net ads join crashes on error in DoDNSUpdate

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Please could you follow as much as you are able of https://wiki.ubuntu.com/StableReleaseUpdates#Procedure? In particular: is this fixed in Cosmic, the user impact (does this affect all AD joins or just one in particular circumstances, and if so, what?) and test case (how does someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem)?

Thanks!

Subscribing Andreas FYI. Looks like a trivial patch that will look obviously correct when reviewed.

Hi,

I just tried installing cosmic in a VM and I confirm I can make the server to join the domain without crashing (according to the bug tracker it was fixed in Samba 4.8.2 and cosmic is at 4.8.4). But I don't get any users. Can't login with an AD user and "getent passwd <user>" returns nothing. Maybe a new bug or something new in Samba/Winbind 4.8 I'm not aware (my prod is still at 4.7.x).

I don't think this affect all AD joins. I think this is related to this message I get when joining:
DNS update failed: NT_STATUS_UNSUCCESSFUL

The dns record <hostname>.ad.<domain>.<tld> is indeed not created after the successful join. Seem like this is a common issue but doesn't block the joining process (see https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#DNS_Update_failed:_ERROR_DNS_UPDATE_FAILED). I didn't found a way to resolve this yet. But I think this is off topic.

I don't have problems to make AD joins with sssd or with Windows clients. Windows clients have no problem with dns updates. My linux server joined with sssd have their dns record, but they don't change ip, so I can't say for sure the dns update is still working for them. All AD DC are Samba 4.7.10 (there is no Windows server at all).

Yesterday, I rebuilt the samba packages to apply the patch and then I installed my custom build. I confirm this solved the problem I had. After joining the domain, I reverted to the official build and my samba was still joined to the domain and still working fine.

Forget about the users problem on cosmic. I found the problem and I can confirm I have no issue at all. Only the dns update problem... but I have this problem with all server joined with samba (ok with sssd) since at least ubuntu 16.04.

Can you elaborate a bit on how you are joining the domain, and the output you are getting? The upstream bug and this one are not showing that particular detail, they only say that "net ads join fails".

I'm on bionic and I'm using "net ads join -k", after having obtained a ticket for the realm's Administrator.

Something like this:
root@bionic:~# kinit Administrator
Password for <email address hidden>:
root@bionic:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <email address hidden>

Valid starting Expires Service principal
10/18/18 18:40:14 10/19/18 04:40:14 <email address hidden>
 renew until 10/19/18 18:40:12
root@bionic:~# net ads join -k
Using short domain name -- LOWTECH
Joined 'BIONIC' to dns domain 'lowtech.internal'
root@bionic:~# echo $?
0

I can confirm in windows' "Active Directory Users and Computers" that the computer record is there. This is a 2016 AD Server, btw.

At first I had a dns update error, like described in https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members#No_DNS_domain_configured._Unable_to_perform_DNS_Update.

I then added the fqdn of this host to /etc/hosts and repeated the join, and now it works. And DNS is working too.

I don't have the exact output, but the binary segfault at the end when I try it on my servers.

Could you share your smb.conf, sanitized if needed?

Have you configured the ubuntu server to use the windows AD as its DNS?

Do you use kerberos authentication, or username/password, when calling net ads join?