Bug 1004442
Summary: | join with adlci fails on CLDAP ping when the first discovered address is IPv6 | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Patrik Kis <pkis> | ||||
Component: | adcli | Assignee: | Stef Walter <stefw> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Patrik Kis <pkis> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 7.0 | CC: | dlackey, dspurek, jrieden, pkis | ||||
Target Milestone: | rc | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | adcli-0.7.5-1.el7 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-06-13 12:28:20 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1007421 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Patrik Kis
2013-09-04 16:04:00 UTC
Patches available upstream. Part of reworking adcli to use all addresses during discovery. Hi Stef, it seems that the cldap ping was fixed but there is still issue with IPv6. I'm not 100% sure that is is caused by adlci itself but so far it looks like. # rpm -q adcli adcli-0.7.4-1.el7.x86_64 # ping6 2620:52:0:2223::1:1 PING 2620:52:0:2223::1:1(2620:52:0:2223::1:1) 56 data bytes 64 bytes from 2620:52:0:2223::1:1: icmp_seq=1 ttl=58 time=167 ms 64 bytes from 2620:52:0:2223::1:1: icmp_seq=2 ttl=58 time=164 ms 64 bytes from 2620:52:0:2223::1:1: icmp_seq=3 ttl=58 time=162 ms ^C --- 2620:52:0:2223::1:1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 162.582/164.939/167.591/2.108 ms # # # adcli delete-computer -v --domain ad.baseos.qe --domain-realm AD.BASEOS.QE --domain-controller 2620:52:0:2223::1:1 --login-user amy-admin ad.baseos.qe * Using domain name: ad.baseos.qe * Calculated computer account name from fqdn: RAALMDTEST * Using domain realm: ad.baseos.qe * Sending cldap pings to domain controller: 2620:52:0:2223::1:1 ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't perform discovery search: Can't contact LDAP server ! Couldn't initialize LDAP connection: Bad parameter to an ldap routine: adcli: couldn't connect to ad.baseos.qe domain: Couldn't initialize LDAP connection: Bad parameter to an ldap routine: and this looks suspicious (see the IPv6 address below, it seems to be truncated "2620:52:0:2223::"): # strace adcli delete-computer -v --domain ad.baseos.qe --domain-realm AD.BASEOS.QE --domain-controller 2620:52:0:2223::1:1 --login-user amy-admin ad.baseos.qe /SNIP getsockname(3, {sa_family=AF_NETLINK, pid=2979, groups=00000000}, [12]) = 0 sendto(3, "\24\0\0\0\26\0\1\3\3060/R\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"D\0\0\0\24\0\2\0\3060/R\243\v\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 140 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0\3060/R\243\v\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 192 recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\3060/R\243\v\0\0\0\0\0\0", 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 close(3) = 0 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 3 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 sendto(3, "0@\2\1\1c;\4\0\n\1\0\n\1\0\2\1\0\2\1\0\1\1\0\240\34\243\r\4\5Nt"..., 66, 0, {sa_family=AF_INET6, sin6_port=htons(389), inet_pton(AF_INET6, "2620:52:0:2223::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 16) = -1 EINVAL (Invalid argument) write(2, " ! Couldn't perform discovery se"..., 64 ! Couldn't perform discovery search: Can't contact LDAP server ) = 64 Created attachment 796925 [details]
Don't use cldap with IPv6 due to openldap bugs
Documentations heads up: Added workaround to adcli to not use CLDAP with IPv6, and use LDAP instead. This has the work around that Windows 2003 domains are not joinable using IPv6, as they do not support discovery using LDAP (only CLDAP). New adcli 0.7.5 build should fix this. Tested like so: [root@ppc64-m00 ~]# adcli delete-computer -v --domain ad.baseos.qe --domain-realm AD.BASEOS.QE --domain-controller 2620:52:0:2223::1:1 --login-user amy-admin ad.baseos.qe * Using domain name: ad.baseos.qe * Calculated computer account name from fqdn: PPC64-M00 * Using domain realm: ad.baseos.qe * Sending netlogon pings to domain controller: ldap://[2620:52:0:2223::1:1] * Received NetLogon info from: sec-ad1.ad.baseos.qe * Wrote out krb5.conf snippet to /tmp/adcli-krb5-Bc8fTd/krb5.d/adcli-krb5-conf-GLHK7m Password for amy-admin.QE: * Authenticated as user: amy-admin.QE * Looked up short domain name: AD * Using fully qualified name: ppc64-m00.lab.eng.brq.redhat.com * Using domain name: ad.baseos.qe * Using computer account name: PPC64-M00 * Using domain realm: ad.baseos.qe * Using fully qualified name: ad.baseos.qe * Calculated computer account name from fqdn: AD * Computer account for AD$ does not exist ! No computer account for AD$ exists adcli: deleting ad.baseos.qe in ad.baseos.qe domain failed: No computer account for AD$ exists This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |