[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain
rowlandpenny at googlemail.com
Tue Mar 10 02:51:08 MDT 2015
On 09/03/15 23:19, Richard Connon wrote:
> On 09/03/2015 22:36, Rowland Penny wrote:
>> Hmm, everything looks ok and it shouldn't matter whether you use the
>> standard 3.6 from debian or 4.1.17 from backports except for the fact
>> that 3.6 isn't just old, it is EOL , so you may have to rely on
>> debian backporting any security updates themselves.
>> I take it that the three nameservers in the clients resolv.conf are
>> all DC's, if not, I suggest you remove any that aren't, could you
>> also have a look here:
> Hi Rowland,
> I'm aware of 3.6's security status. I'm planning to count on debian
> backporting fixes for now and move to 4.1 (or 4.2) if and when required.
> I have just tried, as an experiment, upgrading this failing client to
> 4.1.17 to no avail.
> The nameservers in resolv.conf are just forwarders. They forward to my
> DCs for anything under ads.connon.me.uk.
> As an experiment I tried changing the resolv.conf on both the DC and
> the client to contain just the DC for this site rather than my normal
> recursive servers. Again, this didn't change the behaviour.
> I'm not familiar with the RPC protocol very much. Are there some tools
> I can use to perform some test queries against this DC?
Your DC's must point to themselves for DNS and your domain clients must
point to the DC's, anything outside the domain the DC's will be obtain
from the forwarders set on them.
What I think is happening: your client is asking for the DC from your
forwarders, they do not know, so they ask the DC, who asks the
forwarder, who does not know and so on.
The resolv.conf on my DCs is simply this:
I use Bind and this is setup to forward to my router, so when a client
wants the DC, it contacts a DC (set in resolv.conf on client) which
knows all about the domain and replies with the correct info. You can do
this with the internal DC DNS server.
More information about the samba