[Samba] Problem joining windows clients to Samba AD

Léo dlopoel at gmail.com
Wed Aug 21 11:46:05 UTC 2024


Hello,

I come to you after several days of research about my problem: I cannot
make windows clients join my Samba AD domain anymore.

My domain is built with two Samba AD DCs, dc1 and dc2, that are both debian
12.6 up to date and use the debian samba packages (4.17.12+dfsg-0+deb12u1).
dc1 has all FSMO roles.

When I try to make a Windows computer join the domain, I get an error
saying the domain could not be contacted. Logs are:


C:\Windows\debug\dcdiag.txt:
---
DNS was successfully queried for the service location (SRV) resource record
used to locate a domain controller for domain "ad.example.com":

The query was for the SRV record for _ldap._tcp.dc._msdcs.ad.example.com

The following domain controllers were identified by the query:
dc2.ad.example.com
dc1.ad.example.com


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers
to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or
are not running.
---


C:\Windows\debug\NetSetup.LOG:
---
08/21/2024 00:18:10:477
-----------------------------------------------------------------
08/21/2024 00:18:10:477 NetpValidateName: checking to see if 'PC11' is
valid as type 1 name
08/21/2024 00:18:10:477 NetpCheckNetBiosNameNotInUse for 'PC11' [MACHINE]
returned 0x0
08/21/2024 00:18:10:477 NetpValidateName: name 'PC11' is valid for type 1
08/21/2024 00:18:10:477
-----------------------------------------------------------------
08/21/2024 00:18:10:477 NetpValidateName: checking to see if 'PC11' is
valid as type 5 name
08/21/2024 00:18:10:477 NetpValidateName: name 'PC11' is valid for type 5
08/21/2024 00:18:10:477
-----------------------------------------------------------------
08/21/2024 00:18:10:477 NetpValidateName: checking to see if 'ad.example.com'
is valid as type 3 name
08/21/2024 00:18:10:477 NetpValidateName: 'ad.example.com' is not a valid
NetBIOS domain name: 0x7b
08/21/2024 00:18:25:477 NetpCheckDomainNameIsValid for ad.example.com
returned 0x54b, last error is 0x0
08/21/2024 00:18:25:477 NetpCheckDomainNameIsValid [ Exists ] for '
ad.example.com' returned 0x54b
---

Most resources online say this can come from:
 - connectivity issues: I removed all firewall rules, on DC hosts and on
the network, no change
 - name resolution issues: I checked the windows PC is correctly using both
DC as DNS resolvers, I also used the samba_dnsupdate to make sure DNS
records are correct, and also manually checked these records from the
windows PC, I could not find any problem in them.

I also ran other diagnostic commands:
 - samba-tool drs showrepl: no sync issues between both DCs,
 - samba-tool dbcheck --cross-ncs --fix: no fixes required

On Linux clients, I noticed that they can join the domain when using sssd,
but have the same problem as windows client when trying to join with
samba-tool or net ads join commands.

I hope someone can help figuring this out!

Thank you!

Leo


More information about the samba mailing list