[Samba] Samba unable to find SRV record during join

Rowland Penny rpenny at samba.org
Tue Sep 6 17:04:00 UTC 2022 

On Tue, 2022-09-06 at 18:53 +0200, William Edwards wrote:
> Rowland Penny via samba schreef op 2022-09-06 18:05:
> > On Tue, 2022-09-06 at 17:19 +0200, William Edwards via samba wrote:
> > > According to the documentation[1], I'm trying to join a to-be DC
> > > to
> > > an
> > > existing domain with:
> > > 
> > >      samba-tool domain join cyberfusion.cloud DC -k yes
> > > --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 =
> > > yes'
> > > 
> > 
> > What version of Samba are you using ? From 4.15.0 '-k yes' has been
> > replaced with '--use-kerberos=required', though the earlier form
> > should
> > still work.
> > Does /etc/resolv.conf point to an existing AD DC ?
> > What OS is this ?
> > 
> > 
> > > With debug level 5, this fails with:
> > > 
> > >      finddcs: searching for a DC by DNS domain cyberfusion.cloud
> > >      finddcs: looking for SRV records for
> > > _ldap._tcp.cyberfusion.cloud
> > >      resolve_lmhosts: Attempting lmhosts lookup for name
> > > _ldap._tcp.cyberfusion.cloud<0x0>
> > >      startlmhosts: Can't open lmhosts file /etc/samba/lmhosts.
> > > Error
> > > was
> > > No such file or directory
> > >      dns child failed to find name '_ldap._tcp.cyberfusion.cloud'
> > > of
> > > type
> > > SRV
> > >      finddcs: Failed to find SRV record for
> > > _ldap._tcp.cyberfusion.cloud
> > >      ERROR: Failed to find a writeable DC for domain
> > > 'cyberfusion.cloud':
> > > The object name is not found.
> > >        File "/usr/lib/python3/dist-packages/samba/join.py", line
> > > 351,
> > > in
> > > find_dc
> > >          ctx.cldap_ret = ctx.net.finddc(domain=domain,
> > > flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS |
> > > nbt.NBT_SERVER_WRITABLE)
> > > 
> > > However, the lookup actually succeeds. I tcpdumped on the
> > > existing
> > > DC
> > > that receives the DNS query, and on the to-be new DC. The SRV
> > > lookup
> > > succeeds, and Samba looks up the AAAA and A records for the hosts
> > > in
> > > the
> > > SRV RRSet. That also succeeds: the AAAA lookup returns the IPv6
> > > addresses for the DCs, and the A lookups result in an empty
> > > RRSet,
> > > as
> > > this is an IPv6-only setup.
> > > 
> > > I tried omitting --dns-backend and --option in the join command.
> > 
> > You do not need the dns one, it will used by default and the option
> > makes samba use any uidNumber & gidNumber attributes found in AD
> > instead of the xidNumber attributes found in idmap.ldb.
> > 
> > >  I also
> > > tried using a username & password instead of Kerberos after
> > > kinit.
> > > Getting a token with `kinit administrator` succeeds. That does
> > > not
> > > help.
> > > 
> > > Searching for the error messages "dns child failed to find name"
> > > and
> > > "finddcs: Failed to find SRV record for" yielded a former post[2]
> > > on
> > > the
> > > mailing list, which suggests to set 'interfaces'. That does not
> > > help
> > > either.
> > > 
> > > I hope someone has some pointers!
> > > 
> > 
> > It sounds like a dns problem.
> 
> As mentioned in my original email, tcpdump proves that the DNS result
> is 
> expected and correct. Something must be going wrong in userland.
> 
> > Rowland

Would you please answer the questions that I asked.

Rowland

More information about the samba mailing list