[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Nov 30 20:20:42 UTC 2015
On 30/11/15 20:01, Jonathan S. Fisher wrote:
> Hey guys,
>
> I've successfully joined the domain with "sudo net ads join -k". However,
> when I try to run this: "sudo net rpc info" I get this error: "Unable to
> find a suitable server for domain WINDOWS"
>
> I dumped the DNS requests and it looks like the problem is that it's asking
> for ldap entries under the workgroup name, not the FQDN:
>
> From Wireshark:
>
> Queries
> _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN
> Name: _ldap._tcp.pdc._msdcs.WINDOWS
>
> Ok great, so if I dig that with the command: "dig
> _ldap._tcp.pdc._msdcs.WINDOWS" dig times out. If I dig the FQDN: "dig
> _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM" I get a response instantly.
>
> Is this a problem with my windows domain controller (how do I make it
> respond to those queries)? Or is this a problem with my samba setup?
>
> Samba version: 4.2.5-SerNet-Ubuntu-8.trusty
>
> Here is my smb.conf:
>
> [global]
> security=ads
> realm=WINDOWS.CORP.XXX.COM
> workgroup=WINDOWS
> domain master=no
> local master=no
> preferred master=no
> load printers=no
> printing=bsd
> printcap name=/dev/null
> disable spoolss=yes
> idmap backend=tdb
> idmap uid=10000-99999
> idmap gid=10000-99999
> winbind enum users=yes
> winbind enum groups=yes
> winbind use default domain=yes
> winbind nested groups=yes
> winbind refresh tickets=yes
> winbind offline logon=yes
> template shell=/bin/false
> client use spnego=yes
> client ntlmv2 auth=yes
> encrypt passwords=yes
> restrict anonymous=2
> log file=/var/log/samba/samba.log
> log level=2
> dcerpc endpoint servers=remote
> wins support=no
>
Try it like this: sudo net rpc info -UAdministrator
Rowland
More information about the samba
mailing list