Bug 8803 - wbinfo --dsgetdcname errors
wbinfo --dsgetdcname errors
Status: NEW
Product: Samba 3.3
Classification: Unclassified
Component: Winbind
All All
: P5 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2012-03-09 01:59 UTC by kvthanga
Modified: 2012-03-09 01:59 UTC (History)
0 users

See Also:

Patch for dsgetdcname errors (1.19 KB, application/octet-stream)
2012-03-09 01:59 UTC, kvthanga
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description kvthanga 2012-03-09 01:59:31 UTC
Created attachment 7365 [details]
Patch for dsgetdcname errors

The dsgetdcname command in wbinfo calls winbindd to obtain the DC for a domain. Winbind does a SRV lookup to find the DC and then does a CLDAP request the validate the DC. 

I ran into a couple of issues when using v3.3.9. From the code it appears that these are also present in the latest v3.6.3. A possible fix is attached.

1) The CLDAP requests are done using hostname instead of the IP-address discovered from the SRV lookup. This means that for a multihomed host the CLDAP request may succeed if it gets sent to a working interface while  the interface from SRV response is down. In this case, winbind will incorrectly mark the IP in the SRV response as valid and cache that for 15 minutes.

2) The first dsgetdcname requests returns a KDC hostname instead of an ip address. This does not occur when a cached entry is returned.
Steps to repro:
rm /usr/local/samba/var/locks/gencache.tdb 
pkill winbindd 
./bin/wbinfo --dsgetdcname=VCS132DOM.COM

Output of wbinfo command returns
    \\GEN1-VCS132         <======= Using hostname
    2                                <======= Type is for netbios

Running the wbinfo command again returns:
    \\         <======= Returns IP
    1                           <======= Type is for ip