[Samba] Member server: Failed to join domain: failed to find DC for

Luis Peromarta lperoma at icloud.com
Sun Jun 9 09:20:46 UTC 2024 

Agree.

But I don’t think it is. See:

root at member:/# cat /etc/hostname
member

root at member:/# cat /etc/hosts
127.0.0.1 localhost
192.168.3.1 member.mad.mater.int member

root at member:/# cat /etc/resolv.conf
search mad.mater.int
nameserver 192.168.0.12 -> DC1
nameserver 192.168.0.13 -> DC2
nameserver 192.168.0.14 -> DC3
nameserver 192.168.0.62 -> DC4

root at member:/# cat /etc/krb5.conf
[libdefaults]
 default_realm = MAD.MATER.INT
 dns_lookup_realm = false
 dns_lookup_kdc = true


root at member:/# cat /etc/samba/smb.conf
# Global parameters
[global]
 security = ADS
 workgroup = MAD
 realm = MAD.MATER.INT
 netbios name = MEMBER
 server role = member server
 log file = /var/log/samba/%m.log


# Disable Netbios
 disable netbios = yes

# Enforce minimum protolo SMB3
# server min protocol = SMB3

# To enable Group Policy application in winbind,
 apply group policies = yes


# Default ID mapping configuration for local BUILTIN accounts
 idmap config * : backend = tdb
 idmap config * : range = 3000-7999


# idmap config for the MAD domain
 idmap config MAD : backend = ad
 idmap config MAD : schema_mode = rfc2307
 idmap config MAD : range = 10000-999999
 idmap config MAD : unix_nss_info = yes

# Read AD unix attributes to allow ssh login to server:
# winbind nss info = rfc2307


# winbind config:
 winbind use default domain = yes



# renew the kerberos ticket
 winbind refresh tickets = yes
 dedicated keytab file = /etc/krb5.keytab
 kerberos method = secrets and keytab

# Map Administrator to root
# username map = /etc/samba/user.map
# min domain uid = 0


# To configure shares using extended access control lists (ACL)
 vfs objects = acl_xattr
# map acl inherit = yes
 acl_xattr:ignore system acls = yes


[test]
 hide unreadable = Yes
 path = /test
 read only = No



root at member:/# host -t SRV _ldap._tcp.mad.mater.int
_ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.

root at member:/# host -t SRV _ldap._tcp.mad.mater.int
_ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.

root at member:/# host -t SRV _kerberos._udp.mad.mater.int
_kerberos._udp.mad.mater.int has SRV record 0 100 88 bwing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 awing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 dwing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 cwing.mad.mater.int.


Tried again:

root at member:/# net ads leave domain -Uadministrator
Password for [MAD\administrator]:
Deleted account for 'MEMBER' in realm 'MAD.MATER.INT'

root at member:/# net ads join domain -Uadministrator
Password for [MAD\administrator]:
Failed to join domain: failed to find DC for domain domain - A domain controller for this domain was not found.

root at member:/# samba-tool domain join MEMBER -Uadministrator
WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
Password for [MAD\administrator]:
ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain MAD - The request is not supported.')
 File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 285, in _run
 return self.run(*args, **kwargs)
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 File "/usr/lib/python3/dist-packages/samba/netcmd/domain/join.py", line 121, in run
 (sid, domain_name) = s3_net.join_member(netbios_name,


root at member:/# samba-tool domain join mad.mater.int MEMBER -Uadministrator
WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
Password for [MAD\administrator]:
DNS Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
Joined domain mad.mater.int (S-1-5-21-2152908145-95474353-1514027631)


I am a bit lost to be honest.

LP
On Jun 9, 2024 at 09:13 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:
>
> This all sounds dns related, can you post the contents of these files:
>
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
>
> What OS is this ?
>
> Rowland

More information about the samba mailing list