[Samba] After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

Rowland Penny rowlandpenny241155 at gmail.com
Mon Nov 30 20:43:26 UTC 2015 

On 30/11/15 20:30, Jonathan S. Fisher wrote:
> Same results with that command. And the same DNS query occurred
>
> On Mon, Nov 30, 2015 at 2:20 PM, Rowland Penny 
> <rowlandpenny241155 at gmail.com <mailto:rowlandpenny241155 at gmail.com>> 
> wrote:
>
>     On 30/11/15 20:01, Jonathan S. Fisher wrote:
>
>         Hey guys,
>
>         I've successfully joined the domain with "sudo net ads join
>         -k". However,
>         when I try to run this: "sudo net rpc info" I get this error:
>         "Unable to
>         find a suitable server for domain WINDOWS"
>
>         I dumped the DNS requests and it looks like the problem is
>         that it's asking
>         for ldap entries under the workgroup name, not the FQDN:
>
>          From Wireshark:
>
>         Queries
>         _ldap._tcp.pdc._msdcs.WINDOWS: type SRV, class IN
>         Name: _ldap._tcp.pdc._msdcs.WINDOWS
>
>         Ok great, so if I dig that with the command: "dig
>         _ldap._tcp.pdc._msdcs.WINDOWS"  dig times out. If I dig the
>         FQDN: "dig
>         _ldap._tcp.pdc._msdcs.WINDOWS.CORP.XXX.COM
>         <http://msdcs.WINDOWS.CORP.XXX.COM>" I get a response instantly.
>
>         Is this a problem with my windows domain controller (how do I
>         make it
>         respond to those queries)? Or is this a problem with my samba
>         setup?
>
>         Samba version:  4.2.5-SerNet-Ubuntu-8.trusty
>
>         Here is my smb.conf:
>
>         [global]
>         security=ads
>         realm=WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
>         workgroup=WINDOWS
>         domain master=no
>         local master=no
>         preferred master=no
>         load printers=no
>         printing=bsd
>         printcap name=/dev/null
>         disable spoolss=yes
>         idmap backend=tdb
>         idmap uid=10000-99999
>         idmap gid=10000-99999
>         winbind enum users=yes
>         winbind enum groups=yes
>         winbind use default domain=yes
>         winbind nested groups=yes
>         winbind refresh tickets=yes
>         winbind offline logon=yes
>         template shell=/bin/false
>         client use spnego=yes
>         client ntlmv2 auth=yes
>         encrypt passwords=yes
>         restrict anonymous=2
>         log file=/var/log/samba/samba.log
>         log level=2
>         dcerpc endpoint servers=remote
>         wins support=no
>
>
>     Try it like this: sudo net rpc info -UAdministrator
>
>     Rowland
>
>

OK, what have you got in /etc/resolv.conf & /etc/krb5.conf

Rowland

More information about the samba mailing list