samba4 and win2k8r2 forest not working

[Pavel Herrmann]

Hi

I am trying to join samba4 into my win2k8r2 domain tree, but it doesn't work, 
or at least not as it should

first, while doing 'samba-tool join' command, it gives me several 'Conversion 
error: Illegal multibyte sequence' on CN=Schema,CN=Configuration, but the join 
finished successfully (the machine appears in AD as DC) - I can provide all the 
text, but it is rather large

when samba runs, it consumes 100% CPU, and gives 'RID Manager failed RID 
allocation - WERR_BADFILE - extended_ret[0x0]' into logfile

samba-tool then fails for most functions, sometimes (for instance 'drs 
showrepl') it gives a NT_something error message, or (for example 'fsmo show') 
it gives a python crash, which is caused by wrong assumption about DNs

at least fsmo and domainlevel python scripts assume that everything is stored 
under samdb.domain_dn(), which is not always true. if your domain is not a 
top-level (on AD domain tree sense) then CN=Configuration is not stored under 
your domain DN, but under domain DN of the root domain

to give an example, in school we have a DC=virtlab,DC=int domain tree, with 
every student having a DC=$surname,DC=virtlab,DC=int subdomain. the correct 
base DN for forest-wide information (like schema and partition info, both 
under CN=Configuration) is DC=virtlab,DC=int, while samba-tool tries to look 
for it in DC=herrmann,DC=virtlab,DC=int, and failing miserably

I presume that the join error is caused by someting in this tree and non-
critical (there is quite a lot of data in 
private/CN=SCHEMA,CN=CONFIGURATION,DC=VIRTLAB,DC=int.ldb), and that the main 
culprit is the false (domain_baseDN == tree_baseDN) assumption

I am on current (as of today) GIT master

this is a purely testing environment, so if you need anything I can try it.

I hope this is at least partly understandable, and that someone with samba 
development experience is able to fix this


thanks
Pavel Herrmann

PS: not subscribed, please keep me in to/cc