[Samba] samba4: "net ads join" fails (samba4 DC)

[Marcel Ritter]

Hi,

I'm running Samba 4 (latest git) as DC in my test environment.
Joining Windows clients works as expected, however if I try to
join a Linux box by using Samba 3 "net ads join", I get this error:

client # net ads join -U Administrator%password
Failed to join domain: failed to set machine spn: Critical extension is
unavailable

As far as I can remember this used to work somewhere around alpha6/7.

Is there currently any way to add Samba 3 boxes to the Samba 4 domain?


Some more details:
Looking at the network traffic, there's a LDAP modify request requiring some
special control:

object: CN=client1,CN=Computers, <...>
operation: replace
type: dNSHostName
controlType: 1.2.840.113556.1.4.1413 (LDAP_SERVER_PERMISSIVE_MODIFY_OID)
criticality: True

However this control is not supported in Samba4 according to the
built-in LDAP server:

supportedControl:
 + 1.2.840.113556.1.4.417               Show deleted control
 + 1.2.840.113556.1.4.319               Simple Paged Results
Manipulation Control Extension
 + 1.2.840.113556.1.4.473               LDAP Server Sort Result
extension RFC 2891
 + 1.2.840.113556.1.4.1504              Attribute scoped query control
 + 1.2.840.113556.1.4.801               Security descriptor flags control
 + 1.2.840.113556.1.4.801               Security descriptor flags control
 + 1.2.840.113556.1.4.529               Extended DN control
 + 1.2.840.113556.1.4.417               Show deleted control
 + 1.2.840.113556.1.4.1339              LDAP_SERVER_DOMAIN_SCOPE_OID
 + 1.2.840.113556.1.4.1340              Search options control

(note: some of them are duplicates: s. .417 / .801)


Cheers,
    Marcel