samba - May 2016 - Suddenly Windows clients can't join Samba+ldap PDC anymore

Hi all,

some years ago i configured a `Primary Domain Controller` through
Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
which should be accessible by the string/name `SRV1`. I must note i
did not installed winbind. I've never had any issue and it looks like
it's working fine as about 10 Windows machines joined the PDC and
Windows users can login against PDC on daily basis.

The method i always used to join the domain throgh Windows clients was
right clicking on computer -> properties -> advanced system settings
-> computer name -> change -> member of domain; and typing SRV1 in the
input.

But today i tried to join a Windows 10 Professional machine (i even
tried on a virtualized Windows 7 Profesisonal and suffered the same
issue) to the PDC and i'm always getting this error:


Note: This information is intended for a network administrator.  If
you are not your network’s administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory
Domain Controller for domain SRV1:
The error was: “DNS name does not exist.”

(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are
not registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by
the AD DC at set intervals. This computer is configured to use DNS
servers with the following

IP addresses:
x.y.w.z

- One or more of the following zones do not include delegation to its
child zone:
SRV1
. (the root zone)
For information about correcting this problem, click Help.


As you can see it looks like it's not possible to reach the PDC service at
SRV1.

The above error happens when i try to join the PDC by right clicking
on computer -> properties -> advanced system settings -> computer name
-> change -> member of domain; and typing SRV1 in the input.

I also can ping SRV1 and it replies fine:
C:\Users\admin>ping SRV1
Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64


I can even run win+r and type \\SRV1 press enter and it asks for a
LDAP user and password and then it show the right resources according
to the user rights.

I already tried to adding in 192.168.69.203 SRV1 in
C:\Windows\System32\drivers\etc\hosts but it didn't help.

The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
`tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
see:
[2016/05/20 11:50:50,  3]
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
  process_name_query_request: Name query from 192.168.69.52 on subnet
192.168.69.203 for name SRV1<20>
[2016/05/20 11:50:50,  3]
nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
  OK
[2016/05/20 11:50:54,  3]
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
  process_name_query_request: Name query from 192.168.69.49 on subnet
192.168.69.203 for name SRV1<1c>

Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
Netbios type 20 means File Server Service and Netbios type 1c means
Domain Controllers but i doubt the latter is fine as i don't see the
Ok response and the doc say <domain> instead of <computername>:

Name                Number(h)  Type  Usage
--------------------------------------------------------------------------
<computername>         20       U    File Server Service
<domain>               1C       G    Domain Controllers


This is the wins.dat file generated automatically by samba `cat
/var/lib/samba/wins.dat`:
VERSION 1 0
"EXEDRA72#20" 1464037217 192.168.69.58 64R
"EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
"EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
"EXEDRA72#00" 1464037217 192.168.69.58 64R
"SRV1#03" 1463997523 192.168.69.203 66R
"SRV1#20" 1463997523 192.168.69.203 66R
"SRV1#00" 1463997523 192.168.69.203 66R
"EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
"EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R


This is the output of `cat /etc/hosts`:
# cat /etc/hosts
127.0.0.1       localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
127.0.1.1       localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
192.168.69.203  localhost localhost.localdomain srv1.exedra.cat srv1
exedra.dyndns.org exedra.cat
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


output of resolv.conf `cat /etc/resolv.conf`:>
domain exedra.cat
search exedra.cat
nameserver 80.58.61.250
nameserver 80.58.61.254


hostname output `cat /etc/hostname`:  srv1.exedra.cat


Here i post the output of `testparm -v`
https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f

This is the output of running  `smbclient -L localhost` ont the server
(192.168.69.203):
smbclient -L localhost
Enter root's password:
Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service (exedra.cat)
        print$          Disk      Printer Drivers Download Area
        public          Disk      Public Share
        Dropbox         Disk      Dropbox content
        PLOTTER         Printer   PLOTTER
        OfficeJetK850   Printer   HP Officejet Pro K850
        HPDesignJet500  Printer   HPDesignJet500
        RICOH           Printer   RICOH Aficio MP C2500
        root            Disk      Home Directories
Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]

        Server               Comment
        ---------            -------
        EXEDRA101            exedra101
        SRV1                 exedra.cat

