[Samba] attempt to join WIN7 to 4.1 DC fails

Brandon lakeb at sonic.net
Sat Apr 12 14:02:10 MDT 2014 

When I attempt to join my WIN7x64 ultimate clients to the samba 4.1 DC,
the join request fails with the error message:

"This operation is only allowed on the primary domain controller of the 
domain."

----------------

Samba is running on a clean install of Slackware 14.1

----------------

'net ads lookup' returns:

Information for Domain Controller: (the_correct_IP)

Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: (bunch_of_characters_and_hyphens)
Flags:
         Is a PDC:                                   yes
         Is a GC of the forest:                      yes
         Is an LDAP server:                          yes
         Supports DS:                                yes
         Is running a KDC:                           yes
         Is running time services:                   yes
         Is the closest DC:                          yes
         Is writable:                                yes
         Has a hardware clock:                       yes
         Is a non-domain NC serviced by LDAP server: no
         Is NT6 DC that has some secrets:            no
         Is NT6 DC that has all secrets:             no
Forest:                 lac.internal
Domain:                 lac.internal
Domain Controller:      garcon.lac.internal
Pre-Win2k Domain:       LAC
Pre-Win2k Hostname:     GARCON
Server Site Name :              Default-First-Site-Name
Client Site Name :              Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff

----------------

DNS and DHCP are working great.

----------------

'samba-tool dbcheck' returns 0 errors

----------------

'samba-tool testparm' returns:

Press enter to see a dump of your service definitions

# Global parameters
[global]
         workgroup = LAC
         realm = LAC.INTERNAL
         netbios name = GARCON
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl,
         winbind, ntp_signd, kcc, dnsupdate

[netlogon]
         path = /var/lib/samba/sysvol/lac.internal/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

'samba-tool domain level show' returns:

Domain and forest function level for domain 'DC=lac,DC=internal'

Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function level of a DC: (Windows) 2008 R2

----------------

I'm pretty new to this, so lets start with the stupid mistakes someone 
who is
following internet guides could make.

Thanks in advance everyone.

~Brand

More information about the samba mailing list