[Samba] Samba unable to find SRV record during join

William Edwards wedwards at cyberfusion.nl
Thu Sep 8 16:11:39 UTC 2022


The issue has been fixed.

I tried joining a new Samba 4.13.13 DC (from Debian stable). Using that 
version/repository did not help either.

On each of my previous attempts, the `samba-tool domain join` command 
failed instantly*. To confirm that the problem is in userland, I closed 
port 53 on all existing DCs (the ones in /etc/resolv.conf of the new 
DC), and ran the `samba-tool domain join` command. As was the case for 
all earlier attempts, it failed instantly. This seems strange to me, 
because I'd expect there to be a timeout of some sort.

My initial hunch -that the IPv6-onliness of these DCs was the problem- 
was correct. Unfortunately, adding an IPv4 address to all existing DCs 
fixed the issue.

It should be possible to run an IPv6-only Samba infrastructure.

Thanks for the assistance, Rowland.

*: Instantly = without any noticeable delay.

William Edwards via samba schreef op 2022-09-07 21:17:
> William Edwards via samba schreef op 2022-09-07 20:39:
>> Rowland Penny via samba schreef op 2022-09-07 19:59:
>>> On Wed, 2022-09-07 at 19:39 +0200, William Edwards via samba wrote:
>>>> Although the join succeeded, no replication happens. Also, on the
>>>> existing DCs, the following errors are logged when using several
>>>> `samba-tool` commands such as `dns zonelist`:
>>>> 
>>>>      Cannot reach a KDC we require to contact (null) : kinit for
>>>> Administrator at CYBERFUSION failed (Cannot contact any KDC for
>>>> requested
>>>> realm)
>>> 
>>> That is definitely a dns problem and you posted this as part of your
>>> join command in your intial post:
>>> 
>>> samba-tool domain join cyberfusion.cloud DC -k yes
>>> 
>>> Which would make your realm CYBERFUSION.CLOUD , so why are you 
>>> getting
>>> 'ADMINISTRATOR at CYBERFUSION' above ? Hopefully it is just a
>>> cut&paste/typo error.
>>> 
>> 
>> I used the down-level logon name (DOMAIN\username) notation. I wasn't
>> aware that's not supported. I do not get these errors when using the
>> User Principal Name.
>> 
>>> As for upgrading, I would hold off on that, it seems that there may 
>>> be
>>> problems with the Debian Samba packages when used as a DC.
>> 
>> Could you elaborate? I wasn't able to find such reports.
> 
> I might have answered my own question. I installed Samba and all its
> dependencies[1] from bullseye-backports. Having done this, the `host`
> command, which is provided by dnsutils, fails with:
> 
>     host: error while loading shared libraries:
> libdns-9.16.27-Debian.so: cannot open shared object file: No such file
> or directory
> 
> I fixed this by re-installing bind9-host from stable instead of
> bullseye-backports. That does not fix the joining issue, by the way.
> 
> Am I supposed to install all of Samba's dependencies from
> bullseye-backports, or just Samba? Or do you not recommend using
> bullseye-backports at all? If so, does the Samba team officially
> recommend using Louis's repository to get recent versions?
> 
> [1]:
> https://wiki.samba.org/index.php/Distribution-specific_Package_Installation#Debian
> 
>> 
>>> 
>>> Rowland
>> 
>> --
>> With kind regards,
>> 
>> William Edwards
> 
> --
> With kind regards,
> 
> William Edwards

-- 
With kind regards,

William Edwards




More information about the samba mailing list