samba - Dec 2015 - After joining domain, Samba uses the workgroup name, not the FQDN when running the net ads command

jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- WINDOWS
Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com'
jonathan.fisher at freeradius:~$ hostname
freeradius
jonathan.fisher at freeradius:~$ hostname -d
windows.corp.XXX.com
jonathan.fisher at freeradius:~$ hostname -f
freeradius.windows.corp.XXX.com
jonathan.fisher at freeradius:~$ hostname -i
192.168.127.134
jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.CORP.XXX.COM
jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.127.129
search windows.corp.XXX.com
jonathan.fisher at freeradius:~$ sudo net ads testjoin
Join is OK
jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart
&&
sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd
restart
Shutting down SAMBA winbindd :  *
Starting SAMBA winbindd :  *
Shutting down SAMBA nmbd :  *
Starting SAMBA nmbd :  *
Shutting down SAMBA smbd :  *
Starting SAMBA smbd :  *
jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
Unable to find a suitable server for domain WINDOWS


Sigh. I really appreciate your guy's help. I know this thread is starting
to drone on.


On Thu, Dec 3, 2015 at 10:26 AM, Rowland penny <rpenny at samba.org>
wrote:
> On 03/12/15 16:06, Jonathan S. Fisher wrote:
>
>> > host -t SRV _ldap._tcp.windows.corp.XXX.com <
>> http://tcp.windows.corp.XXX.com>
>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com>
has
>> SRV record 0 100 389 whiskey.windows.corp.XXX.com <
>> http://whiskey.windows.corp.XXX.com>.
>> _ldap._tcp.windows.corp.XXX.com <http://tcp.windows.corp.XXX.com>
has
>> SRV record 0 100 389 wine.windows.corp.XXX.com <
>> http://wine.windows.corp.XXX.com>.
>>
>> > host -t SRV _kerberos._udp.windows.corp.XXX.com <
>> http://udp.windows.corp.XXX.com>
>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>> has SRV record 0 100 88 whiskey.windows.corp.XXX.com <
>> http://whiskey.windows.corp.XXX.com>.
>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>> has SRV record 0 100 88 wine.windows.corp.XXX.com <
>> http://wine.windows.corp.XXX.com>.
>>
>> > host -t A freeradius.windows.corp.XXX.com <
>> http://freeradius.windows.corp.XXX.com>.
>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>
>> has address 192.168.127.134
>>
>> > host -t SRV 192.168.127.134
>> 134.127.168.192.in-addr.arpa domain name pointer
>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>.
>>
>> I tried the same thing with ".WINDOWS" and it doesn't
work of course...
>>
>>
>>
>>
> Your DNS appears to be working :-)
>
> Lets move on from there:
>
> Quick recap:
> 'hostname' should return 'freeradius'
> 'hostname -d' should return 'windows.corp.xxx.com'
> 'hostname -f' should return
'freeradius.windows.corp.xxx.com'
> 'hostname -i' should return '192.168.127.134'
>
> /etc/resolv.conf should contain this:
>
> search windows.corp.xxx.com
> nameserver 'ip of first DC'
> nameserver 'ip of second DC'
>
> /etc/krb5.conf should contain this:
>
> [libdefaults]
>         default_realm = WINDOWS.CORP.XXX.COM
>
>
> smb.conf is setup as per the samba wiki
>
> If you run 'net ads testjoin' it should return 'Join is OK'
>
> If all the above is complied with, running 'sudo net rpc info
> -UAdministrator' should return something like this:
>
> Domain Name: SAMDOM
> Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
> Sequence number: 1
> Num users: XXX
> Num domain groups: XX
> Num local groups: XX
>
> If it doesn't, add this line to smb.conf: log level = 10
> Restart samba and try again
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.

