[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain

Richard Connon richard at connon.me.uk
Mon Mar 9 16:16:33 MDT 2015

On 09/03/2015 22:07, Rowland Penny wrote:
> On 09/03/15 21:59, Richard Connon wrote:
>> On 09/03/2015 21:59, Rowland Penny wrote:
>>> How did you try to join the machine to the domain ? I think I know, 
>>> but it would like you to confirm my suspicions.
>> Hi Rowland,
>> This output was generated with `net ads join 
>> -Uprovisioning%<password> -d10
>> Regards,
>> Richard
> OK, well it isn't what I thought, moving on, what is in smb.conf 
> (please do not post any commented lines), /etc/resolv.conf, 
> /etc/krb5.conf, what OS etc
> Rowland
Hi Rowland,

On all hosts of site CCPG-UK:
resolv.conf contains:
domain ads.connon.me.uk

krb5.conf contains:
         default_realm = ADS.CONNON.ME.UK
         dns_lookup_realm = false
         dns_lookup_kdc = true
         rdns = false

The DC smb.conf contains:
         netbios name = DC01
         realm = ADS.CONNON.ME.UK
         workgroup = CONNON
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
         dedicated keytab file = /etc/krb5.keytab
         kerberos method = dedicated keytab
         dsdb:schema update allowed = Yes

         path = /var/lib/samba/sysvol/ads.connon.me.uk/scripts
         read only = No
         path = /var/lib/samba/sysvol
         read only = No

The client smb.conf contains:
         security = ads
         netbios name = SHELL01
         realm = ADS.CONNON.ME.UK
         workgroup = CONNON
         dedicated keytab file = /etc/krb5.keytab
         kerberos method = dedicated keytab

The OS for all machines is debian 7. The DC is using samba 
4.1.17+dfsg-1~bpo70+1 from backports while the client is using 
I appreciate that samba 3.6 is now very old but I'd like to avoid 
deviating from the standard install for clients. I'm reasonably sure 
this should be fixable with a 3.6 client since it has worked so well in 
the past.

It is possible that the DC has received a minor (4.1.x) upgrade since 
domain join last worked.


More information about the samba mailing list