Realmd can not join Samba4 Domain

Stefan (metze) Metzmacher metze at samba.org
Sun May 4 12:11:19 MDT 2014


Hi Niklas,

>  I am doing some automated testing setting up Samba4 AD DC and Realmd.
> 
>  The thing is that realm discover [Samba4-domain] gives an error:
> 
> vagrant at client002:~$ realm discover -v openforce.org
>  * Resolving: _ldap._tcp.openforce.org
>  * Performing LDAP DSE lookup on: 192.168.33.2
>  ! Received invalid or unsupported Netlogon data from server
> openforce.org
>   type: kerberos
>   realm-name: OPENFORCE.ORG
>   domain-name: openforce.org
>   configured: no
> 
> 
> ..it works when you do a discover of a Microsoft Active Directory-domain.
> 
> I think the problem lies in Samba4 AD DC not exposing certain capabilities.
> The code in question in realmd is this:
> 
> realm_disco_mscldap_request (LDAP *ldap,
>                              int *msgidp,
>                              GError **error)
> {
>         char *attrs[] = { "NetLogon", NULL };
>         int rc;
> 
>         rc = ldap_search_ext (ldap, "", LDAP_SCOPE_BASE,
> 
> "(&(NtVer=\\06\\00\\00\\00)(AAC=\\00\\00\\00\\00))",
>                               attrs, 0, NULL, NULL, NULL,
>                               -1, msgidp);
> 
>         if (rc != LDAP_SUCCESS) {
>                 realm_ldap_set_error (error, ldap, rc);
>                 return FALSE;
>         }
> 
>         return TRUE;
> }
> 
> Sorry, I haven't been able to decipher the LDAP-query further, I was also
> able to see this using Wireshark when I wiretapped the connection.
> 
> Samba4 AD DC returns nothing, while MS AD returns...something. I haven't
> been able to reproduce the query. There is something going on with
> anonymous binding, and there is a query send with "NetLogin", but I haven't
> been able to reproduce this query manually with any success.
> 
> 
>  FYI: I am using samba4 4.1.6 from the Ubuntu-repo. If you know of any PPA
> with current trunk, I would be grateful for that information.

This seems to be https://bugzilla.samba.org/show_bug.cgi?id=10524.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140504/75169bcc/attachment.pgp>


More information about the samba-technical mailing list