[Samba] Samba unable to find SRV record during join

William Edwards wedwards at cyberfusion.nl
Tue Sep 6 15:19:45 UTC 2022 

According to the documentation[1], I'm trying to join a to-be DC to an 
existing domain with:

     samba-tool domain join cyberfusion.cloud DC -k yes 
--dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes'

With debug level 5, this fails with:

     finddcs: searching for a DC by DNS domain cyberfusion.cloud
     finddcs: looking for SRV records for _ldap._tcp.cyberfusion.cloud
     resolve_lmhosts: Attempting lmhosts lookup for name 
_ldap._tcp.cyberfusion.cloud<0x0>
     startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was 
No such file or directory
     dns child failed to find name '_ldap._tcp.cyberfusion.cloud' of type 
SRV
     finddcs: Failed to find SRV record for _ldap._tcp.cyberfusion.cloud
     ERROR: Failed to find a writeable DC for domain 'cyberfusion.cloud': 
The object name is not found.
       File "/usr/lib/python3/dist-packages/samba/join.py", line 351, in 
find_dc
         ctx.cldap_ret = ctx.net.finddc(domain=domain, 
flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE)

However, the lookup actually succeeds. I tcpdumped on the existing DC 
that receives the DNS query, and on the to-be new DC. The SRV lookup 
succeeds, and Samba looks up the AAAA and A records for the hosts in the 
SRV RRSet. That also succeeds: the AAAA lookup returns the IPv6 
addresses for the DCs, and the A lookups result in an empty RRSet, as 
this is an IPv6-only setup.

I tried omitting --dns-backend and --option in the join command. I also 
tried using a username & password instead of Kerberos after kinit. 
Getting a token with `kinit administrator` succeeds. That does not help.

Searching for the error messages "dns child failed to find name" and 
"finddcs: Failed to find SRV record for" yielded a former post[2] on the 
mailing list, which suggests to set 'interfaces'. That does not help 
either.

I hope someone has some pointers!

With kind regards,

William Edwards

[1]: 
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
[2]: 
https://groups.google.com/g/linux.samba/c/vh-CIhl1N_4/m/bPrksSAf484J

More information about the samba mailing list