[Samba] Failed to find a writeable DC
Rowland Penny
rpenny at samba.org
Thu Oct 9 16:29:55 UTC 2025
On Thu, 9 Oct 2025 18:12:00 +0200 (CEST)
Fabrizio Rompani <fabrizio.rompani at yetopen.com> wrote:
>
>
> on both VM is installed firewalld : there's a zone "trusted" with
> target accept .
>
> trusted (active)
> target: ACCEPT
> icmp-block-inversion: no
> interfaces:
> sources: ipset:trust
> services:
> ports:
> protocols:
> masquerade: no
> forward-ports:
> source-ports:
> icmp-blocks:
> rich rules:
>
> ip yy.yy.yy.yy belongs to ipset "trust" on VM xx.xx.xx.xx and
> viceversa . so , it should be everythings open from yy.yy.yy.yy to
> xx.xx.xx.xx and viceversa.
>
> eg. :
>
> from yy.yy.yy.yy:
>
> telnet xx.xx.xx.xx 389
> Trying xx.xx.xx.xx...
> Connected to xx.xx.xx.xx.
> Escape character is '^]'.
>
> telnet xx.xx.xx.xx 445
> Trying xx.xx.xx.xx...
> Connected to xx.xx.xx.xx.
> Escape character is '^]'.
>
>
>
>
> >
> >
> >
> > What about a different approach :
> > backup the online DC ( samba 4.15 ) and restore into new samba
> > 4.23 . change resolv.conf and Nextcloud ldap to point itself :
> > grants-dc
> >
> > what do you think about ?
>
> Not much.
> Joining a new DC should be effortless, when it doesn't work it is
> usually down to a DNS problem.
>
> so different version shouldn't be a problem , right?
No, the version shouldn't be a problem.
> could you suggest me some DNS check ?
>
The first thing I would do is, turn off the firewalls temporarily.
If the join works, then great, you know where to look, if it doesn't,
then we will go into everything further.
Rowland
More information about the samba
mailing list