[Samba] Sysprep AD Join fails on Dual Stack
Thomas Glanzmann
thomas at glanzmann.de
Tue Jul 17 07:03:35 UTC 2018
Hello,
* Jon Gerdes <gerdesj at blueloop.net> [2018-07-17 02:45]:
> Before you focus on Samba, it is generally good form to prove it or
> get as close as you can. So: you can domain join OK but when using
> sysprep (Microsoft provided utility), it fails. I don't think your
> problem is with Samba but with sysprep.
you're right.
I tried a lot of things in the last 12 hours and it tears down, to the
following: Sysprep has some sort of race condition which breaks the
domain join as soon as dual stack is used. Probably IPv6 is ready while
IPv4 is not ready, than it tries the domain join, fails for whatever
reason and gives up. My old ADs were dual stack but only had an IPv4
DNS entry for the AD. My Samba AD setup was dual stack, but the setup domain
process uses IPv4 and IPv6 addressed to point to the ad. To summarize:
- If I disable IPv6 on the to be syspreped machine, it works.
- If I disable IPv6 on the Samba AD, it works.
In between I tried a lot of things including disabling WINS, Netbios,
use w2k8r2, use w2k16, adding fec0:0:0:ffff::1-3/64 to my AD to allow
DNS to work bevor IPv4 was ready. All did not bring the expected
results. The only thing that works is either disabling IPv6 on the to be
syspred machine or disabling IPv6 on the SAMBA AD:
interfaces = 10.101.0.1
I went with disabling IPv6 on the Samba AD because I want IPv6 on my
workstations. So Samba is not the culprit, sysprep has a racy ip setup.
I'll do two more tests:
- Add an IPv6 DNS entry to my old AD and confirm that sysprep
breaks as well.
- Disable IPv4 alltogether and try a domain join with and
without sysprep. I'll report back on my findings.
Cheers,
Thomas
More information about the samba
mailing list