[Samba] Can login but can't add a machine to AD.

Rowland Penny rpenny at samba.org
Sat Jul 21 11:06:40 UTC 2018 

See inline comments

On Sat, 21 Jul 2018 00:51:51 -0700
Cathryn Mataga via samba <samba at lists.samba.org> wrote:

> I'm finally moving to ad, after way way too long. I did the classic 
> upgrade, and my existing PC's all can log in fine. I can make new
> user accounts, and log in on those machines fine. My ddns (with
> bindz) seems to be working, and I do see
> 
> new ip addresses pop up in there.
> 
> The problem is I can't add a new Windows machine to the domain. When
> I trying joining the domain from Windows 10, I get
> 
> 
> "The following domain  controllers were identified by the query:
> 
> dc1.junglevision.junglevision.com
> 
> However no domain controllers could be contacted.
> 
> 
> I can telnet to dc1.junglevision.junglevision.com 389 and I see 
> something connect. And I'll see samba logs when this happens. When I
> try to join, nothing shows up in log.samba.
> 
> I've tried monkeying with firewall settings, but I don't think it's 
> that, but maybe I'm missing something? I do notice that 
> junglevision.junglevision.com and dc1.junglevision.junglevision.com
> are now resolving to both ip's. Is this bad?
> 
> 
> 
> [root at junglevision etc]# cat hosts
> 127.0.0.1   localhost
> 192.168.1.145 dc1.junglevision.junglevision.com
> 50.79.209.145 junglevision.junglevision.com
> 50.79.209.145 junglevision

What the heck is that all about ?
What is '50.79.209.145' and why is it pointing to your dns domain and
your workgroup ?
Or to put it another way, remove them.

> [root at junglevision etc]# cat resolv.conf
> # Generated by NetworkManager
> domain junglevision.junglevision.com
> search junglevision.com junglevision.junglevision.com
> nameserver 50.79.209.145
> nameserver 50.79.209.146

This is a DC, so it should be:

search junglevision.junglevision.com
nameserver 192.168.0.145

> [root at junglevision etc]# cat samba/smb.conf
> # Global parameters
> [global]
>      netbios name = JUNGLEVISION
>      realm = JUNGLEVISION.JUNGLEVISION.COM
>      server role = active directory domain controller
>      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>      workgroup = JUNGLEVISION

And there is a BIG problem, if the short hostname is
'dc1' (see /etc/hosts), why is the 'netbios name' JUNGLEVISION ? also
it is the same as the 'workgroup' name, this is not allowed.

Rowland

More information about the samba mailing list