[Samba] Unable to join DC to domain.

[Klaus Ade Johnstad]

I'm looking at a new hosting provider for a new project, and one of the 
things we need setup, is a Samba ReadOnly DC at the hosting places, 
talking to our DC at the office over vpn. I've tried 4 different 
hostingproviders, and joining a Samba DC from 3 of these providers works 
flawlessly. I have a script that sets up everything, so the setup is 
identical everywhere. I use Debian 10 with the newest samba packages 
from Louis.

At one place this just does not work. The weird thing is that klist 
works, ldapsearch works, I can even join as a normal member, just not as 
a RODC, or normal DC for that matter. There is no firewall stopping 
anything. I just wonder if anyone has seen something like this? Or if 
they have an idea what might be stopping this?

This is that I get every time, but only at 1 of the 4 different hosting 
places I've tried:
samba-tool domain join s.d-s.no RODC -U"AD\\Administrator" 
--dns-backend=SAMBA_INTERNAL  --option='idmap_ldb:use rfc2307 = yes' 
--server=dc01.s.d-s.no --option="interfaces=lo tun9"  --option="bind 
interfaces only=yes"
ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't 
join, error: 00002020: Operation unavailable without authentication
   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 
186, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 
681, in run
     backend_store_size=backend_store_size)
   File "/usr/lib/python3/dist-packages/samba/join.py", line 1483, in 
join_RODC
     backend_store_size=backend_store_size)
   File "/usr/lib/python3/dist-packages/samba/join.py", line 120, in 
__init__
     raise DCJoinException(estr)


I have dumps for wireshark, and output from running samba in interactive 
mode with debug at level 9, if we need to dig further into this
-- 
Klaus Ade Johnstad
67E61D18B2C44F8A3DA35C6D849F9F5F 26FA477D