[Samba] Windows 10 won't join Samba 3 domain

lejeczek peljasz at yahoo.co.uk
Thu Jul 19 11:18:47 UTC 2018 

On 19/07/18 10:36, Konstantin Boyandin via samba wrote:
> Hello,
>
> Given:
> - Samba 3 domain is set up (runs on Samba 3.6.23, domain name "LAN")
> - Windows 10 Enterprise workstation
>
> 1. Workstation (currently in WORKGROUP workgroup) is assigned computer 
> (NetBIOS) name "sirius"
>
> 2. The instructions below:
>
> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
>
> have been applied (the 2 registry values added, workstation rebooted)
>
> 3. Corresponding machine name has been added on Samba PDC via
>
> useradd -M -g 515 sirius$
> smbpasswd -a -m sirius
>
> 4. Firewall settings on Windows machine do not prevent communication 
> with the PDC.
>
> When I try to join workstation to domain LAN (from "This PC" -> 
> "Properties" -> "Change settings"), the only reaction is pop-up:
>
> ============= details below
> An Active Directory Domain Controller (AD DC) for the domain "LAN" 
> could not be contacted"
> Ensure that the domain name is typed correctly.
> If the name is correct, click "Details" for troubleshooting information."
> ============= details above
>
> When I click "Details, the below is displayed:
>
> ============= details below
> Note: This information is intended for a network administrator. If you 
> are not your network's administrator, notify the administrator that 
> you received this information, which has been recorded in the file 
> C:\WINDOWS\debug\dcdiag.txt.
>
> The domain name "LAN" might be a NetBIOS domain name.  If this is the 
> case, verify that the domain name is properly registered with WINS.
>
> If you are certain that the name is not a NetBIOS domain name, then 
> the following information can help you troubleshoot your DNS 
> configuration.
>
> The following error occurred when DNS was queried for the service 
> location (SRV) resource record used to locate an Active Directory 
> Domain Controller (AD DC) for domain "LAN":
>
> The error was: "DNS name does not exist."
> (error code 0x0000232B RCODE_NAME_ERROR)
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.LAN
>
> Common causes of this error include the following:
>
> - The DNS SRV records required to locate a AD DC for the domain are 
> not registered in DNS. These records are registered with a DNS server 
> automatically when a AD DC is added to a domain. They are updated by 
> the AD DC at set intervals. This computer is configured to use DNS 
> servers with the following IP addresses:
>
> 10.1.0.1
> 10.1.0.5
>
> - One or more of the following zones do not include delegation to its 
> child zone:
>
> LAN
> . (the root zone)
> ============= details below
>
> /etc/samba/smb.conf:
> ============= smb.conf below
> [global]
> unix charset = UTF8
> workgroup = LAN
> netbios name = PDCLAN
> server max protocol = NT1
> server string = PDCLAN - LAN Samba PDC
> passdb backend =ldapsam:"ldap://127.0.0.1 ldap://10.1.0.10"
> username map = /etc/samba/smbusers
> interfaces = eth0 lo
> bind interfaces only = yes
> enable privileges = yes
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 0
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = CUPS
> add user script = /usr/sbin/smbldap-useradd -m '%u'
> delete user script = /usr/sbin/smbldap-userdel '%u'
> add group script = /usr/sbin/smbldap-groupadd -p '%g'
> delete group script = /usr/sbin/smbldap-groupdel '%g'
> add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
> delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> add machine script = /usr/sbin/smbldap-useradd -W '%u'
> shutdown script = /var/lib/samba/scripts/shutdown.sh
> abort shutdown script = /sbin/shutdown -c
> logon script = %u.bat
> logon drive = W:
> logon home = \\%L\%u
> logon path = \\%L\profiles\%u
> domain logons = Yes
> domain master = Yes
> wins support = Yes
> ldapsam:trusted = no
> ldap ssl = off
> ldap suffix = dc=company,dc=lan
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Users
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
> ldap admin dn = cn=Manager,dc=company,dc=lan
> idmap backend = ldap://127.0.0.1
> idmap uid = 500-20000
> idmap gid = 500-20000
> printer admin = root
> printing = cups
> ============= smb.conf above
>
> PDC lives in intranet, in DNS root zone .lan.
>
> Note: there were many a Windows 7, Windows 8/8.1, other Windows 10; 
> Windows 2012, and Windows 1026 servers which joined the above domain, 
> following the same instructions, without a glitch.
>
> I would appreciate any helpful piece of advice.
>
> Sincerely,
> Konstantin
>
if you have all the "usual-required" tweaks done to win box and samba is 
already serving other win clients(which would confirm it's just this new 
windows problem) then make sure your windows 10 installation is build 
not newer than 17.09(of the top of my head)(nor do let updates get 
builds newer > 17.09)

More information about the samba mailing list