On 12/3/2015 12:52 PM, Jonathan S. Fisher wrote:
> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- WINDOWS
> Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com'
> jonathan.fisher at freeradius:~$ hostname
> freeradius
> jonathan.fisher at freeradius:~$ hostname -d
> windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ hostname -f
> freeradius.windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ hostname -i
> 192.168.127.134
> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = WINDOWS.CORP.XXX.COM
> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.127.129
> search windows.corp.XXX.com
> jonathan.fisher at freeradius:~$ sudo net ads testjoin
> Join is OK
> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart
&&
> sudo service sernet-samba-nmbd restart && sudo service
sernet-samba-smbd
> restart
> Shutting down SAMBA winbindd :  *
> Starting SAMBA winbindd :  *
> Shutting down SAMBA nmbd :  *
> Starting SAMBA nmbd :  *
> Shutting down SAMBA smbd :  *
> Starting SAMBA smbd :  *
> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
>
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
> jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
> Unable to find a suitable server for domain WINDOWS
>
>
> Sigh. I really appreciate your guy's help. I know this thread is
starting
> to drone on.
>
>
> On Thu, Dec 3, 2015 at 10:26 AM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 03/12/15 16:06, Jonathan S. Fisher wrote:
>>
>>>> host -t SRV _ldap._tcp.windows.corp.XXX.com <
>>> http://tcp.windows.corp.XXX.com>
>>> _ldap._tcp.windows.corp.XXX.com
<http://tcp.windows.corp.XXX.com> has
>>> SRV record 0 100 389 whiskey.windows.corp.XXX.com <
>>> http://whiskey.windows.corp.XXX.com>.
>>> _ldap._tcp.windows.corp.XXX.com
<http://tcp.windows.corp.XXX.com> has
>>> SRV record 0 100 389 wine.windows.corp.XXX.com <
>>> http://wine.windows.corp.XXX.com>.
>>>
>>>> host -t SRV _kerberos._udp.windows.corp.XXX.com <
>>> http://udp.windows.corp.XXX.com>
>>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>>> has SRV record 0 100 88 whiskey.windows.corp.XXX.com <
>>> http://whiskey.windows.corp.XXX.com>.
>>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>>> has SRV record 0 100 88 wine.windows.corp.XXX.com <
>>> http://wine.windows.corp.XXX.com>.
>>>
>>>> host -t A freeradius.windows.corp.XXX.com <
>>> http://freeradius.windows.corp.XXX.com>.
>>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>
>>> has address 192.168.127.134
>>>
>>>> host -t SRV 192.168.127.134
>>> 134.127.168.192.in-addr.arpa domain name pointer
>>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>.
>>>
>>> I tried the same thing with ".WINDOWS" and it doesn't
work of course...
>>>
>>>
>>>
>>>
>> Your DNS appears to be working :-)
>>
>> Lets move on from there:
>>
>> Quick recap:
>> 'hostname' should return 'freeradius'
>> 'hostname -d' should return 'windows.corp.xxx.com'
>> 'hostname -f' should return
'freeradius.windows.corp.xxx.com'
>> 'hostname -i' should return '192.168.127.134'
>>
>> /etc/resolv.conf should contain this:
>>
>> search windows.corp.xxx.com
>> nameserver 'ip of first DC'
>> nameserver 'ip of second DC'
>>
>> /etc/krb5.conf should contain this:
>>
>> [libdefaults]
>>          default_realm = WINDOWS.CORP.XXX.COM
>>
>>
>> smb.conf is setup as per the samba wiki
>>
>> If you run 'net ads testjoin' it should return 'Join is
OK'
>>
>> If all the above is complied with, running 'sudo net rpc info
>> -UAdministrator' should return something like this:
>>
>> Domain Name: SAMDOM
>> Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
>> Sequence number: 1
>> Num users: XXX
>> Num domain groups: XX
>> Num local groups: XX
>>
>> If it doesn't, add this line to smb.conf: log level = 10
>> Restart samba and try again
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
Anything helpful if you run with a debug level of 10?

