9792 – Samba DC join fails - IPv4/IPv6 or multihomed servers

Bug 9792 - Samba DC join fails - IPv4/IPv6 or multihomed servers

Summary: Samba DC join fails - IPv4/IPv6 or multihomed servers

Status:	RESOLVED DUPLICATE of bug 15325

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	unspecified
Hardware:	All Linux

Importance:	P5 major (vote)
Target Milestone:	4.3
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (1):	15309 (view as bug list)
Depends on:
Blocks:

Reported:	2013-04-14 16:44 UTC by Marcel Ritter
Modified:	2023-03-11 10:02 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcel Ritter 2013-04-14 16:44:05 UTC

Base system: Ubuntu 12.04.2
Samba4 version: latest git

I just tried to add a second DC to an existing Samba4 domain using samba-tool
But the join failed, complaining about being unable to find a writeable DC:

root at elektron:~# /opt/samba4/bin/samba-tool  domain join linex.r00t.la DC
Finding a writeable DC for domain 'linex.r00t.la'
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'linex.r00t.la'
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1082, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 73, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 246, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)


Looking a little closer, I think the problem is IPv4/IPv6 related:
The existing DC has both IPv4 and IPv6 address (and both are available
via Samba4's internal DNS.
Unfortunately even if the client does not own an IPv6 address (see
further down below) samba-tool still tries to address the DC's LDAP
server via IPv6 - and fails miserably:

root at elektron:~# strace -f -e trace=network /opt/samba4/bin/samba-tool  domain join linex.r00t.la DC
<...>
[pid  1640] socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 5
[pid  1640] connect(5, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.6")}, 16) = 0
[pid  1640] send(5, "NQ\1\0\0\1\0\0\0\0\0\0\5venus\5linex\4r00t\2la"..., 37, MSG_NOSIGNAL) = 37
[pid  1640] recvfrom(5, "NQ\205\200\0\1\0\1\0\0\0\0\5venus\5linex\4r00t\2la"..., 1500, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.6")}, [16]) = 53
Process 1635 suspended
[pid  1640] +++ killed by SIGKILL +++
Process 1635 resumed
--- SIGCHLD (Child exited) @ 0 (0) ---
socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5
setsockopt(5, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
connect(5, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, "2001:xxxx:xxxx:xxxx::2", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable)
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'linex.r00t.la'
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1082, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 73, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 246, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)

root at elektron:~# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:9e:df:48 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0

Comment 1 Björn Jacke 2013-07-17 20:34:57 UTC

the same error can pop up if the remote site has multiple IPv4 addresses and for the first one we try we have to route. We should add fallback to all registered IPs if we get a "Network is unreachable" error.

Comment 2 Karolin Seeger 2013-12-10 15:50:05 UTC

Any news on this one?

Comment 3 Karolin Seeger 2014-11-27 10:53:25 UTC

Is this a showstopper for 4.2.0?

Comment 4 Björn Jacke 2014-11-27 11:16:02 UTC

has always been broken in samba 4 and is no blocker. no idea why this was ever maked as a blocker.

Comment 5 Simon Fredriksson 2022-10-26 13:11:04 UTC

An old but still relevant issue. IPv6-only hosts cannot join as DC. After joining, IPv6 seems work fine. Is it just an issue with samba-tool?

Comment 6 Björn Jacke 2023-02-10 14:44:43 UTC

*** Bug 15309 has been marked as a duplicate of this bug. ***

Comment 7 Björn Jacke 2023-03-11 10:02:15 UTC


*** This bug has been marked as a duplicate of bug 15325 ***