[Samba] Failed to join domain: failed to find DC for domain...

Rob Campbell robcampbell08105 at gmail.com
Fri Sep 8 20:46:54 UTC 2023 

Getting this error when trying to join computer to the domain.  I just
built a new debian computer for gaming and photo and video editing. I went
through the same process as I did before (I created a script to do all of
the things I did in the past)

net ads join -U administrator
Password for [HOME\administrator]:
Failed to join domain: failed to find DC for domain HOME - The object was
not found.

net ads join -U administrator
Password for [HOME\administrator]:
Failed to join domain: failed to find DC for domain HOME - The object was
not found.
root at D01:~/.bin# samba-tool domain join home.rob-campbell.lan MEMBER -U
administrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Password for [HOME\administrator]:
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
ads_cldap_netlogon: did not get a reply
ads_cldap_netlogon: did not get a reply
resolve_lmhosts: Attempting lmhosts lookup for name HOME<0x1c>
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name HOME<0x1c>
ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain
HOME - The address handle that was given to the transport was invalid.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 695,
in run
    (sid, domain_name) = s3_net.join_member(netbios_name,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>From member
/etc/krb5.conf
[libdefaults]
default_realm = HOME.ROB-CAMPBELL.LAN
dns_lookup_realm = false
dns_lookup_kdc = true

/etc/samba/smb.conf
# Global parameters
[global]
bind interfaces only = Yes
dedicated keytab file = /etc/krb5.keytab
interfaces = lo eno1
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
log level = 3
realm = HOME.ROB-CAMPBELL.LAN
security = ADS
server role = member server
template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = HOME
idmap config home : range = 10000-999999
<http://voice.google.com/calls?a=nc,%2B10000999999>
idmap config home : backend = rid
idmap config home : unix_nss_info = yes
idmap config * : rangesize = 200000
idmap config * : backend = autorid
idmap config * : range = 3000-7999
map acl inherit = Yes
vfs objects = acl_xattr

I read this page https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
and set my firewall accordingly.

# samba-tool domain join home.rob-campbell.lan MEMBER -U administrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Password for [HOME\administrator]:
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
ads_cldap_netlogon: did not get a reply
ads_cldap_netlogon: did not get a reply
No nmbd found
Connecting to 10.0.0.10 at port 445
get_dc_list: preferred server list: ", *"
get_kdc_ip_string: get_kdc_list (site-less) fail NT_STATUS_NO_LOGON_SERVERS
get_kdc_ip_string: Failed to get KDC ip address
ads_cldap_netlogon: did not get a reply
ads_try_connect: CLDAP request 10.0.0.10 failed.
get_dc_list: preferred server list: ", *"
ads_find_dc: falling back to netbios name resolution for domain 'HOME'
(realm 'home.rob-campbell.lan')
get_dc_list: preferred server list: ", *"
ads_find_dc: name resolution for realm 'home.rob-campbell.lan' (domain
'HOME') failed: NT_STATUS_NO_LOGON_SERVERS
get_dc_list: preferred server list: ", *"
Could not look up dc's for domain HOME
ERROR(runtime): uncaught exception - (2694, 'failed to connect to AD: No
logon servers are currently available to service the logon request.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 695,
in run
    (sid, domain_name) = s3_net.join_member(netbios_name,
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.

More information about the samba mailing list