[Samba] Joining Windows 10 Domain Member to Samba AD/DC

Mark Foley mfoley at novatec-inc.com
Fri Dec 15 03:48:41 UTC 2023 

On Thu Dec 14 19:27:29 2023 Matt Savin <matt at tegers.com> wrote:
>
> Hello Mark,
>
> When joining the domain, did you specify domain name as hprs.locl, or hprs
> only? Please try to specify hprs.locl.
>
> BR,
> Matt

Matt - yes I did specify hprs.locl. I just tried it again and it failed again.
This time I opened the "Detail" box which says:

-------------------
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "hprs.locl":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.hprs.locl

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.0.1

- One or more of the following zones do not include delegation to its child zone:

hprs.locl
locl
. (the root zone)
------------------

This looks significant. The IP of the DC is 192.168.0.2: dc1.hprs.locl.  IP
192.168.0.1 is the Internet facing router and LAN DHCP server and is DC1's "dns
forwarder". 

I'm guessing the Windows computer should be querying 192.168.0.2, not the
router? What do you think? If so, how would I make it do that?

Thanks -- Mark

>
> On Thu, Dec 14, 2023 at 5:03 PM Mark Foley via samba <samba at lists.samba.org>
> wrote:
>
[deleted]

> > Meanwhile more woes. I decided to skip
> > the user profile migration and just join the domain. However, I tried
> > specifying
> > domains hprs.locl and hprs and in both cases I got the message:
> >
> >   "The following error occured attempting to joing the domain "hprs": The
> > specified
> >   domain either does not exist or could not be contacted."
> >
> > This is odd. My old 4.8.2 Samba had no trouble joining Windows members and
> > the
> > ForensiT tool Transwiz was, in fact, able to determine the domain (using
> > hprs) and contact it.
> >
> > Does anyone have any idea why I cannot join this Windows 10 computer to
> > the new 4.18.8 Domain?
> >
> > Here's my DC smb.conf. Other than the printer configs, this was generated
> > by samba-tool provision:
> >
> > [global]
> >         dns forwarder = 192.168.0.1
> >         netbios name = DC1
> >         realm = HPRS.LOCL
> >         server role = active directory domain controller
> >         workgroup = HPRS
> >         idmap_ldb:use rfc2307 = yes
> >         interfaces = lo, eth0
> >         bind interfaces only = Yes
> >
> >     load printers = no
> >     printing = bsd
> >     printcap name = /dev/null
> >     disable spoolss = yes
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/hprs.locl/scripts
> >         read only = No
> >
> > Thanks --Mark
> >
> > > Le mer. 13 déc. 2023 à 20:55, Mark Foley via samba <
> > samba at lists.samba.org>
> > > a écrit :
> > >
> > > > I'm attempting to join a Window 10 computer as a domain member to a
> > Samba
> > > > AC/DC.
> > > > I'm trying to use a tool from ForensiT https://www.forensit.com called
> > > > Transwiz.
> > > > This tool is supposed to join the Windows computer to the domain AND
> > > > migrate
> > > > user profiles from a different domain to the new domain.
> > > >
> > > > I created the domain user on the DC using samba-tool. Then I ran
> > transwiz
> > > > on
> > > > the Windows computer and answered the various questions as to domain
> > name
> > > > and
> > > > user, and it began the process, but ended up with the error:
> > > >
> > > >   "The following error occured attempting to connect to the domain
> > > > hprs.locl: The
> > > >   RPC server is unavailable."
> > > >
> > > > I started rpc on the DC and tried again, but got the same error.
> > > >
> > > > Supposedly this tool does work with Samba DCs. Any idea what the the
> > > > problem
> > > > could be? It finds the DC just fine.
> > > >
> > > > Thanks --Mark

More information about the samba mailing list