samba - Apr 2014 - attempt to join WIN7 to 4.1 DC fails

When I attempt to join my WIN7x64 ultimate clients to the samba 4.1 DC,
the join request fails with the error message:

"This operation is only allowed on the primary domain controller of the 
domain."

----------------

Samba is running on a clean install of Slackware 14.1

----------------

'net ads lookup' returns:

Information for Domain Controller: (the_correct_IP)

Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: (bunch_of_characters_and_hyphens)
Flags:
         Is a PDC:                                   yes
         Is a GC of the forest:                      yes
         Is an LDAP server:                          yes
         Supports DS:                                yes
         Is running a KDC:                           yes
         Is running time services:                   yes
         Is the closest DC:                          yes
         Is writable:                                yes
         Has a hardware clock:                       yes
         Is a non-domain NC serviced by LDAP server: no
         Is NT6 DC that has some secrets:            no
         Is NT6 DC that has all secrets:             no
Forest:                 lac.internal
Domain:                 lac.internal
Domain Controller:      garcon.lac.internal
Pre-Win2k Domain:       LAC
Pre-Win2k Hostname:     GARCON
Server Site Name :              Default-First-Site-Name
Client Site Name :              Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff

----------------

DNS and DHCP are working great.

----------------

'samba-tool dbcheck' returns 0 errors

----------------

'samba-tool testparm' returns:

Press enter to see a dump of your service definitions

# Global parameters
[global]
         workgroup = LAC
         realm = LAC.INTERNAL
         netbios name = GARCON
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl,
         winbind, ntp_signd, kcc, dnsupdate

[netlogon]
         path = /var/lib/samba/sysvol/lac.internal/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

'samba-tool domain level show' returns:

Domain and forest function level for domain 'DC=lac,DC=internal'

Forest function level: (Windows) 2003
Domain function level: (Windows) 2003
Lowest function level of a DC: (Windows) 2008 R2

----------------

I'm pretty new to this, so lets start with the stupid mistakes someone 
who is
following internet guides could make.

Thanks in advance everyone.

~Brand

> Em 12/04/2014, ?s 17:02, Brandon <lakeb at sonic.net> escreveu:
> 
> When I attempt to join my WIN7x64 ultimate clients to the samba 4.1 DC,
> the join request fails with the error message:
> 
> "This operation is only allowed on the primary domain controller of
the domain."
> 
> ----------------
> 
> Samba is running on a clean install of Slackware 14.1
> 
> ----------------
> 
> 'net ads lookup' returns:
> 
> Information for Domain Controller: (the_correct_IP)
> 
> Response Type: LOGON_SAM_LOGON_RESPONSE_EX
> GUID: (bunch_of_characters_and_hyphens)
> Flags:
>        Is a PDC:                                   yes
>        Is a GC of the forest:                      yes
>        Is an LDAP server:                          yes
>        Supports DS:                                yes
>        Is running a KDC:                           yes
>        Is running time services:                   yes
>        Is the closest DC:                          yes
>        Is writable:                                yes
>        Has a hardware clock:                       yes
>        Is a non-domain NC serviced by LDAP server: no
>        Is NT6 DC that has some secrets:            no
>        Is NT6 DC that has all secrets:             no
> Forest:                 lac.internal
> Domain:                 lac.internal
> Domain Controller:      garcon.lac.internal
> Pre-Win2k Domain:       LAC
> Pre-Win2k Hostname:     GARCON
> Server Site Name :              Default-First-Site-Name
> Client Site Name :              Default-First-Site-Name
> NT Version: 5
> LMNT Token: ffff
> LM20 Token: ffff
> 
> ----------------
> 
> DNS and DHCP are working great.
> 
> ----------------
> 
> 'samba-tool dbcheck' returns 0 errors
> 
> ----------------
> 
> 'samba-tool testparm' returns:
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>        workgroup = LAC
>        realm = LAC.INTERNAL
>        netbios name = GARCON
>        server role = active directory domain controller
>        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>        winbind, ntp_signd, kcc, dnsupdate
> 
> [netlogon]
>        path = /var/lib/samba/sysvol/lac.internal/scripts
>        read only = No
> 
> [sysvol]
>        path = /var/lib/samba/sysvol
>        read only = No
> 
> 'samba-tool domain level show' returns:
> 
> Domain and forest function level for domain 'DC=lac,DC=internal'
> 
> Forest function level: (Windows) 2003
> Domain function level: (Windows) 2003
> Lowest function level of a DC: (Windows) 2008 R2
> 
> ----------------
> 
> I'm pretty new to this, so lets start with the stupid mistakes someone
who is
> following internet guides could make.
> 
> Thanks in advance everyone.
> 
I now you say DNS is ok, but can make one test?
From your station you can ping to host garcon.lac.internal?