Richard Connon
2015-Mar-09 21:59 UTC
[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain
On 09/03/2015 21:59, Rowland Penny wrote:> How did you try to join the machine to the domain ? I think I know, > but it would like you to confirm my suspicions.Hi Rowland, This output was generated with `net ads join -Uprovisioning%<password> -d10 Regards, Richard
Rowland Penny
2015-Mar-09 22:07 UTC
[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain
On 09/03/15 21:59, Richard Connon wrote:> On 09/03/2015 21:59, Rowland Penny wrote: >> How did you try to join the machine to the domain ? I think I know, >> but it would like you to confirm my suspicions. > > Hi Rowland, > > This output was generated with `net ads join -Uprovisioning%<password> > -d10 > > Regards, > RichardOK, well it isn't what I thought, moving on, what is in smb.conf (please do not post any commented lines), /etc/resolv.conf, /etc/krb5.conf, what OS etc Rowland
Richard Connon
2015-Mar-09 22:16 UTC
[Samba] "failed to lookup DC info for domain over rpc" when joining samba4 domain
On 09/03/2015 22:07, Rowland Penny wrote:> On 09/03/15 21:59, Richard Connon wrote: >> On 09/03/2015 21:59, Rowland Penny wrote: >>> How did you try to join the machine to the domain ? I think I know, >>> but it would like you to confirm my suspicions. >> >> Hi Rowland, >> >> This output was generated with `net ads join >> -Uprovisioning%<password> -d10 >> >> Regards, >> Richard > > OK, well it isn't what I thought, moving on, what is in smb.conf > (please do not post any commented lines), /etc/resolv.conf, > /etc/krb5.conf, what OS etc > > Rowland >Hi Rowland, On all hosts of site CCPG-UK: resolv.conf contains: domain ads.connon.me.uk nameserver 10.10.0.250 nameserver 10.10.0.252 nameserver 10.10.0.251 krb5.conf contains: [libdefaults] default_realm = ADS.CONNON.ME.UK dns_lookup_realm = false dns_lookup_kdc = true rdns = false The DC smb.conf contains: [global] netbios name = DC01 realm = ADS.CONNON.ME.UK workgroup = CONNON server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate dedicated keytab file = /etc/krb5.keytab kerberos method = dedicated keytab dsdb:schema update allowed = Yes [netlogin] path = /var/lib/samba/sysvol/ads.connon.me.uk/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No The client smb.conf contains: [global] security = ads netbios name = SHELL01 realm = ADS.CONNON.ME.UK workgroup = CONNON dedicated keytab file = /etc/krb5.keytab kerberos method = dedicated keytab The OS for all machines is debian 7. The DC is using samba 4.1.17+dfsg-1~bpo70+1 from backports while the client is using 3.6.6-6+deb7u5. I appreciate that samba 3.6 is now very old but I'd like to avoid deviating from the standard install for clients. I'm reasonably sure this should be fixable with a 3.6 client since it has worked so well in the past. It is possible that the DC has received a minor (4.1.x) upgrade since domain join last worked. Regards, Richard