Realmd can not join Samba4 Domain

Niklas Andersson niklas.andersson at openforce.se
Sun May 4 12:15:00 MDT 2014 

Ah, thanks a lot Stefan :) It looks like it is already solved then! I need
to get hold of a more up2date repo!

Thanks again!

Regards,
Niklas


2014-05-04 20:11 GMT+02:00 Stefan (metze) Metzmacher <metze at samba.org>:

> Hi Niklas,
>
> >  I am doing some automated testing setting up Samba4 AD DC and Realmd.
> >
> >  The thing is that realm discover [Samba4-domain] gives an error:
> >
> > vagrant at client002:~$ realm discover -v openforce.org
> >  * Resolving: _ldap._tcp.openforce.org
> >  * Performing LDAP DSE lookup on: 192.168.33.2
> >  ! Received invalid or unsupported Netlogon data from server
> > openforce.org
> >   type: kerberos
> >   realm-name: OPENFORCE.ORG
> >   domain-name: openforce.org
> >   configured: no
> >
> >
> > ..it works when you do a discover of a Microsoft Active Directory-domain.
> >
> > I think the problem lies in Samba4 AD DC not exposing certain
> capabilities.
> > The code in question in realmd is this:
> >
> > realm_disco_mscldap_request (LDAP *ldap,
> >                              int *msgidp,
> >                              GError **error)
> > {
> >         char *attrs[] = { "NetLogon", NULL };
> >         int rc;
> >
> >         rc = ldap_search_ext (ldap, "", LDAP_SCOPE_BASE,
> >
> > "(&(NtVer=\\06\\00\\00\\00)(AAC=\\00\\00\\00\\00))",
> >                               attrs, 0, NULL, NULL, NULL,
> >                               -1, msgidp);
> >
> >         if (rc != LDAP_SUCCESS) {
> >                 realm_ldap_set_error (error, ldap, rc);
> >                 return FALSE;
> >         }
> >
> >         return TRUE;
> > }
> >
> > Sorry, I haven't been able to decipher the LDAP-query further, I was also
> > able to see this using Wireshark when I wiretapped the connection.
> >
> > Samba4 AD DC returns nothing, while MS AD returns...something. I haven't
> > been able to reproduce the query. There is something going on with
> > anonymous binding, and there is a query send with "NetLogin", but I
> haven't
> > been able to reproduce this query manually with any success.
> >
> >
> >  FYI: I am using samba4 4.1.6 from the Ubuntu-repo. If you know of any
> PPA
> > with current trunk, I would be grateful for that information.
>
> This seems to be https://bugzilla.samba.org/show_bug.cgi?id=10524.
>
> metze
>
>

More information about the samba-technical mailing list