[Samba] Problem joining windows clients to Samba AD

Rowland Penny rpenny at samba.org
Wed Aug 21 12:04:38 UTC 2024


On Wed, 21 Aug 2024 13:46:05 +0200
Léo via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> I come to you after several days of research about my problem: I
> cannot make windows clients join my Samba AD domain anymore.
> 
> My domain is built with two Samba AD DCs, dc1 and dc2, that are both
> debian 12.6 up to date and use the debian samba packages
> (4.17.12+dfsg-0+deb12u1). dc1 has all FSMO roles.
> 
> When I try to make a Windows computer join the domain, I get an error
> saying the domain could not be contacted. Logs are:
> 
> 
> C:\Windows\debug\dcdiag.txt:
> ---
> DNS was successfully queried for the service location (SRV) resource
> record used to locate a domain controller for domain "ad.example.com":
> 
> The query was for the SRV record for
> _ldap._tcp.dc._msdcs.ad.example.com
> 
> The following domain controllers were identified by the query:
> dc2.ad.example.com
> dc1.ad.example.com
> 
> 
> However no domain controllers could be contacted.
> 
> Common causes of this error include:
> 
> - Host (A) or (AAAA) records that map the names of the domain
> controllers to their IP addresses are missing or contain incorrect
> addresses.
> 
> - Domain controllers registered in DNS are not connected to the
> network or are not running.
> ---
> 
> 
> C:\Windows\debug\NetSetup.LOG:
> ---
> 08/21/2024 00:18:10:477
> -----------------------------------------------------------------
> 08/21/2024 00:18:10:477 NetpValidateName: checking to see if 'PC11' is
> valid as type 1 name
> 08/21/2024 00:18:10:477 NetpCheckNetBiosNameNotInUse for 'PC11'
> [MACHINE] returned 0x0
> 08/21/2024 00:18:10:477 NetpValidateName: name 'PC11' is valid for
> type 1 08/21/2024 00:18:10:477
> -----------------------------------------------------------------
> 08/21/2024 00:18:10:477 NetpValidateName: checking to see if 'PC11' is
> valid as type 5 name
> 08/21/2024 00:18:10:477 NetpValidateName: name 'PC11' is valid for
> type 5 08/21/2024 00:18:10:477
> -----------------------------------------------------------------
> 08/21/2024 00:18:10:477 NetpValidateName: checking to see if
> 'ad.example.com' is valid as type 3 name
> 08/21/2024 00:18:10:477 NetpValidateName: 'ad.example.com' is not a
> valid NetBIOS domain name: 0x7b
> 08/21/2024 00:18:25:477 NetpCheckDomainNameIsValid for ad.example.com
> returned 0x54b, last error is 0x0
> 08/21/2024 00:18:25:477 NetpCheckDomainNameIsValid [ Exists ] for '
> ad.example.com' returned 0x54b
> ---
> 
> Most resources online say this can come from:
>  - connectivity issues: I removed all firewall rules, on DC hosts and
> on the network, no change
>  - name resolution issues: I checked the windows PC is correctly
> using both DC as DNS resolvers, I also used the samba_dnsupdate to
> make sure DNS records are correct, and also manually checked these
> records from the windows PC, I could not find any problem in them.
> 
> I also ran other diagnostic commands:
>  - samba-tool drs showrepl: no sync issues between both DCs,
>  - samba-tool dbcheck --cross-ncs --fix: no fixes required
> 
> On Linux clients, I noticed that they can join the domain when using
> sssd, but have the same problem as windows client when trying to join
> with samba-tool or net ads join commands.
> 
> I hope someone can help figuring this out!
> 
> Thank you!
> 
> Leo

Can we start by seeing the smb.conf file from one of the DCs (I take
they are similar).

Rowland



More information about the samba mailing list