[Samba] Can't join AD

Fabio Fantoni fabio.fantoni at m2r.biz
Thu May 23 09:49:13 UTC 2024 

Il 23/05/2024 08:47, lists--- via samba ha scritto:
> Am 22.05.2024 um 18:49 schrieb Rowland Penny via samba:
>> On Wed, 22 May 2024 17:59:48 +0200
>> lists--- via samba <samba at lists.samba.org> wrote:
>>
>>> Hello list,
>>>
>>> I can't find the mistake causing the problem ... maybe you do.
>>> A Windows 2022 Server can't join the AD.
>>>
>>> Debian Bookworm
>>> Samba Version: 4.19.6-Debian
>>> ip: 192.168.10.11
>>>
>>> Windows Server 2022
>>> ip: 192.168.10.15
>>> subnet: 255.255.255.0
>>> gateway: 192.168.10.1 -> FritzBox
>>> 1st DNS: 192.168.10.11
>>> 2nd DNS: 192.168.10.12 -> dc02
>>>
>>> When entering the domain-name to the "member of domain"-field, and
>>> then using administrator with the (working!) password, I get a
>>> "Networkpath not found"-message (its translated from german).
>>>
>>> When doing a:
>>> nslookup dc01.praxis.domain.tld
>>> on the Windos-system it jumps to the gateway (its a FritzBox), and
>>> tries to resolve dc01.praxis.domain.tld on the internet.
>>
>> First, if you are going to sanitise your dns domain, please do it
>
> ... I shouldn't do three things at the same time ... QRP stuff and IT 
> stuff doesn't like each other ;) ... sorry for the confusion.
>
>> everywhere, otherwise it gets confusing. I take it that
>> 'praxis.domain.tld' is really 'praxis.dr-ts.de'. If this is the case,
>> then there doesn't seem to anything wrong on the Linux side, apart from
>> the 'dns forwarder' on the DC, that appears to be forwarding to itself,
>> when it should be another dns server outside the AD domain e.g. googles
>> 8.8.8.8
>>
>> Your problem appears to be on the Windows machine, it shouldn't be
>> using the fritzbox at all, it should be using the Samba DC, you need to
>> find out why this happening.
>>
>> Or to put it another way, it's the DNS.
>
> I had to disable ipv6 (modifying the ipv6 prefix policies takes too 
> much time, and the chance for mistakes is way bigger) ... it runs fine 
> now :)

Hi, the problem is not the ipv6 itself but if the first dns is not the 
domain controller, I saw multiple times this issue on windows devices, 
also in network with windows domain controller (so the issue is not 
related to samba)

I also had similar with fritzbox as router when even without pubblic 
ipv6 present was set it as default dns server on client devices and I 
had simply to disable the server dnsv6 in the fritxboz (if I remember good)

After for check is ok on client side reboot and check first dns, with 
"ipconfig /all", must not be the fritxboz ipv6 but the ip of a domain 
controller

Another note, this don't cause issue only on domain join, but issue also 
on basic domain things like autentication on devices that was joined 
years ago from what I've seen when on network a dnsv6 server is enabled 
via "router advertisement" on a device that is not a domain controller

I hope this info can help other people.

>
>> Rowland
>
> Cheers,
> Torsten
>
>

-- 
Fabio Fantoni - email: fabio.fantoni at m2r.biz

M2R di Emilio Bruna
7, v. Leutelmonte - 25040 Esine (BS)
Voce: 0364 360552

Le informazioni contenute in questo messaggio sono riservate e confidenziali. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora tu non fossi la persona a cui il presente messaggio è destinato o lo stesso ti fosse pervenuto per errore, ti invitiamo ad eliminarlo dal tuo sistema e a distruggere le varie copie o stampe, dandocene gentilmente comunicazione. Ogni utilizzo improprio è contrario ai principi del RE UE 679/16.


-- 
Questa email è stata esaminata alla ricerca di virus dal software antivirus Avast.
www.avast.com

More information about the samba mailing list