[Samba] Member server: Failed to join domain: failed to find DC for

Luis Peromarta lperoma at icloud.com
Sun Jun 9 09:21:26 UTC 2024 

And Bookwork with samba from back ports 4.20.1

LP
On Jun 9, 2024 at 10:20 +0100, Luis Peromarta <lperoma at icloud.com>, wrote:
> Agree.
>
> But I don’t think it is. See:
>
> root at member:/# cat /etc/hostname
> member
>
> root at member:/# cat /etc/hosts
> 127.0.0.1 localhost
> 192.168.3.1 member.mad.mater.int member
>
> root at member:/# cat /etc/resolv.conf
> search mad.mater.int
> nameserver 192.168.0.12 -> DC1
> nameserver 192.168.0.13 -> DC2
> nameserver 192.168.0.14 -> DC3
> nameserver 192.168.0.62 -> DC4
>
> root at member:/# cat /etc/krb5.conf
> [libdefaults]
>  default_realm = MAD.MATER.INT
>  dns_lookup_realm = false
>  dns_lookup_kdc = true
>
>
> root at member:/# cat /etc/samba/smb.conf
> # Global parameters
> [global]
>  security = ADS
>  workgroup = MAD
>  realm = MAD.MATER.INT
>  netbios name = MEMBER
>  server role = member server
>  log file = /var/log/samba/%m.log
>
>
> # Disable Netbios
>  disable netbios = yes
>
> # Enforce minimum protolo SMB3
> # server min protocol = SMB3
>
> # To enable Group Policy application in winbind,
>  apply group policies = yes
>
>
> # Default ID mapping configuration for local BUILTIN accounts
>  idmap config * : backend = tdb
>  idmap config * : range = 3000-7999
>
>
> # idmap config for the MAD domain
>  idmap config MAD : backend = ad
>  idmap config MAD : schema_mode = rfc2307
>  idmap config MAD : range = 10000-999999
>  idmap config MAD : unix_nss_info = yes
>
> # Read AD unix attributes to allow ssh login to server:
> # winbind nss info = rfc2307
>
>
> # winbind config:
>  winbind use default domain = yes
>
>
>
> # renew the kerberos ticket
>  winbind refresh tickets = yes
>  dedicated keytab file = /etc/krb5.keytab
>  kerberos method = secrets and keytab
>
> # Map Administrator to root
> # username map = /etc/samba/user.map
> # min domain uid = 0
>
>
> # To configure shares using extended access control lists (ACL)
>  vfs objects = acl_xattr
> # map acl inherit = yes
>  acl_xattr:ignore system acls = yes
>
>
> [test]
>  hide unreadable = Yes
>  path = /test
>  read only = No
>
>
>
> root at member:/# host -t SRV _ldap._tcp.mad.mater.int
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.
>
> root at member:/# host -t SRV _ldap._tcp.mad.mater.int
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
> _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.
>
> root at member:/# host -t SRV _kerberos._udp.mad.mater.int
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 bwing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 awing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 dwing.mad.mater.int.
> _kerberos._udp.mad.mater.int has SRV record 0 100 88 cwing.mad.mater.int.
>
>
> Tried again:
>
> root at member:/# net ads leave domain -Uadministrator
> Password for [MAD\administrator]:
> Deleted account for 'MEMBER' in realm 'MAD.MATER.INT'
>
> root at member:/# net ads join domain -Uadministrator
> Password for [MAD\administrator]:
> Failed to join domain: failed to find DC for domain domain - A domain controller for this domain was not found.
>
> root at member:/# samba-tool domain join MEMBER -Uadministrator
> WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
> Password for [MAD\administrator]:
> ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain MAD - The request is not supported.')
>  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 285, in _run
>  return self.run(*args, **kwargs)
>  ^^^^^^^^^^^^^^^^^^^^^^^^^
>  File "/usr/lib/python3/dist-packages/samba/netcmd/domain/join.py", line 121, in run
>  (sid, domain_name) = s3_net.join_member(netbios_name,
>
>
> root at member:/# samba-tool domain join mad.mater.int MEMBER -Uadministrator
> WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start.
> Password for [MAD\administrator]:
> DNS Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
> Joined domain mad.mater.int (S-1-5-21-2152908145-95474353-1514027631)
>
>
> I am a bit lost to be honest.
>
> LP
> On Jun 9, 2024 at 09:13 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:
> >
> > This all sounds dns related, can you post the contents of these files:
> >
> > /etc/hostname
> > /etc/hosts
> > /etc/resolv.conf
> > /etc/krb5.conf
> >
> > What OS is this ?
> >
> > Rowland

More information about the samba mailing list