Currently we make up a password, but fail to actually create an AD account with this password during a samba-tool domain join.
This is related to replication, multi-dc-setups. Hence this should not block the 4.0.0 release. What is more, the internal dns is the default for the 4.0.0 release. Moving this to the 4.1 tracking bug....
Additionally running samba_dnsupgrade fixes it. That said, I still plan to try and get this fixed up.
Created attachment 8371 [details] Proposed patch This finishes the work to replicate the DNS partitions, by re-using the provision time logic to operate remotely.
The main issue here is that due to he delicate nature of our replication tests (ie, they pass mostly due to good luck, due in part to the concurrent and automated nature of the test environment) fixing this breaks other tests. That's why it isn't in master. https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/fix-drs-testing-10 has my current patches, but sadly I've not found a combination yet that passes autobuild (even just the dns patches, but further testing welcome).
This is in my fix-drs-testing-23 branch.
No 4.1 blocker => 4.2
Created attachment 9185 [details] patch for master to finally merge the fix for this. This patch is tested - passed 7 autobuilds and failed one due to a file server issue (unrelated, I would suggest). The difference between this and all the previous patches that never made is is that I don't test against the promoted_dc. It would be great if we could, but it changes that server startup order, and causes other tests to be flaky. A future patch could move the DNS tests to be last, to avoid this side-effect, but in the meantime I just want to get this code in.
Comment on attachment 9185 [details] patch for master to finally merge the fix for this. Patch is in master.
Created attachment 9188 [details] 4.1 patch cherry-picked from master
Created attachment 9189 [details] 4.0 patch cherry-picked from master
Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Pushed to v4-1-test and v4-0-test. Closing out bug report. Thanks!
Created attachment 9210 [details] Create dns account disabled
Hi, after these changes I got ERR_UNWILLING_TO_PERFORM joining to a 2003 R2 while creating the user account for bind dlz. I solved it creating the account disabled, and it is enabled after setting the password. The patch is attached. Thanks.
Re-assigning to Andrew for further investigations.
Comment on attachment 9210 [details] Create dns account disabled I'll upload a new patch with cherry-pick markers
Created attachment 9361 [details] patches cherry-picked from master for 4.1
Comment on attachment 9361 [details] patches cherry-picked from master for 4.1 Do we also need this change for 4.0?
Created attachment 9362 [details] patches cherry-picked from master (for 4-0-test) And here is the patch for 4.0, with cherry-pick markers.
Pushed second patchset to autobuild-v4-1-test and autobuild-v4-0-test.
(In reply to comment #20) > Pushed second patchset to autobuild-v4-1-test and autobuild-v4-0-test. Pushed to v4-1-test and v4-0-test. CLosing out bug report. Thanks!