[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 10 02:51:08 MDT 2015

On 09/03/15 23:19, Richard Connon wrote:
> On 09/03/2015 22:36, Rowland Penny wrote:
>> Hmm, everything looks ok and it shouldn't matter whether you use the 
>> standard 3.6 from debian or 4.1.17 from backports except for the fact 
>> that 3.6 isn't just old, it is EOL , so you may have to rely on 
>> debian backporting any security updates themselves.
>> I take it that the three nameservers in the clients resolv.conf are 
>> all DC's, if not, I suggest you remove any that aren't, could you 
>> also have a look here:
>>  https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>> Rowland
> Hi Rowland,
> I'm aware of 3.6's security status. I'm planning to count on debian 
> backporting fixes for now and move to 4.1 (or 4.2) if and when required.
> I have just tried, as an experiment, upgrading this failing client to 
> 4.1.17 to no avail.
> The nameservers in resolv.conf are just forwarders. They forward to my 
> DCs for anything under ads.connon.me.uk.
> As an experiment I tried changing the resolv.conf on both the DC and 
> the client to contain just the DC for this site rather than my normal 
> recursive servers. Again, this didn't change the behaviour.
> I'm not familiar with the RPC protocol very much. Are there some tools 
> I can use to perform some test queries against this DC?
> Regards,
> Richard

Your DC's must point to themselves for DNS and your domain clients must 
point to the DC's, anything outside the domain the DC's will be obtain 
from the forwarders set on them.

What I think is happening: your client is asking for the DC from your 
forwarders, they do not know, so they ask the DC, who asks the 
forwarder, who does not know and so on.

The resolv.conf on my DCs is simply this:

search example.com

I use Bind and this is setup to forward to my router, so when a client 
wants the DC, it contacts a DC (set in resolv.conf on client) which 
knows all about the domain and replies with the correct info. You can do 
this with the internal DC DNS server.


More information about the samba mailing list