        Workgroup            Master
        ---------            -------
        EXEDRA.CAT           SRV1



As the last time i try adding a machine it was about a year ago i
thought i might be wrong when typing SRV1  and instead i tried typing
exedra.cat - but i'm 99% confident i just need to make sure Windows
clients are capable of resolving SRV1 as 192.168.69.203 and then type
SRV1 instead of exedra.cat - but it showed me the same error so i
added the following records to the exedra.cat DNS zone (this is the
first time i need to add SRV records to join the domain):

_ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
_ldap._tcp.dc._msdcs.srv1.exedra.cat  SRV 0 0 exedra.cat.


and by trying to join exedra.cat instead of SRV1 i get:
Note: This information is intended for a network administrator.  If
you are not your network's administrator, notify the administrator
that you received this information, which has been recorded in the
file C:\Windows\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain "exedra.cat":

The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat

The following domain controllers were identified by the query:
srv1.exedra.cat


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain
controllers to their IP addresses are missing or contain incorrect
addresses.

- Domain controllers registered in DNS are not connected to the
network or are not running.


Note the following resolutions:
~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
_ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.

~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
_ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.

~ host -t A srv1.exedra.cat
srv1.exedra.cat has address 192.168.69.203

~ host -t A exedra.cat
exedra.cat has address 66.96.147.160


The thing is i'm 99% sure i used to join the domain by supplying SRV1
string on "member of domain" input but now it looks like Windows
clients are not able to resolve SRV1 to 192.168.69.203 which is the
ubuntu machine which hosts the samba+ldap PDC.

Hi Peris,
> some years ago i configured a `Primary Domain Controller` through
> Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
> which should be accessible by the string/name `SRV1`. I must note i
> did not installed winbind. I've never had any issue and it looks like
> it's working fine as about 10 Windows machines joined the PDC and
> Windows users can login against PDC on daily basis.
>
> The method i always used to join the domain throgh Windows clients was
> right clicking on computer -> properties -> advanced system settings
> -> computer name -> change -> member of domain; and typing SRV1 in
the
> input.
>
> But today i tried to join a Windows 10 Professional machine (i even
> tried on a virtualized Windows 7 Profesisonal and suffered the same
> issue) to the PDC and i'm always getting this error:
Did you make the required registry modification on the Windows clients?

https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains

For Windows 10, you'll also need to limit SMB protocol to version 1 :

https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request.

