[Samba] Suddenly Windows clients can't join Samba+ldap PDC anymore
Pau Peris
pau at webeloping.es
Fri May 20 11:25:56 UTC 2016
Hi all,
some years ago i configured a `Primary Domain Controller` through
Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
which should be accessible by the string/name `SRV1`. I must note i
did not installed winbind. I've never had any issue and it looks like
it's working fine as about 10 Windows machines joined the PDC and
Windows users can login against PDC on daily basis.
The method i always used to join the domain throgh Windows clients was
right clicking on computer -> properties -> advanced system settings
-> computer name -> change -> member of domain; and typing SRV1 in the
input.
But today i tried to join a Windows 10 Professional machine (i even
tried on a virtualized Windows 7 Profesisonal and suffered the same
issue) to the PDC and i'm always getting this error:
Note: This information is intended for a network administrator. If
you are not your network’s administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory
Domain Controller for domain SRV1:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are
not registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by
the AD DC at set intervals. This computer is configured to use DNS
servers with the following
IP addresses:
x.y.w.z
- One or more of the following zones do not include delegation to its
child zone:
SRV1
. (the root zone)
For information about correcting this problem, click Help.
As you can see it looks like it's not possible to reach the PDC service at SRV1.
The above error happens when i try to join the PDC by right clicking
on computer -> properties -> advanced system settings -> computer name
-> change -> member of domain; and typing SRV1 in the input.
I also can ping SRV1 and it replies fine:
C:\Users\admin>ping SRV1
Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
I can even run win+r and type \\SRV1 press enter and it asks for a
LDAP user and password and then it show the right resources according
to the user rights.
I already tried to adding in 192.168.69.203 SRV1 in
C:\Windows\System32\drivers\etc\hosts but it didn't help.
The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
`tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
see:
[2016/05/20 11:50:50, 3]
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
process_name_query_request: Name query from 192.168.69.52 on subnet
192.168.69.203 for name SRV1<20>
[2016/05/20 11:50:50, 3]
nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
OK
[2016/05/20 11:50:54, 3]
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
process_name_query_request: Name query from 192.168.69.49 on subnet
192.168.69.203 for name SRV1<1c>
Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
Netbios type 20 means File Server Service and Netbios type 1c means
Domain Controllers but i doubt the latter is fine as i don't see the
Ok response and the doc say <domain> instead of <computername>:
Name Number(h) Type Usage
--------------------------------------------------------------------------
<computername> 20 U File Server Service
<domain> 1C G Domain Controllers
This is the wins.dat file generated automatically by samba `cat
/var/lib/samba/wins.dat`:
VERSION 1 0
"EXEDRA72#20" 1464037217 192.168.69.58 64R
"EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
"EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
"EXEDRA72#00" 1464037217 192.168.69.58 64R
"SRV1#03" 1463997523 192.168.69.203 66R
"SRV1#20" 1463997523 192.168.69.203 66R
"SRV1#00" 1463997523 192.168.69.203 66R
"EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
"EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R
This is the output of `cat /etc/hosts`:
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
127.0.1.1 localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
192.168.69.203 localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
output of resolv.conf `cat /etc/resolv.conf`:>
domain exedra.cat
search exedra.cat
nameserver 80.58.61.250
nameserver 80.58.61.254
hostname output `cat /etc/hostname`: srv1.exedra.cat
Here i post the output of `testparm -v`
https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
This is the output of running `smbclient -L localhost` ont the server
(192.168.69.203):
smbclient -L localhost
Enter root's password:
Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (exedra.cat)
print$ Disk Printer Drivers Download Area
public Disk Public Share
Dropbox Disk Dropbox content
PLOTTER Printer PLOTTER
OfficeJetK850 Printer HP Officejet Pro K850
HPDesignJet500 Printer HPDesignJet500
RICOH Printer RICOH Aficio MP C2500
root Disk Home Directories
Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
Server Comment
--------- -------
EXEDRA101 exedra101
SRV1 exedra.cat
Workgroup Master
--------- -------
EXEDRA.CAT SRV1
As the last time i try adding a machine it was about a year ago i
thought i might be wrong when typing SRV1 and instead i tried typing
exedra.cat - but i'm 99% confident i just need to make sure Windows
clients are capable of resolving SRV1 as 192.168.69.203 and then type
SRV1 instead of exedra.cat - but it showed me the same error so i
added the following records to the exedra.cat DNS zone (this is the
first time i need to add SRV records to join the domain):
_ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
_ldap._tcp.dc._msdcs.srv1.exedra.cat SRV 0 0 exedra.cat.
and by trying to join exedra.cat instead of SRV1 i get:
Note: This information is intended for a network administrator. If
you are not your network's administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain "exedra.cat":
The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat
The following domain controllers were identified by the query:
srv1.exedra.cat
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain
controllers to their IP addresses are missing or contain incorrect
addresses.
- Domain controllers registered in DNS are not connected to the
network or are not running.
Note the following resolutions:
~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
_ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
_ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
~ host -t A srv1.exedra.cat
srv1.exedra.cat has address 192.168.69.203
~ host -t A exedra.cat
exedra.cat has address 66.96.147.160
The thing is i'm 99% sure i used to join the domain by supplying SRV1
string on "member of domain" input but now it looks like Windows
clients are not able to resolve SRV1 to 192.168.69.203 which is the
ubuntu machine which hosts the samba+ldap PDC.
More information about the samba
mailing list