Bug 8897 - winbind_krb5_locator only returns one IP address.
Summary: winbind_krb5_locator only returns one IP address.
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.5
Classification: Unclassified
Component: Winbind (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-25 21:47 UTC by Jeremy Allison
Modified: 2012-05-07 16:22 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 3.5.next (2.37 KB, patch)
2012-04-25 22:18 UTC, Jeremy Allison
obnox: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2012-04-25 21:47:09 UTC
From: Dina_Fine@Dell.com
To: samba-technical@lists.samba.org
Subject: winbind_krb5_locator bug when the Domain Controller has multiple
        network IPs (smb3.5.8)

Hello
It seems the winbind_krb5_locator doesn't function correctly when the Domain Controller has multiple network IPs and some of IPs are not reachable from the samba server system.
The reason seems to be that only the winbind_krb5_locator uses the WBC_LOOKUP_DC_IP_REQUIRED flag for dsgetdcname request.

All other flows (like join domain) use only the DNS name and then resolve the name->IP in a smart way (taking an IP which responds to ldap request).

P.S. We have a customer environment where this bug actually takes place. Sometimes the net join fails and sometime net ads testjoin fails due to Kerberos error: Cannot contact any KDC for requested realm
Debugging the winbind_krb5_locator showed it replies with incorrect IP for the Kerberos Domain Controller request which leads to Kerberos error.
Comment 1 Jeremy Allison 2012-04-25 22:18:43 UTC
Created attachment 7502 [details]
git-am fix for 3.5.next

Back port of what went into master and confirmed fixed by the reporter.
Comment 2 Jeremy Allison 2012-04-25 22:30:26 UTC
Comment on attachment 7502 [details]
git-am fix for 3.5.next

This patch also applies cleanly to 3.6.x, so is suitable for both 3.5.x and 3.6.x.
Comment 3 Michael Adam 2012-04-26 08:58:22 UTC
Comment on attachment 7502 [details]
git-am fix for 3.5.next

looks good
Comment 4 Michael Adam 2012-04-26 08:59:33 UTC
Assigning to Karolin for inclusion into 3.5 and 3.6 release branch
Comment 5 Karolin Seeger 2012-05-07 16:22:24 UTC
Pushed to v3-5-test and v3-6-test.
Closing out bug report.

Thanks!