"sudo net rpc info -UWINDOWS\\Administrator -d 10"




-- 
-James

Couple of questions...

* Is it safe to clear out the /var/cache/samba and rejoin?
* What is this lmhosts thing it's looking for?
* Is this what went wrong?
> internal_resolve_name: looking up WINDOWS#1b (sitename (null))

jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator -d
10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
Processing section "[global]"
doing parameter netbios name = freeradius
doing parameter security = ADS
doing parameter workgroup = WINDOWS
doing parameter realm = WINDOWS.CORP.XXX.COM
doing parameter local master = no
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 3
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = no
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind nested groups = yes
doing parameter load printers = no
doing parameter idmap config WINDOWS:backend = autorid
doing parameter idmap config WINDOWS:range = 10000-99999
doing parameter domain master = no
doing parameter local master = no
doing parameter preferred master = no
doing parameter template homedir = /home/%D/%U
doing parameter root preexec = /usr/local/sbin/mkhomedir.sh %U
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="FREERADIUS"
added interface eth0 ip=192.168.127.134 bcast=192.168.127.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
internal_resolve_name: looking up WINDOWS#1b (sitename (null))
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
no entry for WINDOWS#1B found.
resolve_ads: Attempting to resolve PDC for WINDOWS using DNS
dns_send_req: Failed to resolve _ldap._tcp.pdc._msdcs.WINDOWS (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up WINDOWS#1b (sitename (null))
no entry for WINDOWS#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name WINDOWS<0x1b>
Unable to resolve PDC server address
Unable to find a suitable server for domain WINDOWS
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
return code = -1
Freeing parametrics:

