[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

Rick Hollinbeck rickh-samba at westernwares.com
Sun Feb 16 20:43:05 UTC 2020 

Got past this one.. see below...

> > I cannot get bind9 to run now - it fails because bind9_dlz cannot update the reverse lookup
> > zone:
> Not sure about this, I use dhcp to update the records, but I seem to 
> remember something about the windows clients needing to be configured to 
> update the reverse because they do not do this by default.
> >
> > Feb 15 19:15:25 samba1 named[677]: sizing zone task pool based on 5 zones
> 
> 5 zones ?
> 
> I only have 3, can you run 'samba-tool dns zonelist <Your Samba AD DC 
> shorthostname>' on your Samba AD DC.
> 
> > Feb 15 19:15:25 samba1 named[677]: Loading 'AD DNS Zone' using driver dlopen
> > Feb 15 19:15:27 samba1 named[677]: samba_dlz: started for DN
> > DC=office,DC=example,DC=com
> > Feb 15 19:15:27 samba1 named[677]: samba_dlz: starting configure
> > Feb 15 19:15:27 samba1 named[677]: samba_dlz: configured writeable zone
> > 'office.example.com'
> > Feb 15 19:15:27 samba1 named[677]: samba_dlz: Failed to configure zone
> > '..InProgress-5E38D3A5052380AD-0.168.192.in-addr.arpa'
> > Feb 15 19:15:27 samba1 named[677]: loading configuration: empty label
> > Feb 15 19:15:27 samba1 named[677]: exiting (due to fatal error)
> > Feb 15 19:15:27 samba1 systemd[1]: bind9.service: Main process exited, code=exited,
> > status=1/FAILURE
> > Feb 15 19:15:27 samba1 systemd[1]: bind9.service: Failed with result 'exit-code'.
> >
> > ----

Rowland: Thanks for the suggestion to run zonelist on the samba server.

Sure enough, it showed 4 zones instead of 3, one of them being the bogus "..InProgress" 
zone.
I had been looking for this zone on the windows side, but could not find it in DNS or ADSI 
Edit.

It must have been a remnant left on the samba server from one of the prior failed join 
attempts, which was
due to the Forest vs Domain level replication mode for the domain name zone.

So I used samba-tool zonedelete:
sudo samba-tool dns zonedelete samba1 ..InProgress-5E38D3A5052380AD-0.168.192.in-addr.arp

Now, I can start bind9 and DNS is working again on the samba server!

I will move on to integrate dhcpd on the samba machine and hope this problem doesn't 
reappear (e.g. from a future replication.)

> >
> > BTW, after join, should I edit /etc/resolv.conf to include 127.0.0.1 ?
> > (I've seen various posts about this, but it's confusing.)
> 
> No, just use the Samba DC's ipaddress
> 
> Rowland

Right now my resolv.conf just has the ip of the Windows Server for the join.
I will add the local samba server's IP now that bind9 is working again.

Thanks again for your help.

More information about the samba mailing list