[Samba] Join Domain error - the ubiquitous "specified domain does not exists or could not be contacted"

[Mark b]

On 1/16/2020 1:38 PM, Rowland penny via samba wrote:
> On 16/01/2020 18:26, Markb via samba wrote:
>> Existing Samba 4 network trying to added a new Windows 10 
>> workstation. Getting the  "specified domain does not exists or could 
>> not be contacted" error.
>> Samba: Version 4.1.9-Zentyal
>> Samba as Primary Domain Controller  - simple file sharing
>> Server name:  APPSERVER1.local
>> Domain Name: LINGROUP
>> Win 10 updated to all latest.  SMB1 added in Windows Features
>>
>> Ipconfig on workstation looks correct  (same server is DNS and DHCP 
>> server) except "DNS SUFFIX Serach List" does not included the domain 
>> "LINGROUP".  (Not sure if that only happens after joining domain or not.)
>> I can manually browse to the server in Explorer and see the server 
>> shares and user's home folder (browse to \\APPSERVER1) but the server 
>> does not show up in the network neighborhood. Some, but not all, of 
>> the workstations do, and one time the backup server showed up but 
>> then went away.
>> I can ping the server by IP or name APPSERVER or APPSERVER.local (I 
>> realize .local is outdated).
>>
>> I'm not seeing any DNS issues on the server.
>> I am NOT an admin but have used Samba in this small office 
>> environment for 15+ years so I know enough to be dangerous.  Any 
>> advice on where to start troubleshooting?
>>
>> Pertinent Global settings:
>>
>> [global]
>>
>> admin users = sysadmin
>>
>> name resolve order = wins lmhosts hosts bcast
>>     dns proxy = yes
>> #mcb
>>  wins support = yes
>>
>>    dns proxy = no
>>
>>
>> force create mode = 0770
>> force directory mode = 0770
>> create mask = 0660
>>
>> hosts allow = 127.0.0.1 192.168.1. 10.10.10. 192.168.2.
>> hosts deny = 0.0.0.0/0
>>
>>
>>
>> #### Networking ####
>> #AND mask interfaces = 127.0.0.0/8 ens160 lo
>>
>>    bind interfaces only = yes
>>
>>  # force use of SMB1, Paradox database requires smb1
>>    server max protocol = NT1
>>
>>
>> #### Debugging/Accounting ####
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    syslog = 0
>>   log level = 3
>>
>>    panic action = /usr/share/samba/panic-action %d
>>
>>    server role = classic primary domain controller
>>    passdb backend = tdbsam
>>
>>    obey pam restrictions = yes
>>    unix password sync = yes
>>    passwd program = /usr/bin/passwd %u
>>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>    pam password change = yes
>>    map to guest = bad user
>>
>>   security = user
>>
>>
>>
>>
>> ########## Domains ###########
>>
>> workgroup = LINGROUP
>>
>>
>> server string = APP Samba %v %h
>>  # For Windows 10 client support, uncomment the following line:
>> server max protocol = NT1
>>
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>>
> Unlikely to be a dns problem, your NT4-style PDC uses NETBios instead.
>
> Samba 4.1.x went EOL about 4 years ago, so you really should consider 
> upgrading.
>
> You could read this: 
> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
>
> This could be a Windows 10 problem (and probably is), Microsoft is 
> doing everything they can to get people to not use SMBv1 and by 
> default, not use NT4-style domains, so can I suggest that you start 
> planning to upgrade to a Samba AD domain before you have to.
>
> Rowland
>
>
>
Thanks.  Yes, I've read the required settings.  I won't be able to get 
rid of SMB1 for a while as we still have a legacy db app that needs it.  
Do you think a newer version of Samba will help? I've delayed updating 
the server so I could do that an update Samba.

I did find out why I couldn't see the shares in network neighborhood.  
Somehow nmbd failed to start when I restarted the server.  Network was 
running off the backup server.  Hadn't seen that before.


> -- Mark B