*Jonathan S. Fisher*
*VP - Information Technology*
*Spring Venture Group*

On Thu, Dec 3, 2015 at 12:22 PM, James <lingpanda101 at gmail.com> wrote:
> On 12/3/2015 12:52 PM, Jonathan S. Fisher wrote:
>
>> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
>> Enter administrator's password:
>> Using short domain name -- WINDOWS
>> Joined 'FREERADIUS' to dns domain
'windows.corp.XXX.com'
>> jonathan.fisher at freeradius:~$ hostname
>> freeradius
>> jonathan.fisher at freeradius:~$ hostname -d
>> windows.corp.XXX.com
>> jonathan.fisher at freeradius:~$ hostname -f
>> freeradius.windows.corp.XXX.com
>> jonathan.fisher at freeradius:~$ hostname -i
>> 192.168.127.134
>> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = WINDOWS.CORP.XXX.COM
>> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 192.168.127.129
>> search windows.corp.XXX.com
>> jonathan.fisher at freeradius:~$ sudo net ads testjoin
>> Join is OK
>> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd
restart
>> &&
>> sudo service sernet-samba-nmbd restart && sudo service
sernet-samba-smbd
>> restart
>> Shutting down SAMBA winbindd :  *
>> Starting SAMBA winbindd :  *
>> Shutting down SAMBA nmbd :  *
>> Starting SAMBA nmbd :  *
>> Shutting down SAMBA smbd :  *
>> Starting SAMBA smbd :  *
>> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
>>
>>
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
>> jonathan.fisher at freeradius:~$ sudo net rpc info
-UWINDOWS\\Administrator
>> Unable to find a suitable server for domain WINDOWS
>>
>>
>> Sigh. I really appreciate your guy's help. I know this thread is
starting
>> to drone on.
>>
>>
>> On Thu, Dec 3, 2015 at 10:26 AM, Rowland penny <rpenny at
samba.org> wrote:
>>
>> On 03/12/15 16:06, Jonathan S. Fisher wrote:
>>>
>>> host -t SRV _ldap._tcp.windows.corp.XXX.com <
>>>>>
>>>> http://tcp.windows.corp.XXX.com>
>>>> _ldap._tcp.windows.corp.XXX.com
<http://tcp.windows.corp.XXX.com> has
>>>> SRV record 0 100 389 whiskey.windows.corp.XXX.com <
>>>> http://whiskey.windows.corp.XXX.com>.
>>>> _ldap._tcp.windows.corp.XXX.com
<http://tcp.windows.corp.XXX.com> has
>>>> SRV record 0 100 389 wine.windows.corp.XXX.com <
>>>> http://wine.windows.corp.XXX.com>.
>>>>
>>>> host -t SRV _kerberos._udp.windows.corp.XXX.com <
>>>>>
>>>> http://udp.windows.corp.XXX.com>
>>>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>>>> has SRV record 0 100 88 whiskey.windows.corp.XXX.com <
>>>> http://whiskey.windows.corp.XXX.com>.
>>>> _kerberos._udp.windows.corp.XXX.com
<http://udp.windows.corp.XXX.com>
>>>> has SRV record 0 100 88 wine.windows.corp.XXX.com <
>>>> http://wine.windows.corp.XXX.com>.
>>>>
>>>> host -t A freeradius.windows.corp.XXX.com <
>>>>>
>>>> http://freeradius.windows.corp.XXX.com>.
>>>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com
>>>> >
>>>> has address 192.168.127.134
>>>>
>>>> host -t SRV 192.168.127.134
>>>>>
>>>> 134.127.168.192.in-addr.arpa domain name pointer
>>>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com
>>>> >.
>>>>
>>>> I tried the same thing with ".WINDOWS" and it
doesn't work of course...
>>>>
>>>>
>>>>
>>>>
>>>> Your DNS appears to be working :-)
>>>
>>> Lets move on from there:
>>>
>>> Quick recap:
>>> 'hostname' should return 'freeradius'
>>> 'hostname -d' should return 'windows.corp.xxx.com'
>>> 'hostname -f' should return
'freeradius.windows.corp.xxx.com'
>>> 'hostname -i' should return '192.168.127.134'
>>>
>>> /etc/resolv.conf should contain this:
>>>
>>> search windows.corp.xxx.com
>>> nameserver 'ip of first DC'
>>> nameserver 'ip of second DC'
>>>
>>> /etc/krb5.conf should contain this:
>>>
>>> [libdefaults]
>>>          default_realm = WINDOWS.CORP.XXX.COM
>>>
>>>
>>> smb.conf is setup as per the samba wiki
>>>
>>> If you run 'net ads testjoin' it should return 'Join is
OK'
>>>
>>> If all the above is complied with, running 'sudo net rpc info
>>> -UAdministrator' should return something like this:
>>>
>>> Domain Name: SAMDOM
>>> Domain SID: S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
>>> Sequence number: 1
>>> Num users: XXX
>>> Num domain groups: XX
>>> Num local groups: XX
>>>
>>> If it doesn't, add this line to smb.conf: log level = 10
>>> Restart samba and try again
>>>
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>> Anything helpful if you run with a debug level of 10?
>
> "sudo net rpc info -UWINDOWS\\Administrator -d 10"
>
>
>
>
> --
> -James
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.

On 03/12/15 17:52, Jonathan S. Fisher wrote:
>
>
> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
> Enter administrator's password:
> Using short domain name -- WINDOWS
> Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com 
> <http://windows.corp.XXX.com>'
> jonathan.fisher at freeradius:~$ hostname
> freeradius
> jonathan.fisher at freeradius:~$ hostname -d
> windows.corp.XXX.com <http://windows.corp.XXX.com>
> jonathan.fisher at freeradius:~$ hostname -f
> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>
> jonathan.fisher at freeradius:~$ hostname -i
> 192.168.127.134
> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
> [libdefaults]
> default_realm = WINDOWS.CORP.XXX.COM <http://WINDOWS.CORP.XXX.COM>
> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 192.168.127.129
> search windows.corp.XXX.com <http://windows.corp.XXX.com>
OK, earlier you posted this:

192.168.127.131 whiskey.windows.corp.XXX.com 
<http://whiskey.windows.corp.XXX.com> whiskey
192.168.112.4 wine..windows.corp.XXX.com <http://windows.corp.XXX.com>
wine

So what is '192.168.127.129' ? it certainly isn't one of your DCs,
which
is what it should be pointing at. I am sure I have said this before, but 
your AD domain clients must use a DC for a nameserver.

