[Samba] DC join failed

Rowland penny rpenny at samba.org
Wed Sep 18 07:39:50 UTC 2019 

On 18/09/2019 03:51, Epsilon Minus via samba wrote:
> I relive this chain of mails because I had no way to go.  Thank you
> all for the excellent help in this mailing.
>
> At the time I assumed that the problem was the very battered Windows
> AD. I received it as an inheritance and I was trying these months to
> solve problem by problem.
>
> I am sure that I have the problem in Windows, but other windows can be
> added without problem, the problem is with samba. I don't know how to
> debug this problem anymore.
>
> You are currently migrated, with domain a forest level 2008 R2. A
> newly migrated server, remove old ADs with problems and I currently
> have only one. At this time I proceeded to prepare a new Samba and
> when doing a join I have the following error (I saw that this problem
> had several but none published a solution):
>
> samba-tool domain join conylec.local DC -U "CONYLEC\administrador" --debug 3
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>
> Finding a writeable DC for domain 'conylec.local'
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.conylec.local<0x0>
> Found DC AD01.conylec.local
> resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
> Password for [CONYLEC\administrador]:
> Cannot reach a KDC we require to contact (null) : kinit for
> administrador at CONYLEC failed (Cannot contact any KDC for requested
> realm)
>
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
> ldap/AD01.conylec.local failed (next[ntlmssp]):
> NT_STATUS_NO_LOGON_SERVERS

Your problems seem to start here, it cannot seem to find the KDC.

What OS is this ?

What Samba version ?

Can you post the contents of:

/etc/hostname

/etc/hosts

/etc/resolv.conf

/etc/krb5.conf

and the output of the following commands:

hostname -s

hostname -d

hostname -i

hostname -I

In the mean time, can you check how the DNS server is set up on the 
Windows DC ?

Try reading this:

https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application

Rowland

More information about the samba mailing list