Author Topic: 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions'  (Read 1249 times)


  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +2/-0
    • View Profile
It appears there are a few people reporting this error when running Windows 2012 Server and attempting to join Zentyal to a domain as DC.  I am also experiencing this error.

A few references here:

Server 2012/Zentyal issues,21652.msg83486.html#msg83486

Joining Samba to Windows Server 2012 DC failed,19988.msg76525.html#msg76525

Zentyal como controlador de dominio adicional,22347.msg86123.html#msg86123

It also appears Zentyal has found a solution and has even submitted a patch to Samba - which they have implemented.

References here:

Bug #689: samba-tool join error ( 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions')

[PATCH] drsuapi.idl: Manage all possible lengths of DsBindInfo

idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;a=commitdiff;h=d747372d28273542298f86530e715e8faaf907f2

My question is, will Zentyal be releasing a patch for this bug for Zentyal 3.5?  It may be awhile before a new version of Samba is released which contains this patch and in the meantime Zentyal will remain unusable as an Exchange replacement for those running Windows 2012 R2 (regardless of the domain functional level used).

« Last Edit: July 17, 2014, 03:47:07 pm by krainbolt »


  • Guest
I don't think Zentyal can answer this one.

As far as I am aware Samba4 currently only supports up 2008r2 they are aiming at 2012 but currently there are schema problems.

That is a single patch and I don't think that covers 2012

I think if you run 2012 it should be running with an 2008r2 forrest and domain level so then you can connect.

I will post on the samba list and see if I can get an answer?

Samba list is mega rapid and this is from Andrew Bartlett

On Thu, 2014-07-17 at 04:40 +0100, Stuart Naylor wrote:
> Just wondering what the state of play with Samba4 and windows server 2012 is?
> Is 2012 planned? 4.2?

It certainly will not be in 4.2.  We haven't looked at what is involved
in the 2012 functional levels.  It might be a lot of work, or might not
be, we just don't know.

Andrew Bartlett

Andrew Bartlett˜abartlet/
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

So Samba will run into problems if the domain or forest level is above 2008r2

A 2012 server can still join a samba 2008r2 domain

« Last Edit: July 17, 2014, 07:22:52 am by StuartNaylor »


  • Zen Apprentice
  • *
  • Posts: 9
  • Karma: +2/-0
    • View Profile
This problem is not with the Windows 2012 domain functional level.  I am currently operating my Windows 2012 R2 servers in a Windows 2003 domain functional level which should work, but it doesn't due to this bug.  The bug is related to the operating system itself and the fact it returns a blob of 52 bytes instead of 48 as with Windows 2008 server.

Here is a quote from the patch:

Digging into the problem it seems to be in the drsuapi IDL. The
DsBindInfo blob returned by the server is decoded in the IDL, based on
the blob length. For some reason, some servers are returning a 32 bytes
length blob, which is not decoded, so it falls into the default case and
python bindings crash.

Reviewing the documentation [MS-DRSR], it is possible the server not to
push the object GUID of the configuration NC, so I have added that case
and also the one to decode the blob returned by W2K12 R2 which is 52 bytes.

So regardless of the domain functional level, Windows 2012 R2 cannot be used unless this patch is applied.


  • Guest
Apols as I presumed the extra case exemption required was for a functional level of 2012r2.

I wondered if the samba team had any new on 2012 functional level but it would seem that is a way off yet.