[Samba] Failed to find a writeable DC

Fabrizio Rompani fabrizio.rompani at yetopen.com
Wed Oct 15 14:06:19 UTC 2025 

Finally, is everything in the same subnet e.g. 192.168.1.2/24

NO , the 2 hosts have public ips , exposed on internet . 
is just  a momentary configuration to "transfer " the domain from one host to another. 


the other questions are all yes. 

thank's 
rf



----- Messaggio originale -----
Da: "Rowland Penny via samba" <samba at lists.samba.org>
A: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>
Inviato: Venerdì, 10 ottobre 2025 19:02:28
Oggetto: Re: [Samba] Failed to find a writeable DC

On Fri, 10 Oct 2025 18:04:32 +0200 (CEST)
Fabrizio Rompani <fabrizio.rompani at yetopen.com> wrote:

> temporaly stopped firewall ( both ) 
> increased debug .
> Same error: 
> 
> thank's
> f
> 
> 
> 
> root at grants-dc:/var/lib/samba# samba-tool domain join s4ad.domain.org
> DC -U administrator --realm=S4AD.domain.ORG --debug=15 INFO: Current
> 
SNIP
> 00      org...). ....... Addrs = xx.xx.xx.xx at 389/grants finddcs: DNS
> SRV response 0 at 'xx.xx.xx.xx' ERROR: Failed to find a writeable DC
> for domain 's4ad.domain.org': The object was not found. File
> "/usr/lib/python3/dist-packages/samba/join.py", line 352, in find_dc
> ctx.cldap_ret = ctx.net.finddc(domain=domain,
> flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS |
> nbt.NBT_SERVER_WRITABLE)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>           

It seems to be saying that it cannot find a DC in the 's4ad.domain.org'
dns domain, so, and these may probably be stupid questions, is there a
dns domain called 's4ad.domain.org', is there at least one RWDC in that
dns domain and can you ping the dns domain from the computer that you
are trying to join as a DC.

yes there is : 

from yy.yy.yy.yy
root at grants-dc:/etc/samba# dig _ldap._tcp.dc._msdcs.s4ad.domain.org SRV

; <<>> DiG 9.18.39-0ubuntu0.24.04.1-Ubuntu <<>> _ldap._tcp.dc._msdcs.s4ad.domain.org SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47562
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: cb48b0face8897a20100000068efa75247b0b17ee34fd4d3 (good)
;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.s4ad.domain.org. IN        SRV

;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.s4ad.domain.org. 900 IN SRV 0 100 389 grants.s4ad.domain.org.

;; Query time: 18 msec
;; SERVER: xx.xx.xx.xx#53(xx.xx.xx.xx) (UDP)
;; WHEN: Wed Oct 15 15:53:22 CEST 2025
;; MSG SIZE  rcvd: 133


Does /etc/hostname contain the computers short hostname.

yes it does:
cat  /etc/hostname 
grants

cat /etc/hostname 
grants-dc


Does /etc/hosts have a line like this:

192.168.1.15 dc1.s4ad.domain.org dc1

Where:	192.168.1.15 is the computers ipaddress
	dc1 is the computers short hostname


yes it does : 

yy.yy.yy.yy  grants-dc.s4ad.domain.org grants-dc nextcloud.domain.org
xx.xx.xx.xx grants.s4ad.domain.org grants


Does /etc/resolv.conf look like this:

search s4ad.domain.org
nameserver 192.168.1.2

Where 192.168.1.2 is a DC in the s4ad.domain.org dns domain

yes it does:

search s4ad.domain.org
nameserver xx.xx.xx.xx



Does /etc/krb5.conf have this as minimum:

[libdefaults]
    default_realm = S4AD.DOMAIN.ORG
    dns_lookup_realm = false
    dns_lookup_kdc = true


yes 


Finally, is everything in the same subnet e.g. 192.168.1.2/24


NO , the 2 hosts have public ips , exposed on internet . 




Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene informazioni confidenziali, ivi compresi gli allegati.E' vietata la diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La invitiamo a eliminarlo immediatamente  e a informarci tempestivamente. Grazie.

-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016 --------
This message is intended for the recipient only and may contain confidential information, including attachments. Unauthorized disclosure, copy or use is prohibited.  If received in error, please delete immediately and notify us. Thank you.

More information about the samba mailing list