[Samba] attempt to join WIN7 to 4.1 DC fails

Tiago Ribeiro shasty at gmail.com
Sat Apr 12 16:54:42 MDT 2014





> Em 12/04/2014, às 17:02, Brandon <lakeb at sonic.net> escreveu:
> 
> When I attempt to join my WIN7x64 ultimate clients to the samba 4.1 DC,
> the join request fails with the error message:
> 
> "This operation is only allowed on the primary domain controller of the domain."
> 
> ----------------
> 
> Samba is running on a clean install of Slackware 14.1
> 
> ----------------
> 
> 'net ads lookup' returns:
> 
> Information for Domain Controller: (the_correct_IP)
> 
> Response Type: LOGON_SAM_LOGON_RESPONSE_EX
> GUID: (bunch_of_characters_and_hyphens)
> Flags:
>        Is a PDC:                                   yes
>        Is a GC of the forest:                      yes
>        Is an LDAP server:                          yes
>        Supports DS:                                yes
>        Is running a KDC:                           yes
>        Is running time services:                   yes
>        Is the closest DC:                          yes
>        Is writable:                                yes
>        Has a hardware clock:                       yes
>        Is a non-domain NC serviced by LDAP server: no
>        Is NT6 DC that has some secrets:            no
>        Is NT6 DC that has all secrets:             no
> Forest:                 lac.internal
> Domain:                 lac.internal
> Domain Controller:      garcon.lac.internal
> Pre-Win2k Domain:       LAC
> Pre-Win2k Hostname:     GARCON
> Server Site Name :              Default-First-Site-Name
> Client Site Name :              Default-First-Site-Name
> NT Version: 5
> LMNT Token: ffff
> LM20 Token: ffff
> 
> ----------------
> 
> DNS and DHCP are working great.
> 
> ----------------
> 
> 'samba-tool dbcheck' returns 0 errors
> 
> ----------------
> 
> 'samba-tool testparm' returns:
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>        workgroup = LAC
>        realm = LAC.INTERNAL
>        netbios name = GARCON
>        server role = active directory domain controller
>        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>        winbind, ntp_signd, kcc, dnsupdate
> 
> [netlogon]
>        path = /var/lib/samba/sysvol/lac.internal/scripts
>        read only = No
> 
> [sysvol]
>        path = /var/lib/samba/sysvol
>        read only = No
> 
> 'samba-tool domain level show' returns:
> 
> Domain and forest function level for domain 'DC=lac,DC=internal'
> 
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2008 R2
> 
> ----------------
> 
> I'm pretty new to this, so lets start with the stupid mistakes someone who is
> following internet guides could make.
> 
> Thanks in advance everyone.
> 

I now you say DNS is ok, but can make one test?
From your station you can ping to host garcon.lac.internal?


More information about the samba mailing list