Cheers,

Denis

>
>
> Note: This information is intended for a network administrator.  If
> you are not your network’s administrator, notify the administrator
> that you received this information, which has been recorded in the
> file C:\Windows\debug\dcdiag.txt.
>
> The following error occurred when DNS was queried for the service
> location (SRV) resource record used to locate an Active Directory
> Domain Controller for domain SRV1:
> The error was: “DNS name does not exist.”
>
> (error code 0x0000232B RCODE_NAME_ERROR)
> The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
> Common causes of this error include the following:
>
> - The DNS SRV records required to locate a AD DC for the domain are
> not registered in DNS. These records are registered with a DNS server
> automatically when a AD DC is added to a domain. They are updated by
> the AD DC at set intervals. This computer is configured to use DNS
> servers with the following
>
> IP addresses:
> x.y.w.z
>
> - One or more of the following zones do not include delegation to its
> child zone:
> SRV1
> . (the root zone)
> For information about correcting this problem, click Help.
>
>
> As you can see it looks like it's not possible to reach the PDC service
at SRV1.
>
> The above error happens when i try to join the PDC by right clicking
> on computer -> properties -> advanced system settings -> computer
name
> -> change -> member of domain; and typing SRV1 in the input.
>
> I also can ping SRV1 and it replies fine:
> C:\Users\admin>ping SRV1
> Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>
>
> I can even run win+r and type \\SRV1 press enter and it asks for a
> LDAP user and password and then it show the right resources according
> to the user rights.
>
> I already tried to adding in 192.168.69.203 SRV1 in
> C:\Windows\System32\drivers\etc\hosts but it didn't help.
>
> The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
> `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
> see:
> [2016/05/20 11:50:50,  3]
> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>    process_name_query_request: Name query from 192.168.69.52 on subnet
> 192.168.69.203 for name SRV1<20>
> [2016/05/20 11:50:50,  3]
> nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
>    OK
> [2016/05/20 11:50:54,  3]
> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>    process_name_query_request: Name query from 192.168.69.49 on subnet
> 192.168.69.203 for name SRV1<1c>
>
> Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
> Netbios type 20 means File Server Service and Netbios type 1c means
> Domain Controllers but i doubt the latter is fine as i don't see the
> Ok response and the doc say <domain> instead of <computername>:
>
> Name                Number(h)  Type  Usage
> --------------------------------------------------------------------------
> <computername>         20       U    File Server Service
> <domain>               1C       G    Domain Controllers
>
>
> This is the wins.dat file generated automatically by samba `cat
> /var/lib/samba/wins.dat`:
> VERSION 1 0
> "EXEDRA72#20" 1464037217 192.168.69.58 64R
> "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
> "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
> "EXEDRA72#00" 1464037217 192.168.69.58 64R
> "SRV1#03" 1463997523 192.168.69.203 66R
> "SRV1#20" 1463997523 192.168.69.203 66R
> "SRV1#00" 1463997523 192.168.69.203 66R
> "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
> "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R
>
>
> This is the output of `cat /etc/hosts`:
> # cat /etc/hosts
> 127.0.0.1       localhost localhost.localdomain srv1.exedra.cat srv1
> exedra.dyndns.org exedra.cat
> 127.0.1.1       localhost localhost.localdomain srv1.exedra.cat srv1
> exedra.dyndns.org exedra.cat
> 192.168.69.203  localhost localhost.localdomain srv1.exedra.cat srv1
> exedra.dyndns.org exedra.cat
> # The following lines are desirable for IPv6 capable hosts
> ::1     ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
>
> output of resolv.conf `cat /etc/resolv.conf`:>
> domain exedra.cat
> search exedra.cat
> nameserver 80.58.61.250
> nameserver 80.58.61.254
>
>
> hostname output `cat /etc/hostname`:  srv1.exedra.cat
>
>
> Here i post the output of `testparm -v`
> https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
>
> This is the output of running  `smbclient -L localhost` ont the server
> (192.168.69.203):
> smbclient -L localhost
> Enter root's password:
> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>
>          Sharename       Type      Comment
>          ---------       ----      -------
>          IPC$            IPC       IPC Service (exedra.cat)
>          print$          Disk      Printer Drivers Download Area
>          public          Disk      Public Share
>          Dropbox         Disk      Dropbox content
>          PLOTTER         Printer   PLOTTER
>          OfficeJetK850   Printer   HP Officejet Pro K850
>          HPDesignJet500  Printer   HPDesignJet500
>          RICOH           Printer   RICOH Aficio MP C2500
>          root            Disk      Home Directories
> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>
>          Server               Comment
>          ---------            -------
>          EXEDRA101            exedra101
>          SRV1                 exedra.cat
>
>          Workgroup            Master
>          ---------            -------
>          EXEDRA.CAT           SRV1
>
>
>
> As the last time i try adding a machine it was about a year ago i
> thought i might be wrong when typing SRV1  and instead i tried typing
> exedra.cat - but i'm 99% confident i just need to make sure Windows
> clients are capable of resolving SRV1 as 192.168.69.203 and then type
> SRV1 instead of exedra.cat - but it showed me the same error so i
> added the following records to the exedra.cat DNS zone (this is the
> first time i need to add SRV records to join the domain):
>
> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
> _ldap._tcp.dc._msdcs.srv1.exedra.cat  SRV 0 0 exedra.cat.
>
>
> and by trying to join exedra.cat instead of SRV1 i get:
> Note: This information is intended for a network administrator.  If
> you are not your network's administrator, notify the administrator
> that you received this information, which has been recorded in the
> file C:\Windows\debug\dcdiag.txt.
>
> DNS was successfully queried for the service location (SRV) resource
> record used to locate a domain controller for domain
"exedra.cat":
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat
>
> The following domain controllers were identified by the query:
> srv1.exedra.cat
>
>
> However no domain controllers could be contacted.
>
> Common causes of this error include:
>
> - Host (A) or (AAAA) records that map the names of the domain
> controllers to their IP addresses are missing or contain incorrect
> addresses.
>
> - Domain controllers registered in DNS are not connected to the
> network or are not running.
>
>
> Note the following resolutions:
> ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
> _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
>
> ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
> _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389
srv1.exedra.cat.
>
> ~ host -t A srv1.exedra.cat
> srv1.exedra.cat has address 192.168.69.203
>
> ~ host -t A exedra.cat
> exedra.cat has address 66.96.147.160
>
>
> The thing is i'm 99% sure i used to join the domain by supplying SRV1
> string on "member of domain" input but now it looks like Windows
> clients are not able to resolve SRV1 to 192.168.69.203 which is the
> ubuntu machine which hosts the samba+ldap PDC.
>
-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Can you clarify, you specified "SRV1" as the name of the domain to
join
?    It looks like your "NT4-style" domain would be EXEDRA?  The 
"testparm -v" command on your PDC shd verify this.




