[Samba] Join Domain error - the ubiquitous "specified domain does not exists or could not be contacted"

Rowland penny rpenny at samba.org
Thu Jan 16 22:47:54 UTC 2020 

On 16/01/2020 21:54, Mark Bannister via samba wrote:
>
> On 1/16/2020 1:38 PM, Rowland penny via samba wrote:
>> On 16/01/2020 18:26, Markb via samba wrote:
>>> Existing Samba 4 network trying to added a new Windows 10 
>>> workstation. Getting the  "specified domain does not exists or could 
>>> not be contacted" error.
>>> Samba: Version 4.1.9-Zentyal
>>> Samba as Primary Domain Controller  - simple file sharing
>>> Server name:  APPSERVER1.local
>>> Domain Name: LINGROUP
>>> Win 10 updated to all latest.  SMB1 added in Windows Features
>>>
>>> Ipconfig on workstation looks correct  (same server is DNS and DHCP 
>>> server) except "DNS SUFFIX Serach List" does not included the domain 
>>> "LINGROUP".  (Not sure if that only happens after joining domain or 
>>> not.)
>>> I can manually browse to the server in Explorer and see the server 
>>> shares and user's home folder (browse to \\APPSERVER1) but the 
>>> server does not show up in the network neighborhood. Some, but not 
>>> all, of the workstations do, and one time the backup server showed 
>>> up but then went away.
>>> I can ping the server by IP or name APPSERVER or APPSERVER.local (I 
>>> realize .local is outdated).
>>>
>>> I'm not seeing any DNS issues on the server.
>>> I am NOT an admin but have used Samba in this small office 
>>> environment for 15+ years so I know enough to be dangerous. Any 
>>> advice on where to start troubleshooting?
>>>
>>> Pertinent Global settings:
>>>
>>> [global]
>>>
>>> admin users = sysadmin
>>>
>>> name resolve order = wins lmhosts hosts bcast
>>>     dns proxy = yes
>>> #mcb
>>>  wins support = yes
>>>
>>>    dns proxy = no
>>>
>>>
>>> force create mode = 0770
>>> force directory mode = 0770
>>> create mask = 0660
>>>
>>> hosts allow = 127.0.0.1 192.168.1. 10.10.10. 192.168.2.
>>> hosts deny = 0.0.0.0/0
>>>
>>>
>>>
>>> #### Networking ####
>>> #AND mask interfaces = 127.0.0.0/8 ens160 lo
>>>
>>>    bind interfaces only = yes
>>>
>>>  # force use of SMB1, Paradox database requires smb1
>>>    server max protocol = NT1
>>>
>>>
>>> #### Debugging/Accounting ####
>>>    log file = /var/log/samba/log.%m
>>>    max log size = 1000
>>>    syslog = 0
>>>   log level = 3
>>>
>>>    panic action = /usr/share/samba/panic-action %d
>>>
>>>    server role = classic primary domain controller
>>>    passdb backend = tdbsam
>>>
>>>    obey pam restrictions = yes
>>>    unix password sync = yes
>>>    passwd program = /usr/bin/passwd %u
>>>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>    pam password change = yes
>>>    map to guest = bad user
>>>
>>>   security = user
>>>
>>>
>>>
>>>
>>> ########## Domains ###########
>>>
>>> workgroup = LINGROUP
>>>
>>>
>>> server string = APP Samba %v %h
>>>  # For Windows 10 client support, uncomment the following line:
>>> server max protocol = NT1
>>>
>>> domain logons = yes
>>> domain master = yes
>>> local master = yes
>>> preferred master = yes
>>>
>> Unlikely to be a dns problem, your NT4-style PDC uses NETBios instead.
>>
>> Samba 4.1.x went EOL about 4 years ago, so you really should consider 
>> upgrading.
>>
>> You could read this: 
>> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains
>>
>> This could be a Windows 10 problem (and probably is), Microsoft is 
>> doing everything they can to get people to not use SMBv1 and by 
>> default, not use NT4-style domains, so can I suggest that you start 
>> planning to upgrade to a Samba AD domain before you have to.
>>
>> Rowland
>>
>>
>>
> Thanks.  Yes, I've read the required settings.  I won't be able to get 
> rid of SMB1 for a while as we still have a legacy db app that needs 
> it.  Do you think a newer version of Samba will help? I've delayed 
> updating the server so I could do that an update Samba.
It might, but I cannot promise anything, as I said, this is probably a 
Windows 10 problem. Microsoft has broken NT4-style domains by accident 
at least twice and they could do it again at anytime. I would seriously 
look at removing that legacy db while you can, you may come in one 
morning and your Windows machines will not connect to your NT4-style domain.
>
> I did find out why I couldn't see the shares in network neighborhood.  
> Somehow nmbd failed to start when I restarted the server.  Network was 
> running off the backup server.  Hadn't seen that before.
Yes, that would cause your problem ;-)

I would take this as a wakeup call.

Rowland

More information about the samba mailing list