Problems joining a Windows 8 system to a Samba 4 domain

Matthieu Patou mat at samba.org
Mon Jan 7 16:07:56 MST 2013 

On 01/07/2013 12:22 PM, Mark Pilant wrote:
>
> After finally getting Samba 4 configured on a RHEL 6.3 system I figured the
> next thing to try was to join a Windows system (Windows 8 in this case) to
> the domain.  Well, that was the plan...
>
> After having to open the firewall to allow the DNS queries to succeed, I
> finally got to the point where the Windows system could try and find the
> domain controller.  Unfortunately, everything I've tried to far hasn't
> worked to allow the domain join to succeed.
>
> The current problem is while the _ldap._tcp.dc._msdcs... SRV record is
> correctly resolved to the proper name, the (Windows) error dialog box says
> "no domain controllers could be contacted."  Now, if I open a command
> window, I can use nslookup and ping to resolve the name identified in the
> error dialog and successfully ping using the same name.
>
> I did check /var/log/messages, /usr/local/samba/var/log/samba,
> and /usr/local/samba/var/log/smbd for errors relating to this problem and
> there is nothing to be found.  However, there were some strange things I
> observed.
>
> First, using dig and the computer name I get all the correct (answer)
> information from Samba's internal DNS server.  However, if I try to do a
> reverse lookup (using the IP address) dig does not return any answer.  So
> this leads me to wonder if Samba's internal DNS server has a reverse lookup
> zone defined?
no but it shouldn't be a blocker
>
> Second, just after I boot up the Windows 8 system (static IP, with the DNS
> server identified as the Samba 4 system) and use nslookup to resolve the
> samba system name, I have success.  However, if I attempt to ping using the
> same system name I gave to nslookup, the ping fails saying no A or AAAA
> records were available.  Very strange as nslookup found and returned the A
> record information.  What makes this even strange is after a "while" (maybe
> 10 minutes or so) the ping is able to resolve the name (and do the ping).
Capture network traces between windows client and samba4, DNS seems to 
be stinky.
>
> I don't know if this is because of something I have done has caused the
> name to be entered into the local DNS cache or if it just take a "while"
> for the Samba machine to respond "correctly".  However, I do note if I
> flush the local DNS cache (on the Windows 8 system) I start seeing the ping
> failures.
>
> So, bottom line, it appears the domain join is failing because the computer
> name is not responding for some reason; and so far I haven't been able to
> determine why.
network trace the dialog try to analyze it, if not sensitive data send 
us the traces.
>
> Thanks in advance.
>
> - Mark
Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba-technical mailing list