On 05/20/16 09:07, Denis Cardon wrote:
> Hi Peris,
>
>> some years ago i configured a `Primary Domain Controller` through
>> Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
>> which should be accessible by the string/name `SRV1`. I must note i
>> did not installed winbind. I've never had any issue and it looks
like
>> it's working fine as about 10 Windows machines joined the PDC and
>> Windows users can login against PDC on daily basis.
>>
>> The method i always used to join the domain throgh Windows clients was
>> right clicking on computer -> properties -> advanced system
settings
>> -> computer name -> change -> member of domain; and typing
SRV1 in the
>> input.
>>
>> But today i tried to join a Windows 10 Professional machine (i even
>> tried on a virtualized Windows 7 Profesisonal and suffered the same
>> issue) to the PDC and i'm always getting this error:
>
> Did you make the required registry modification on the Windows clients?
>
> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>
> For Windows 10, you'll also need to limit SMB protocol to version 1 :
>
>
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request.
>
>
> Cheers,
>
> Denis
>
>
>>
>>
>> Note: This information is intended for a network administrator. If
>> you are not your network’s administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> The following error occurred when DNS was queried for the service
>> location (SRV) resource record used to locate an Active Directory
>> Domain Controller for domain SRV1:
>> The error was: “DNS name does not exist.”
>>
>> (error code 0x0000232B RCODE_NAME_ERROR)
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
>> Common causes of this error include the following:
>>
>> - The DNS SRV records required to locate a AD DC for the domain are
>> not registered in DNS. These records are registered with a DNS server
>> automatically when a AD DC is added to a domain. They are updated by
>> the AD DC at set intervals. This computer is configured to use DNS
>> servers with the following
>>
>> IP addresses:
>> x.y.w.z
>>
>> - One or more of the following zones do not include delegation to its
>> child zone:
>> SRV1
>> . (the root zone)
>> For information about correcting this problem, click Help.
>>
>>
>> As you can see it looks like it's not possible to reach the PDC 
>> service at SRV1.
>>
>> The above error happens when i try to join the PDC by right clicking
>> on computer -> properties -> advanced system settings ->
computer name
>> -> change -> member of domain; and typing SRV1 in the input.
>>
>> I also can ping SRV1 and it replies fine:
>> C:\Users\admin>ping SRV1
>> Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>>
>>
>> I can even run win+r and type \\SRV1 press enter and it asks for a
>> LDAP user and password and then it show the right resources according
>> to the user rights.
>>
>> I already tried to adding in 192.168.69.203 SRV1 in
>> C:\Windows\System32\drivers\etc\hosts but it didn't help.
>>
>> The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
>> `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
>> see:
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.52 on subnet
>> 192.168.69.203 for name SRV1<20>
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
>>    OK
>> [2016/05/20 11:50:54,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.49 on subnet
>> 192.168.69.203 for name SRV1<1c>
>>
>> Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
>> Netbios type 20 means File Server Service and Netbios type 1c means
>> Domain Controllers but i doubt the latter is fine as i don't see
the
>> Ok response and the doc say <domain> instead of
<computername>:
>>
>> Name                Number(h)  Type  Usage
>>
--------------------------------------------------------------------------
>>
>> <computername>         20       U    File Server Service
>> <domain>               1C       G    Domain Controllers
>>
>>
>> This is the wins.dat file generated automatically by samba `cat
>> /var/lib/samba/wins.dat`:
>> VERSION 1 0
>> "EXEDRA72#20" 1464037217 192.168.69.58 64R
>> "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
>> "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