Fix this and I am fairly sure everything will work as it should.

Rowland

> jonathan.fisher at freeradius:~$ sudo net ads testjoin
> Join is OK
> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd 
> restart && sudo service sernet-samba-nmbd restart && sudo
service
> sernet-samba-smbd restart
> Shutting down SAMBA winbindd :  *
> Starting SAMBA winbindd :  *
> Shutting down SAMBA nmbd :  *
> Starting SAMBA nmbd :  *
> Shutting down SAMBA smbd :  *
> Starting SAMBA smbd :  *
> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
>
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
> jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
> Unable to find a suitable server for domain WINDOWS
>
>
> Sigh. I really appreciate your guy's help. I know this thread is 
> starting to drone on.
>
>

192.168.127.129 is the core  DNS server. It forwards anything in the
windows subdomain straight to the DCs, so it doesn't matter if this client
is pointed at the DC or the main DNS server. Either way, it still does the
wrong behavior, which is use the short .WINDOWS instead of .
WINDOWS.CORP.XXX.COM

I removed all .tdb files, purged /var/cache/samba, removed /etc/krb5.tdb,
and deleted the computer account out of AD.

I have a feeling this line is significant, but I'm not sure what it means:
internal_resolve_name: looking up WINDOWS#1b (sitename (null))


jonathan.fisher at freeradius:~$ hostname
freeradius
jonathan.fisher at freeradius:~$ hostname -d
windows.corp.XXX.com
jonathan.fisher at freeradius:~$ hostname -f
freeradius.windows.corp.XXX.com
jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 192.168.127.131
nameserver 192.168.112.4
search windows.corp.XXX.com
jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.CORP.XXX.COM
jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
Enter administrator's password:
Using short domain name -- WINDOWS
Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com'
jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart
&&
sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd
restart
Shutting down SAMBA winbindd :  * Warning: /usr/sbin/winbindd not running !
Starting SAMBA winbindd :  * Warning: /var/run/samba/winbindd.pid exists !
 *
Shutting down SAMBA nmbd :  *
Starting SAMBA nmbd :  *
Shutting down SAMBA smbd :  *
Starting SAMBA smbd :  *
jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd restart
&&
sudo service sernet-samba-nmbd restart && sudo service sernet-samba-smbd
restart
Shutting down SAMBA winbindd :  *
Starting SAMBA winbindd :  *
Shutting down SAMBA nmbd :  *
Starting SAMBA nmbd :  *
Shutting down SAMBA smbd :  *
Starting SAMBA smbd :  *
jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator
Unable to find a suitable server for domain WINDOWS
jonathan.fisher at freeradius:~$ sudo net rpc info -UWINDOWS\\Administrator -d
10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
Processing section "[global]"
doing parameter netbios name = freeradius
doing parameter security = ADS
doing parameter workgroup = WINDOWS
doing parameter realm = WINDOWS.CORP.XXX.COM
doing parameter local master = no
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 3
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = no
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind nested groups = yes
doing parameter load printers = no
doing parameter idmap config WINDOWS:backend = autorid
doing parameter idmap config WINDOWS:range = 10000-99999
doing parameter domain master = no
doing parameter local master = no
doing parameter preferred master = no
doing parameter template homedir = /home/%D/%U
doing parameter root preexec = /usr/local/sbin/mkhomedir.sh %U
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="FREERADIUS"
added interface eth0 ip=192.168.127.134 bcast=192.168.127.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
internal_resolve_name: looking up WINDOWS#1b (sitename (null))
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
no entry for WINDOWS#1B found.
resolve_ads: Attempting to resolve PDC for WINDOWS using DNS
dns_send_req: Failed to resolve _ldap._tcp.pdc._msdcs.WINDOWS (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up WINDOWS#1b (sitename (null))
no entry for WINDOWS#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name WINDOWS<0x1b>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name WINDOWS<0x1b>
Unable to resolve PDC server address
Unable to find a suitable server for domain WINDOWS
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
return code = -1
Freeing parametrics:
jonathan.fisher at freeradius:~$


