samba - Oct 2025 - Failed to find a writeable DC

On Wed, 8 Oct 2025 22:44:19 +0200 (CEST)
Fabrizio Rompani via samba <samba at lists.samba.org> wrote:
> hi all 
> I have a DC used to manage user authentication to nextcloud app
> installed on the same server. I moved NC to a new server leaving
> samba-ad-dc on the old one ( appropriate firewall rules exits ) Now I
> want to move samba to new VM so I can shutdown the old one. 
> 
> To do so ,I'm trying to join a second DC installed to the new machine
> and then , after move all roles , I can demote and switch off the old
> VM. 
> 
> BUT : when I try to join the second DC 
> I got this : 
> root at grants-dc:~# samba-tool domain join s4ad.domain.org DC -U
> administrator --realm=S4AD.CESVI.ORG -W S4AD INFO 2025-10-08
Either that is bad sanitisation or that is your problem there,
's4ad.domain.org' != S4AD.CESVI.ORG' (and I am discounting the case)

You also do not need the '-W' switch
> 22:29:30,946 pid:3292 /usr/lib/python3/dist-packages/samba/join.py
> #106: Finding a writeable DC for domain 's4ad.domain.org' ERROR:
> Failed to find a writeable DC for domain 's4ad.domain.org': The
> object was not found. 
> 
> 
> Here my config files: 
> 
> 
> 
>     * Actual (unique) DC : Ubuntu 20.04 , samba 4.15.13 
> 
> hosts: 
> xx.xx.xx.xx grants.s4ad.domain.org 
> 
> krb5.conf: 
> [libdefaults] 
> default_realm = S4AD.DOMAIN.ORG 
> dns_lookup_kdc = true 
> dns_lookup_realm = false 
> 
> smb.conf 
> [global] 
> dns forwarder = 127.0.0.1 
That dns forwarder isn't going to work, you are forwarding the DC to
itself.
> netbios name = GRANTS 
> realm = S4AD.DOMAIN.ORG 
> server role = active directory domain controller 
> workgroup = S4AD 
> server services = -dns 
> interfaces = eth0 lo 
> bind interfaces only = yes 
> 
> 
> 
>     * New DC Ubuntu 24.04 samba 4.23 
> 
> hosts: 
> yy.yy.yy.yy grants-dc.s4ad.domain.org 
> 
> /etc/netplan/ 
> 
> network: 
> version: 2 
> ethernets: 
> ens18: 
> addresses: 
> - "yy.yy.yy.yy/24" 
> nameservers: 
> addresses: 
> - xx.xx.xx.xx 
> search: [] 
> 
> 
> 
> 
> 
> 
>     * dig grants.s4ad.domain.org 
> 
> grants.s4ad.domain.org. 0 IN A xx.xx.xx.xx 
> 
> 
> 
> 
> 
>     * root at grants-dc:~# host -t SRV
> _ldap._tcp.dc._msdcs.s4ad.domain.org 
> 
> _ldap._tcp.dc._msdcs.s4ad.domain.org has SRV record 0 100 389
> grants.s4ad.domain.org. 
> 
> 
> 
> 
>     * root at grants-dc:~# ping grants.s4ad.domain.org 
> 
> PING grants.s4ad.domain.org (89.116.29.118) 56(84) bytes of data. 
> 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=1 ttl=53
> time=280 ms 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx):
> icmp_seq=2 ttl=53 time=290 ms ^C 
What is in the /etc/resolv.conf on the new DC ?

Rowland

thank's for your answer . 
see below . 


----- Messaggio originale -----
Da: "Rowland Penny via samba" <samba at lists.samba.org>
A: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>
Inviato: Gioved?, 9 ottobre 2025 10:44:17
Oggetto: Re: [Samba] Failed to find a writeable DC

On Wed, 8 Oct 2025 22:44:19 +0200 (CEST)
Fabrizio Rompani via samba <samba at lists.samba.org> wrote:
> hi all 
> I have a DC used to manage user authentication to nextcloud app
> installed on the same server. I moved NC to a new server leaving
> samba-ad-dc on the old one ( appropriate firewall rules exits ) Now I
> want to move samba to new VM so I can shutdown the old one. 
> 
> To do so ,I'm trying to join a second DC installed to the new machine
> and then , after move all roles , I can demote and switch off the old
> VM. 
> 
> BUT : when I try to join the second DC 
> I got this : 
> root at grants-dc:~# samba-tool domain join s4ad.domain.org DC -U
> administrator --realm=S4AD.DOMAIN.ORG -W S4AD INFO 2025-10-08
Either that is bad sanitisation or that is your problem there,
's4ad.domain.org' != S4AD.DOMAIN.ORG' (and I am discounting the
case)

yes , my fault : bad sanitisation!


