[Samba] Member server: Failed to join domain: failed to find DC for
Luis Peromarta
lperoma at icloud.com
Sun Jun 9 09:21:26 UTC 2024
And Bookwork with samba from back ports 4.20.1
LP
On Jun 9, 2024 at 10:20 +0100, Luis Peromarta <lperoma at icloud.com>, wrote:
> Agree.
>
> But I don’t think it is. See:
>
> root at member:/# cat /etc/hostname
> member
>
> root at member:/# cat /etc/hosts
> 127.0.0.1 localhost
> 192.168.3.1 member.mad.mater.int member
>
> root at member:/# cat /etc/resolv.conf
> search mad.mater.int
> nameserver 192.168.0.12 -> DC1
> nameserver 192.168.0.13 -> DC2
> nameserver 192.168.0.14 -> DC3
> nameserver 192.168.0.62 -> DC4
>
> root at member:/# cat /etc/krb5.conf
> [libdefaults]
> default_realm = MAD.MATER.INT
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
>
> root at member:/# cat /etc/samba/smb.conf
> # Global parameters
> [global]
> security = ADS
> workgroup = MAD
> realm = MAD.MATER.INT
> netbios name = MEMBER
> server role = member server
> log file = /var/log/samba/%m.log
>
>
> # Disable Netbios
> disable netbios = yes
>
> # Enforce minimum protolo SMB3
> # server min protocol = SMB3
>
> # To enable Group Policy application in winbind,
> apply group policies = yes
>
>
> # Default ID mapping configuration for local BUILTIN accounts
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
>
> # idmap config for the MAD domain
> idmap config MAD : backend = ad
> idmap config MAD : schema_mode = rfc2307
> idmap config MAD : range = 10000-999999
> idmap config MAD : unix_nss_info = yes
>
> # Read AD unix attributes to allow ssh login to server:
> # winbind nss info = rfc2307
>
>
> # winbind config:
> winbind use default domain = yes
>
>
>
> # renew the kerberos ticket
> winbind refresh tickets = yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> # Map Administrator to root
> # username map = /etc/samba/user.map
> # min domain uid = 0
>
>
> # To configure shares using extended access control lists (ACL)
> vfs objects = acl_xattr
> # map acl inherit = yes
> acl_xattr:ignore system acls = yes
>
>
> [test]
> hide unreadable = Yes
> path = /test
> read only = No
>
>
>
> root at member:/# host -t SRV _ldap._tcp.mad.mater.int
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.
>
> root at member:/# host -t SRV _ldap._tcp.mad.mater.int
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.
>
> root at member:/# host -t SRV _kerberos._udp.mad.mater.int
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 bwing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 awing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 dwing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 cwing.mad.mater.int.
>
>
> Tried again:
>
> root at member:/# net ads leave domain -Uadministrator
> Password for [MAD\administrator]:
> Deleted account for 'MEMBER' in realm 'MAD.MATER.INT'
>
> root at member:/# net ads join domain -Uadministrator
> Password for [MAD\administrator]:
> Failed to join domain: failed to find DC for domain domain - A domain controller for this domain was not found.
>
> root at member:/# samba-tool domain join MEMBER -Uadministrator
> WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
> Password for [MAD\administrator]:
> ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain MAD - The request is not supported.')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 285, in _run
> return self.run(*args, **kwargs)
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/samba/netcmd/domain/join.py", line 121, in run
> (sid, domain_name) = s3_net.join_member(netbios_name,
>
>
> root at member:/# samba-tool domain join mad.mater.int MEMBER -Uadministrator
> WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
> Password for [MAD\administrator]:
> DNS Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
> Joined domain mad.mater.int (S-1-5-21-2152908145-95474353-1514027631)
>
>
> I am a bit lost to be honest.
>
> LP
> On Jun 9, 2024 at 09:13 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:
> >
> > This all sounds dns related, can you post the contents of these files:
> >
> > /etc/hostname
> > /etc/hosts
> > /etc/resolv.conf
> > /etc/krb5.conf
> >
> > What OS is this ?
> >
> > Rowland
More information about the samba
mailing list