>> "EXEDRA72#00" 1464037217 192.168.69.58 64R
>> "SRV1#03" 1463997523 192.168.69.203 66R
>> "SRV1#20" 1463997523 192.168.69.203 66R
>> "SRV1#00" 1463997523 192.168.69.203 66R
>> "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
>> "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R
>>
>>
>> This is the output of `cat /etc/hosts`:
>> # cat /etc/hosts
>> 127.0.0.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 127.0.1.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 192.168.69.203  localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> # The following lines are desirable for IPv6 capable hosts
>> ::1     ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> output of resolv.conf `cat /etc/resolv.conf`:>
>> domain exedra.cat
>> search exedra.cat
>> nameserver 80.58.61.250
>> nameserver 80.58.61.254
>>
>>
>> hostname output `cat /etc/hostname`:  srv1.exedra.cat
>>
>>
>> Here i post the output of `testparm -v`
>> https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
>>
>> This is the output of running  `smbclient -L localhost` ont the server
>> (192.168.69.203):
>> smbclient -L localhost
>> Enter root's password:
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Sharename       Type      Comment
>>          ---------       ----      -------
>>          IPC$            IPC       IPC Service (exedra.cat)
>>          print$          Disk      Printer Drivers Download Area
>>          public          Disk      Public Share
>>          Dropbox         Disk      Dropbox content
>>          PLOTTER         Printer   PLOTTER
>>          OfficeJetK850   Printer   HP Officejet Pro K850
>>          HPDesignJet500  Printer   HPDesignJet500
>>          RICOH           Printer   RICOH Aficio MP C2500
>>          root            Disk      Home Directories
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Server               Comment
>>          ---------            -------
>>          EXEDRA101            exedra101
>>          SRV1                 exedra.cat
>>
>>          Workgroup            Master
>>          ---------            -------
>>          EXEDRA.CAT           SRV1
>>
>>
>>
>> As the last time i try adding a machine it was about a year ago i
>> thought i might be wrong when typing SRV1  and instead i tried typing
>> exedra.cat - but i'm 99% confident i just need to make sure Windows
>> clients are capable of resolving SRV1 as 192.168.69.203 and then type
>> SRV1 instead of exedra.cat - but it showed me the same error so i
>> added the following records to the exedra.cat DNS zone (this is the
>> first time i need to add SRV records to join the domain):
>>
>> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat  SRV 0 0 exedra.cat.
>>
>>
>> and by trying to join exedra.cat instead of SRV1 i get:
>> Note: This information is intended for a network administrator. If
>> you are not your network's administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> DNS was successfully queried for the service location (SRV) resource
>> record used to locate a domain controller for domain
"exedra.cat":
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat
>>
>> The following domain controllers were identified by the query:
>> srv1.exedra.cat
>>
>>
>> However no domain controllers could be contacted.
>>
>> Common causes of this error include:
>>
>> - Host (A) or (AAAA) records that map the names of the domain
>> controllers to their IP addresses are missing or contain incorrect
>> addresses.
>>
>> - Domain controllers registered in DNS are not connected to the
>> network or are not running.
>>
>>
>> Note the following resolutions:
>> ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
>> _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
>>
>> ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 
>> srv1.exedra.cat.
>>
>> ~ host -t A srv1.exedra.cat
>> srv1.exedra.cat has address 192.168.69.203
>>
>> ~ host -t A exedra.cat
>> exedra.cat has address 66.96.147.160
>>
>>
>> The thing is i'm 99% sure i used to join the domain by supplying
SRV1
>> string on "member of domain" input but now it looks like
Windows
>> clients are not able to resolve SRV1 to 192.168.69.203 which is the
>> ubuntu machine which hosts the samba+ldap PDC.
>>
>

