samba - Nov 2009 - samba 3.4 ADS support broken on ipv6 networks ?

Our Windows 2003 domain controllers and Samba member servers
support both ipv4 and ipv6. Our DNS server resolves hostnames
both to ipv4 and ipv6 addresses.

Recently, this turned out to be a problem when within a regular
Fedora 11 update, samba 3.2 was replaced with samba 3.4.
samba-3.4.2-0.42.fc11.i586 to be exact.

Everything Active Directory related stopped working and I had
to stop winbind because it started to eat all open file resources.

A quick look with wireshark shows that the Samba 3.4 member server
tries to make an ipv6 LDAP connection to the Windows 2003 DC.

Now Windows 2003 does support ipv6, but its AD LDAP service
does not. Samba, like any other app should fall back to ipv4,
but apparantly does not.

There more evidence to my theory because

    net ads testjoin -S dc


  fails with

2009/11/04 14:29:47,  0] utils/net_ads.c:279(ads_startup_int)
   ads_connect: No logon servers
Join to domain is not valid: No logon servers

and

    net ads testjoin -S dc.ipv4

succeeds.

Here, "dc" resolves to both ipv4 and ipv6 addresses,
and "dc.ipv4" resolves to an ipv4 address only.

Has anyone else seen this problem?
I have seen no mention of this problem on either Samba or Fedora
mailinglists, nor in bugzilla.redhat.com

Thanks,
Pim

Pim,

This should work. It sounds like a bug. You are quite correct Samba
should fall back to IPv4. I am out of the office this week so I probably
won't have time to try it myself (we'll see). I'd recommend raising
a bug.

Best Regards,
David
------------------------------------------------------------------------
Dr David Holder CEng FIET MIEEE

Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT

Reception: +44 (0)1422 207000

Direct Dial: +44 (0)131 2026317

Cell: +44 (0) 7768 456831

Registered in England and Wales. Registered Number 3521142
VAT Number: GB 698 3633 78




Pim Zandbergen wrote:
> Our Windows 2003 domain controllers and Samba member servers
> support both ipv4 and ipv6. Our DNS server resolves hostnames
> both to ipv4 and ipv6 addresses.
>
> Recently, this turned out to be a problem when within a regular
> Fedora 11 update, samba 3.2 was replaced with samba 3.4.
> samba-3.4.2-0.42.fc11.i586 to be exact.
>
> Everything Active Directory related stopped working and I had
> to stop winbind because it started to eat all open file resources.
>
> A quick look with wireshark shows that the Samba 3.4 member server
> tries to make an ipv6 LDAP connection to the Windows 2003 DC.
>
> Now Windows 2003 does support ipv6, but its AD LDAP service
> does not. Samba, like any other app should fall back to ipv4,
> but apparantly does not.
>
> There more evidence to my theory because
>
>    net ads testjoin -S dc
>
>
>  fails with
>
> 2009/11/04 14:29:47,  0] utils/net_ads.c:279(ads_startup_int)
>   ads_connect: No logon servers
> Join to domain is not valid: No logon servers
>
> and
>
>    net ads testjoin -S dc.ipv4
>
> succeeds.
>
> Here, "dc" resolves to both ipv4 and ipv6 addresses,
> and "dc.ipv4" resolves to an ipv4 address only.
>
> Has anyone else seen this problem?
> I have seen no mention of this problem on either Samba or Fedora
> mailinglists, nor in bugzilla.redhat.com
>
> Thanks,
> Pim
>
>
>

I have filed bug reports on both Samba's and Fedora's bugzilla:

https://bugzilla.samba.org/show_bug.cgi?id=6870
https://bugzilla.redhat.com/show_bug.cgi?id=533028

Pim