We have a linux-Redhat-Server joined to domain test.at. This domain has a trusted domain ooe. Powerbroker recognises this domain, but he
can't add it properly because of the site name.
The server is in SITE1, but this site doesn't exist in the trusted domain ooe.
The debugging messages are:
lsass: [lsass] Ignoring failure enumerating trusts for forest ooe.at. Error was DNS_ERROR_BAD_PACKET (9502)
VERBOSE:netlogon: DNS lookup for '_ldap._tcp.SITE1._sites.dc._msdcs.ooe.at' failed with errno 0, h_errno = 1
When I use following command, I get the same error:
/opt/pbis/bin/get-dc-name rbgooe.at --site SITE1 # and the same error without --site
Failed communication with the LWNET Agent. Error code 9502 (DNS_ERROR_BAD_PACKET).
A bad packet was received from a DNS server. Potentially the requested address does not exist.
but with /opt/pbis/bin/get-dc-name ooe.at --site SITE2
(this site exists in the trusted domain) the result looks ok:
Printing LWNET_DC_INFO fields:
dwDomainControllerAddressType = 23
dwFlags = 12669
dwVersion = 5
wLMToken = 65535
wNTToken = 65535
pszDomainControllerName = *.ooe.at
pszDomainControllerAddress = ...
pucDomainGUID(hex) = ******
pszNetBIOSDomainName = OOE
pszFullyQualifiedDomainName = ooe.at
pszDnsForestName = ooe.at
pszDCSiteName = SITE2
pszClientSiteName = SITE1
pszNetBIOSHostName = ***
pszUserName =
/opt/pbis/bin/get-dc-list ooe.at also works fine and lists the three DCs correctly
I think the problem is situated in lwnet-dns.c:
......
if (IsNullOrEmptyString(pszSiteName))
{
dwError = LwAllocateStringPrintf(&question,
"%s._tcp.%s._msdcs.%s",
service, kind,
pszDomainName);
BAIL_ON_LWNET_ERROR(dwError);
}
else
{
dwError = LwAllocateStringPrintf(&question,
"%s._tcp.%s._sites.%s._msdcs.%s",
service, pszSiteName, kind,
pszDomainName);
# when this doesn't work it would help to try it with an empty site like in the then-branch
BAIL_ON_LWNET_ERROR(dwError);
}
.....
Windows looks for the site and if it is not found it looks in ldap._tcp.dc._msdcs.ooe.at where he can find a DC (this is called site affinity). I think
it would work for Powerbroker too, when lwnet-dns.c is changed like mentioned above.
Is there a chance to get a fix for this problem?
I've tried it with the latest Powerbroker-Release 8.5.3.
nslookup:
nslookup -type=any _ldap._tcp.dc._msdcs.ooe.at
Server: .......
Address: .......
_ldap._tcp.dc._msdcs.ooe.at service = 0 100 389 dc03.ooe.at.
_ldap._tcp.dc._msdcs.ooe.at service = 0 100 389 dc02.ooe.at.
_ldap._tcp.dc._msdcs.ooe.at service = 0 100 389 dc01.ooe.at.