Hi,

thanks a lot for the tips. I already did the first one, importing the
following into the registry:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]

"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000

I didn't do the second tip but it looks like it's not needed for
Windows 7 OS and i also had the same issue on a Windows 7 VMWare
machine. I'm going to try it and see what happens.

Thank u!

On Fri, May 20, 2016 at 3:07 PM, Denis Cardon
<denis.cardon at tranquil-it-systems.fr> wrote:
> Hi Peris,
>
>> some years ago i configured a `Primary Domain Controller` through
>> Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203
>> which should be accessible by the string/name `SRV1`. I must note i
>> did not installed winbind. I've never had any issue and it looks
like
>> it's working fine as about 10 Windows machines joined the PDC and
>> Windows users can login against PDC on daily basis.
>>
>> The method i always used to join the domain throgh Windows clients was
>> right clicking on computer -> properties -> advanced system
settings
>> -> computer name -> change -> member of domain; and typing
SRV1 in the
>> input.
>>
>> But today i tried to join a Windows 10 Professional machine (i even
>> tried on a virtualized Windows 7 Profesisonal and suffered the same
>> issue) to the PDC and i'm always getting this error:
>
>
> Did you make the required registry modification on the Windows clients?
>
> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>
> For Windows 10, you'll also need to limit SMB protocol to version 1 :
>
>
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request.
>
> Cheers,
>
> Denis
>
>
>
>>
>>
>> Note: This information is intended for a network administrator.  If
>> you are not your network’s administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> The following error occurred when DNS was queried for the service
>> location (SRV) resource record used to locate an Active Directory
>> Domain Controller for domain SRV1:
>> The error was: “DNS name does not exist.”
>>
>> (error code 0x0000232B RCODE_NAME_ERROR)
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1
>> Common causes of this error include the following:
>>
>> - The DNS SRV records required to locate a AD DC for the domain are
>> not registered in DNS. These records are registered with a DNS server
>> automatically when a AD DC is added to a domain. They are updated by
>> the AD DC at set intervals. This computer is configured to use DNS
>> servers with the following
>>
>> IP addresses:
>> x.y.w.z
>>
>> - One or more of the following zones do not include delegation to its
>> child zone:
>> SRV1
>> . (the root zone)
>> For information about correcting this problem, click Help.
>>
>>
>> As you can see it looks like it's not possible to reach the PDC
service at
>> SRV1.
>>
>> The above error happens when i try to join the PDC by right clicking
>> on computer -> properties -> advanced system settings ->
computer name
>> -> change -> member of domain; and typing SRV1 in the input.
>>
>> I also can ping SRV1 and it replies fine:
>> C:\Users\admin>ping SRV1
>> Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos:
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64
>>
>>
>> I can even run win+r and type \\SRV1 press enter and it asks for a
>> LDAP user and password and then it show the right resources according
>> to the user rights.
>>
>> I already tried to adding in 192.168.69.203 SRV1 in
>> C:\Windows\System32\drivers\etc\hosts but it didn't help.
>>
>> The Windows client IP rtying to join the PDC is 192.168.69.49 so if i
>> `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can
>> see:
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.52 on subnet
>> 192.168.69.203 for name SRV1<20>
>> [2016/05/20 11:50:50,  3]
>> nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
>>    OK
>> [2016/05/20 11:50:54,  3]
>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>    process_name_query_request: Name query from 192.168.69.49 on subnet
>> 192.168.69.203 for name SRV1<1c>
>>
>> Reading this doc https://support.microsoft.com/en-us/kb/163409 i see
>> Netbios type 20 means File Server Service and Netbios type 1c means
>> Domain Controllers but i doubt the latter is fine as i don't see
the
>> Ok response and the doc say <domain> instead of
<computername>:
>>
>> Name                Number(h)  Type  Usage
>>
--------------------------------------------------------------------------
>> <computername>         20       U    File Server Service
>> <domain>               1C       G    Domain Controllers
>>
>>
>> This is the wins.dat file generated automatically by samba `cat
>> /var/lib/samba/wins.dat`:
>> VERSION 1 0
>> "EXEDRA72#20" 1464037217 192.168.69.58 64R
>> "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R
>> "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R
>> "EXEDRA72#00" 1464037217 192.168.69.58 64R
>> "SRV1#03" 1463997523 192.168.69.203 66R
>> "SRV1#20" 1463997523 192.168.69.203 66R
>> "SRV1#00" 1463997523 192.168.69.203 66R
