samba - Mar 2019 - the system cannot contact a domain controller to service the authentication request

Hi all,

I've had this error come up after my samba AD DC servers are up and running
for awhile. In the most recent case, it's been months of uptime.

Symptom 1) include this message when I try to access a standalone samba
file server with guest access allowed. I can access this server from W10 by
typing in "\\<server_ip_address>\<share_name>" in the
windows explorer
location bar. In my current case this is "\\192.168.0.10\kms".

However when I try the same thing but with the server name instead of the
ip address, I get a long pause and then the error in the subject above.
Note that I can ping the target server successfully by name and I can also
do an nslookup on the target name successfully.

Symptom 2) I cannot access any of my samba AD DCs with the RSAT tools.
Symptom 3) Long periods of waiting for a security credential screen anytime
I do something that requires admin permission on windows10. I'm assuming
windows is off looking for a domain controller and can't find one - and
then finally comes back.

I'm figuring this has something to do with DNS, but my foo is not strong
enough. nslookup from W10 returns valid info on all my AD DCs and the
standalone samba server names.

I'm using Samba Internal DNS on both AD DCs. And there's blessed little
on
the wiki about troubleshooting that. (I'm assuming b/c it should "just
work")

I've restarted both AD DCs - no improvement.

Any ideas for where to start?


Thanks,
Jonathan Kreider