You also do not need the '-W' switch

ok

> 22:29:30,946 pid:3292 /usr/lib/python3/dist-packages/samba/join.py
> #106: Finding a writeable DC for domain 's4ad.domain.org' ERROR:
> Failed to find a writeable DC for domain 's4ad.domain.org': The
> object was not found. 
> 
> 
> Here my config files: 
> 
> 
> 
>     * Actual (unique) DC : Ubuntu 20.04 , samba 4.15.13 
> 
> hosts: 
> xx.xx.xx.xx grants.s4ad.domain.org 
> 
> krb5.conf: 
> [libdefaults] 
> default_realm = S4AD.DOMAIN.ORG 
> dns_lookup_kdc = true 
> dns_lookup_realm = false 
> 
> smb.conf 
> [global] 
> dns forwarder = 127.0.0.1 
That dns forwarder isn't going to work, you are forwarding the DC to
itself.

OK . changed in 9.9.9.9 
ALso : I use bind9 
> netbios name = GRANTS 
> realm = S4AD.DOMAIN.ORG 
> server role = active directory domain controller 
> workgroup = S4AD 
> server services = -dns 
> interfaces = eth0 lo 
> bind interfaces only = yes 
> 
> 
> 
>     * New DC Ubuntu 24.04 samba 4.23 
> 
> hosts: 
> yy.yy.yy.yy grants-dc.s4ad.domain.org 
> 
> /etc/netplan/ 
> 
> network: 
> version: 2 
> ethernets: 
> ens18: 
> addresses: 
> - "yy.yy.yy.yy/24" 
> nameservers: 
> addresses: 
> - xx.xx.xx.xx 
> search: [] 
> 
> 
> 
> 
> 
> 
>     * dig grants.s4ad.domain.org 
> 
> grants.s4ad.domain.org. 0 IN A xx.xx.xx.xx 
> 
> 
> 
> 
> 
>     * root at grants-dc:~# host -t SRV
> _ldap._tcp.dc._msdcs.s4ad.domain.org 
> 
> _ldap._tcp.dc._msdcs.s4ad.domain.org has SRV record 0 100 389
> grants.s4ad.domain.org. 
> 
> 
> 
> 
>     * root at grants-dc:~# ping grants.s4ad.domain.org 
> 
> PING grants.s4ad.domain.org (89.116.29.118) 56(84) bytes of data. 
> 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=1 ttl=53
> time=280 ms 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx):
> icmp_seq=2 ttl=53 time=290 ms ^C 
What is in the /etc/resolv.conf on the new DC ?



search s4ad.domain.org
nameserver xx.xx.xx.xx     ( old DC server IP  ) 


also : 

dig grants.s4ad.domain.org
grants.s4ad.domain.org.  900     IN      A       xx.xx.xx.xx


host -t SRV _ldap._tcp.s4ad.domain.org
_ldap._tcp.s4ad.domain.org has SRV record 0 100 389 grants.s4ad.domain.org.





I still have same error: 
ERROR: Failed to find a writeable DC for domain 's4ad.domain.org': The
object was not found



What about a different approach : 
backup the online DC  ( samba 4.15 ) and restore into new samba 4.23 .
change resolv.conf and Nextcloud ldap to point itself : grants-dc

what do you think about ? 
thanks
rf



Rowland




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us
at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary

-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene
informazioni confidenziali, ivi compresi gli allegati.E' vietata la
diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La
invitiamo a eliminarlo immediatamente  e a informarci tempestivamente. Grazie.

-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016
--------
This message is intended for the recipient only and may contain confidential
information, including attachments. Unauthorized disclosure, copy or use is
prohibited.  If received in error, please delete immediately and notify us.
Thank you.