[Samba] Suddenly Windows clients can't join Samba+ldap PDC anymore

Gaiseric Vandal gaiseric.vandal at gmail.com
Fri May 20 14:16:16 UTC 2016 

Can you clarify, you specified "SRV1" as the name of the domain to join 
?    It looks like your "NT4-style" domain would be EXEDRA?  The 
"testparm -v" command on your PDC shd verify this.




On 05/20/16 09:07, Denis Cardon wrote:
> Hi Peris,
>
>> some years ago i configured a `Primary Domain Controller` through
>> Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
>> which should be accessible by the string/name `SRV1`. I must note i
>> did not installed winbind. I've never had any issue and it looks like
>> it's working fine as about 10 Windows machines joined the PDC and
>> Windows users can login against PDC on daily basis.
>>
>> The method i always used to join the domain throgh Windows clients was
>> right clicking on computer -> properties -> advanced system settings
>> -> computer name -> change -> member of domain; and typing SRV1 in the
>> input.
>>
>> But today i tried to join a Windows 10 Professional machine (i even
>> tried on a virtualized Windows 7 Profesisonal and suffered the same
>> issue) to the PDC and i'm always getting this error:
>
> Did you make the required registry modification on the Windows clients?
>
> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>
> For Windows 10, you'll also need to limit SMB protocol to version 1 :
>
> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request. 
>
>
> Cheers,
>
> Denis
>
>
>>
>>
>> Note: This information is intended for a network administrator. If
>> you are not your network’s administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> The following error occurred when DNS was queried for the service
>> location (SRV) resource record used to locate an Active Directory
>> Domain Controller for domain SRV1:
>> The error was: “DNS name does not exist.”
>>
>> (error code 0x0000232B RCODE_NAME_ERROR)
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
>> Common causes of this error include the following:
>>
>> - The DNS SRV records required to locate a AD DC for the domain are
>> not registered in DNS. These records are registered with a DNS server
>> automatically when a AD DC is added to a domain. They are updated by
>> the AD DC at set intervals. This computer is configured to use DNS
>> servers with the following
>>
>> IP addresses:
>> x.y.w.z
>>
>> - One or more of the following zones do not include delegation to its
>> child zone:
>> SRV1
>> . (the root zone)
>> For information about correcting this problem, click Help.
>>
>>
>> As you can see it looks like it's not possible to reach the PDC 
>> service at SRV1.
>>
>> The above error happens when i try to join the PDC by right clicking
>> on computer -> properties -> advanced system settings -> computer name
>> -> change -> member of domain; and typing SRV1 in the input.
>>
>> I also can ping SRV1 and it replies fine:
>> C:\Users\admin>ping SRV1
>> Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>>
>>
>> I can even run win+r and type \\SRV1 press enter and it asks for a
>> LDAP user and password and then it show the right resources according
>> to the user rights.
>>
>> I already tried to adding in 192.168.69.203 SRV1 in
>> C:\Windows\System32\drivers\etc\hosts but it didn't help.
>>
>> The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
>> `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
>> see:
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.52 on subnet
>> 192.168.69.203 for name SRV1<20>
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
>>    OK
>> [2016/05/20 11:50:54,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.49 on subnet
>> 192.168.69.203 for name SRV1<1c>
>>
>> Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
>> Netbios type 20 means File Server Service and Netbios type 1c means
>> Domain Controllers but i doubt the latter is fine as i don't see the
>> Ok response and the doc say <domain> instead of <computername>:
>>
>> Name                Number(h)  Type  Usage
>> -------------------------------------------------------------------------- 
>>
>> <computername>         20       U    File Server Service
>> <domain>               1C       G    Domain Controllers
>>
>>
>> This is the wins.dat file generated automatically by samba `cat
>> /var/lib/samba/wins.dat`:
>> VERSION 1 0
>> "EXEDRA72#20" 1464037217 192.168.69.58 64R
>> "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
>> "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
>> "EXEDRA72#00" 1464037217 192.168.69.58 64R
>> "SRV1#03" 1463997523 192.168.69.203 66R
>> "SRV1#20" 1463997523 192.168.69.203 66R
>> "SRV1#00" 1463997523 192.168.69.203 66R
>> "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
>> "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R
>>
>>
>> This is the output of `cat /etc/hosts`:
>> # cat /etc/hosts
>> 127.0.0.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 127.0.1.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 192.168.69.203  localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> # The following lines are desirable for IPv6 capable hosts
>> ::1     ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> output of resolv.conf `cat /etc/resolv.conf`:>
>> domain exedra.cat
>> search exedra.cat
>> nameserver 80.58.61.250
>> nameserver 80.58.61.254
>>
>>
>> hostname output `cat /etc/hostname`:  srv1.exedra.cat
>>
>>
>> Here i post the output of `testparm -v`
>> https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
>>
>> This is the output of running  `smbclient -L localhost` ont the server
>> (192.168.69.203):
>> smbclient -L localhost
>> Enter root's password:
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Sharename       Type      Comment
>>          ---------       ----      -------
>>          IPC$            IPC       IPC Service (exedra.cat)
>>          print$          Disk      Printer Drivers Download Area
>>          public          Disk      Public Share
>>          Dropbox         Disk      Dropbox content
>>          PLOTTER         Printer   PLOTTER
>>          OfficeJetK850   Printer   HP Officejet Pro K850
>>          HPDesignJet500  Printer   HPDesignJet500
>>          RICOH           Printer   RICOH Aficio MP C2500
>>          root            Disk      Home Directories
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Server               Comment
>>          ---------            -------
>>          EXEDRA101            exedra101
>>          SRV1                 exedra.cat
>>
>>          Workgroup            Master
>>          ---------            -------
>>          EXEDRA.CAT           SRV1
>>
>>
>>
>> As the last time i try adding a machine it was about a year ago i
>> thought i might be wrong when typing SRV1  and instead i tried typing
>> exedra.cat - but i'm 99% confident i just need to make sure Windows
>> clients are capable of resolving SRV1 as 192.168.69.203 and then type
>> SRV1 instead of exedra.cat - but it showed me the same error so i
>> added the following records to the exedra.cat DNS zone (this is the
>> first time i need to add SRV records to join the domain):
>>
>> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat  SRV 0 0 exedra.cat.
>>
>>
>> and by trying to join exedra.cat instead of SRV1 i get:
>> Note: This information is intended for a network administrator. If
>> you are not your network's administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> DNS was successfully queried for the service location (SRV) resource
>> record used to locate a domain controller for domain "exedra.cat":
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat
>>
>> The following domain controllers were identified by the query:
>> srv1.exedra.cat
>>
>>
>> However no domain controllers could be contacted.
>>
>> Common causes of this error include:
>>
>> - Host (A) or (AAAA) records that map the names of the domain
>> controllers to their IP addresses are missing or contain incorrect
>> addresses.
>>
>> - Domain controllers registered in DNS are not connected to the
>> network or are not running.
>>
>>
>> Note the following resolutions:
>> ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
>> _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
>>
>> ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 
>> srv1.exedra.cat.
>>
>> ~ host -t A srv1.exedra.cat
>> srv1.exedra.cat has address 192.168.69.203
>>
>> ~ host -t A exedra.cat
>> exedra.cat has address 66.96.147.160
>>
>>
>> The thing is i'm 99% sure i used to join the domain by supplying SRV1
>> string on "member of domain" input but now it looks like Windows
>> clients are not able to resolve SRV1 to 192.168.69.203 which is the
>> ubuntu machine which hosts the samba+ldap PDC.
>>
>

More information about the samba mailing list