samba - Sep 2015 - Failed to join domain: failed to find DC for administrator@XYZ

Hello everyone

I had samba 4.1 working as a member server to a windows 2012 AD in a
test environment for a while now until I had to re-install the windows
server from scratch. I have the new AD setup with the same NETBIOS name
but now I have problems re-joining the samba box to the new AD. It looks
like a DNS issue but I am unable to understand why. After the
ire-install, I got a new Kerberos ticket with no problem:

[root at gouda ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at TESTAD.BIO.UCL.AC.UK

Valid starting       Expires              Service principal
03/09/2015 10:12:56  03/09/2015 10:22:53
krbtgt/TESTAD.BIO.UCL.AC.UK at TESTAD.BIO.UCL.AC.UK
-------------------------------------------

Then I tried to join samba to the new AD:

[root at gouda ~]# net ads join administrator at TESTAD.BIO.UCL.AC.UK
Enter root's password:
Failed to join domain: failed to find DC for domain
administrator at TESTAD.BIO.UCL.AC.UK
--------------------------------------------
some info:
AD IP: 192.21.35.5
Samba: 192.21.35.136
DNS: is running on the windows server.
--------------------------------------------

On the samba box resolv.conf looks like this:

nameserver 192.21.35.5
search testad.bio.ucl.ac.uk
domain testad.bio.ucl.ac.uk

etc/hosts looks like this:

127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6

192.21.35.5 testserver1 testserver1.testad.bio.ucl.ac.uk
-------------------------------------------
On the windows server:
Primary DNS: 192.21.35.5
Secondary DNS: 127.0.0.1

The hosts file in C:\Windows\System32\drivers\etc is empty.

Do you know why I can't join the samba box to the new AD domain?
If you have any ideas/suggestions please let me know.

Many thanks
Yanni

On 03/09/15 15:47, Yanni wrote:
>
>
> Hello everyone
>
> I had samba 4.1 working as a member server to a windows 2012 AD in a
> test environment for a while now until I had to re-install the windows
> server from scratch. I have the new AD setup with the same NETBIOS name
> but now I have problems re-joining the samba box to the new AD. It looks
> like a DNS issue but I am unable to understand why. After the
> ire-install, I got a new Kerberos ticket with no problem:
>
> [root at gouda ~]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at TESTAD.BIO.UCL.AC.UK
>
> Valid starting       Expires              Service principal
> 03/09/2015 10:12:56  03/09/2015 10:22:53
> krbtgt/TESTAD.BIO.UCL.AC.UK at TESTAD.BIO.UCL.AC.UK
> -------------------------------------------
>
> Then I tried to join samba to the new AD:
>
> [root at gouda ~]# net ads join administrator at TESTAD.BIO.UCL.AC.UK
> Enter root's password:
> Failed to join domain: failed to find DC for domain
> administrator at TESTAD.BIO.UCL.AC.UK
> --------------------------------------------
> some info:
> AD IP: 192.21.35.5
> Samba: 192.21.35.136
> DNS: is running on the windows server.
> --------------------------------------------
>
> On the samba box resolv.conf looks like this:
>
> nameserver 192.21.35.5
> search testad.bio.ucl.ac.uk
> domain testad.bio.ucl.ac.uk
Remove the 'domain' line, you cannot have both, last one is the one that
is used.
>
> etc/hosts looks like this:
>
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
>
> 192.21.35.5 testserver1 testserver1.testad.bio.ucl.ac.uk
The last line should refer to the machine it is running on unless the 
machine gets it DNS info via DHCP, in which case remove the line.
> -------------------------------------------
> On the windows server:
> Primary DNS: 192.21.35.5
> Secondary DNS: 127.0.0.1
>
You don't need both lines, they mean the same thing.
> The hosts file in C:\Windows\System32\drivers\etc is empty.
>
> Do you know why I can't join the samba box to the new AD domain?
> If you have any ideas/suggestions please let me know.
>
Probably yes, you seem to have made a typo, it should have been:

net ads join -U administrator at TESTAD.BIO.UCL.AC.UK

Rowland
> Many thanks
> Yanni
>
>
>
>
>
>
>
>