[Samba] Samba unable to find SRV record during join

William Edwards wedwards at cyberfusion.nl
Tue Sep 6 17:09:13 UTC 2022 

> Op 6 sep. 2022 om 19:04 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
> 
> On Tue, 2022-09-06 at 18:53 +0200, William Edwards wrote:
>> Rowland Penny via samba schreef op 2022-09-06 18:05:
>>>> On Tue, 2022-09-06 at 17:19 +0200, William Edwards via samba wrote:
>>>>> According to the documentation[1], I'm trying to join a to-be DC
>>>>> to
>>>>> an
>>>>> existing domain with:
>>>>>    samba-tool domain join cyberfusion.cloud DC -k yes
>>>>> --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 =
>>>>> yes'
>>> What version of Samba are you using ? From 4.15.0 '-k yes' has been
>>> replaced with '--use-kerberos=required', though the earlier form
>>> should
>>> still work.
>>> Does /etc/resolv.conf point to an existing AD DC ?
>>> What OS is this ?
>>>> With debug level 5, this fails with:
>>>>    finddcs: searching for a DC by DNS domain cyberfusion.cloud
>>>>    finddcs: looking for SRV records for
>>>> _ldap._tcp.cyberfusion.cloud
>>>>    resolve_lmhosts: Attempting lmhosts lookup for name
>>>> _ldap._tcp.cyberfusion.cloud<0x0>
>>>>    startlmhosts: Can't open lmhosts file /etc/samba/lmhosts.
>>>> Error
>>>> was
>>>> No such file or directory
>>>>    dns child failed to find name '_ldap._tcp.cyberfusion.cloud'
>>>> of
>>>> type
>>>> SRV
>>>>    finddcs: Failed to find SRV record for
>>>> _ldap._tcp.cyberfusion.cloud
>>>>    ERROR: Failed to find a writeable DC for domain
>>>> 'cyberfusion.cloud':
>>>> The object name is not found.
>>>>      File "/usr/lib/python3/dist-packages/samba/join.py", line
>>>> 351,
>>>> in
>>>> find_dc
>>>>        ctx.cldap_ret = ctx.net.finddc(domain=domain,
>>>> flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS |
>>>> nbt.NBT_SERVER_WRITABLE)
>>>> However, the lookup actually succeeds. I tcpdumped on the
>>>> existing
>>>> DC
>>>> that receives the DNS query, and on the to-be new DC. The SRV
>>>> lookup
>>>> succeeds, and Samba looks up the AAAA and A records for the hosts
>>>> in
>>>> the
>>>> SRV RRSet. That also succeeds: the AAAA lookup returns the IPv6
>>>> addresses for the DCs, and the A lookups result in an empty
>>>> RRSet,
>>>> as
>>>> this is an IPv6-only setup.
>>>> I tried omitting --dns-backend and --option in the join command.
>>> You do not need the dns one, it will used by default and the option
>>> makes samba use any uidNumber & gidNumber attributes found in AD
>>> instead of the xidNumber attributes found in idmap.ldb.
>>>> I also
>>>> tried using a username & password instead of Kerberos after
>>>> kinit.
>>>> Getting a token with `kinit administrator` succeeds. That does
>>>> not
>>>> help.
>>>> Searching for the error messages "dns child failed to find name"
>>>> and
>>>> "finddcs: Failed to find SRV record for" yielded a former post[2]
>>>> on
>>>> the
>>>> mailing list, which suggests to set 'interfaces'. That does not
>>>> help
>>>> either.
>>>> I hope someone has some pointers!
>>> It sounds like a dns problem.
>> As mentioned in my original email, tcpdump proves that the DNS result
>> is
>> expected and correct. Something must be going wrong in userland.
>>> Rowland
> 
> Would you please answer the questions that I asked.

I did. I sent two emails in reply to yours. This is the second one. Please see my email from 18:46.

> 
> Rowland
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list