 
./bin/wbinfo --dsgetdcname=VCS132DOM.COM

Output of wbinfo command returns
    \\GEN1-VCS132         <======= Using hostname
    2                                <======= Type is for netbios

Running the wbinfo command again returns:
    \\         <======= Returns IP
    1                           <======= Type is for ip
Comment 1 Björn Jacke 2020-12-29 10:30:12 UTC
thanks, this is fixed in current versions, feel free to reopen this, if you still see an issue with it.