Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1685138 - adcli info should send netlogin pings to all domain controllers, not only a subset [NEEDINFO]
Summary: adcli info should send netlogin pings to all domain controllers, not only a s...
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: adcli
Version: 7.6
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: rc
: ---
Assignee: Sumit Bose
QA Contact: ipa-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-04 13:07 UTC by afox@redhat.com
Modified: 2019-03-06 00:45 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
sbose: needinfo? (nsoman)


Attachments (Terms of Use)
sosreport from client system where adcli is executed (deleted)
2019-03-04 13:15 UTC, afox@redhat.com
no flags Details


Links
System ID Priority Status Summary Last Updated
freedesktop.org Gitlab realmd adcli issues 13 None None None 2019-03-04 13:55:36 UTC

Description afox@redhat.com 2019-03-04 13:07:31 UTC
Description of problem:
In customer environment, there is an AD domain which spans 5 datacenters, with two AD DCs in each datacenter for a total of 20 AD DCs.

There are firewalls limiting connectivity between the datacenters, which means that AD clients in datacenterA cannot contact the AD DCs in datacenterB and vice versa. However, the AD DCs are able to communicate with each other.

When the command 'adcli --verbose info -D our.ad.domain' is executed in automation to identify the computer-site and subsequently join to the site local AD DC, adcli only sends the netlogin pings to 5 of the 20 AD DCs. As a result,  when none of the local AD DCs is pinged, the computer-site cannot be identified, and the automation fails.

Version-Release number of selected component (if applicable):
adcli-0.8.1-4.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Setup an AD domain that contains more than 5 AD DCs. 
2. Run adcli command as above. 

Actual results:
Only 5 AD DCs are pinged

Expected results:
All AD DCs should be pinged


Additional info:

Comment 4 afox@redhat.com 2019-03-04 13:15:12 UTC
Created attachment 1540638 [details]
sosreport from client system where adcli is executed

Comment 5 Sumit Bose 2019-03-04 13:55:36 UTC
This issue was tracked upstream by https://gitlab.freedesktop.org/realmd/adcli/issues/13 and is fixed with commit 0a0d0f66409eb83e06b7dc50543c2f6c15a36bc4.


Note You need to log in before you can comment on or make changes to this bug.