>> "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R
>> "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R
>>
>>
>> This is the output of `cat /etc/hosts`:
>> # cat /etc/hosts
>> 127.0.0.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 127.0.1.1       localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> 192.168.69.203  localhost localhost.localdomain srv1.exedra.cat srv1
>> exedra.dyndns.org exedra.cat
>> # The following lines are desirable for IPv6 capable hosts
>> ::1     ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> output of resolv.conf `cat /etc/resolv.conf`:>
>> domain exedra.cat
>> search exedra.cat
>> nameserver 80.58.61.250
>> nameserver 80.58.61.254
>>
>>
>> hostname output `cat /etc/hostname`:  srv1.exedra.cat
>>
>>
>> Here i post the output of `testparm -v`
>> https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
>>
>> This is the output of running  `smbclient -L localhost` ont the server
>> (192.168.69.203):
>> smbclient -L localhost
>> Enter root's password:
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Sharename       Type      Comment
>>          ---------       ----      -------
>>          IPC$            IPC       IPC Service (exedra.cat)
>>          print$          Disk      Printer Drivers Download Area
>>          public          Disk      Public Share
>>          Dropbox         Disk      Dropbox content
>>          PLOTTER         Printer   PLOTTER
>>          OfficeJetK850   Printer   HP Officejet Pro K850
>>          HPDesignJet500  Printer   HPDesignJet500
>>          RICOH           Printer   RICOH Aficio MP C2500
>>          root            Disk      Home Directories
>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18]
>>
>>          Server               Comment
>>          ---------            -------
>>          EXEDRA101            exedra101
>>          SRV1                 exedra.cat
>>
>>          Workgroup            Master
>>          ---------            -------
>>          EXEDRA.CAT           SRV1
>>
>>
>>
>> As the last time i try adding a machine it was about a year ago i
>> thought i might be wrong when typing SRV1  and instead i tried typing
>> exedra.cat - but i'm 99% confident i just need to make sure Windows
>> clients are capable of resolving SRV1 as 192.168.69.203 and then type
>> SRV1 instead of exedra.cat - but it showed me the same error so i
>> added the following records to the exedra.cat DNS zone (this is the
>> first time i need to add SRV records to join the domain):
>>
>> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat.
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat  SRV 0 0 exedra.cat.
>>
>>
>> and by trying to join exedra.cat instead of SRV1 i get:
>> Note: This information is intended for a network administrator.  If
>> you are not your network's administrator, notify the administrator
>> that you received this information, which has been recorded in the
>> file C:\Windows\debug\dcdiag.txt.
>>
>> DNS was successfully queried for the service location (SRV) resource
>> record used to locate a domain controller for domain
"exedra.cat":
>>
>> The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat
>>
>> The following domain controllers were identified by the query:
>> srv1.exedra.cat
>>
>>
>> However no domain controllers could be contacted.
>>
>> Common causes of this error include:
>>
>> - Host (A) or (AAAA) records that map the names of the domain
>> controllers to their IP addresses are missing or contain incorrect
>> addresses.
>>
>> - Domain controllers registered in DNS are not connected to the
>> network or are not running.
>>
>>
>> Note the following resolutions:
>> ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat
>> _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 srv1.exedra.cat.
>>
>> ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat
>> _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389
>> srv1.exedra.cat.
>>
>> ~ host -t A srv1.exedra.cat
>> srv1.exedra.cat has address 192.168.69.203
>>
>> ~ host -t A exedra.cat
>> exedra.cat has address 66.96.147.160
>>
>>
>> The thing is i'm 99% sure i used to join the domain by supplying
SRV1
>> string on "member of domain" input but now it looks like
Windows
>> clients are not able to resolve SRV1 to 192.168.69.203 which is the
>> ubuntu machine which hosts the samba+ldap PDC.
>>
>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>


-- 
Pau Peris Rodriguez
Chief Executive Officer (CEO)
Tel: 669650292
C/Balmes 211, Principal Segunda
Barcelona 08006
http://www.webeloping.es

Aquest correu electrònic conté informació de caràcter confidencial
dirigida exclusivament al seu/s destinatari/s en còpia present. Tant
mateix, queda prohibida la seva divulgació, copia o distribució a
tercers sense prèvia autorització escrita per part de Pau Peris
Rodriguez. En cas d'haver rebut aquesta informació per error, es
demana que es notifiqui immediatament d'aquesta circumstancia
mitjançant la direcció electrònica del emissor.