*Jonathan S. Fisher*
*VP - Information Technology*
*Spring Venture Group*

On Thu, Dec 3, 2015 at 1:39 PM, Rowland penny <rpenny at samba.org> wrote:
> On 03/12/15 17:52, Jonathan S. Fisher wrote:
>
>>
>>
>> jonathan.fisher at freeradius:~$ sudo net ads join -Uadministrator
>> Enter administrator's password:
>> Using short domain name -- WINDOWS
>> Joined 'FREERADIUS' to dns domain 'windows.corp.XXX.com
<
>> http://windows.corp.XXX.com>'
>> jonathan.fisher at freeradius:~$ hostname
>> freeradius
>> jonathan.fisher at freeradius:~$ hostname -d
>> windows.corp.XXX.com <http://windows.corp.XXX.com>
>> jonathan.fisher at freeradius:~$ hostname -f
>> freeradius.windows.corp.XXX.com
<http://freeradius.windows.corp.XXX.com>
>> jonathan.fisher at freeradius:~$ hostname -i
>> 192.168.127.134
>> jonathan.fisher at freeradius:~$ cat /etc/krb5.conf
>> [libdefaults]
>> default_realm = WINDOWS.CORP.XXX.COM
<http://WINDOWS.CORP.XXX.COM>
>> jonathan.fisher at freeradius:~$ cat /etc/resolv.conf
>> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
>> resolvconf(8)
>> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
>> nameserver 192.168.127.129
>> search windows.corp.XXX.com <http://windows.corp.XXX.com>
>>
>
> OK, earlier you posted this:
>
> 192.168.127.131 whiskey.windows.corp.XXX.com <
> http://whiskey.windows.corp.XXX.com> whiskey
> 192.168.112.4 wine..windows.corp.XXX.com
<http://windows.corp.XXX.com>
> wine
>
> So what is '192.168.127.129' ? it certainly isn't one of your
DCs, which
> is what it should be pointing at. I am sure I have said this before, but
> your AD domain clients must use a DC for a nameserver.
>
> Fix this and I am fairly sure everything will work as it should.
>
> Rowland
>
>
> jonathan.fisher at freeradius:~$ sudo net ads testjoin
>> Join is OK
>> jonathan.fisher at freeradius:~$ sudo service sernet-samba-winbindd
restart
>> && sudo service sernet-samba-nmbd restart && sudo
service sernet-samba-smbd
>> restart
>> Shutting down SAMBA winbindd :  *
>> Starting SAMBA winbindd :  *
>> Shutting down SAMBA nmbd :  *
>> Starting SAMBA nmbd :  *
>> Shutting down SAMBA smbd :  *
>> Starting SAMBA smbd :  *
>> jonathan.fisher at freeradius:~$ sudo wbinfo -i WINDOWS\\administrator
>>
>>
WINDOWS\administrator:*:4294967295:4294967295:Administrator:/home/WINDOWS/administrator:/bin/false
>> jonathan.fisher at freeradius:~$ sudo net rpc info
-UWINDOWS\\Administrator
>> Unable to find a suitable server for domain WINDOWS
>>
>>
>> Sigh. I really appreciate your guy's help. I know this thread is
starting
>> to drone on.
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
Email Confidentiality Notice: The information contained in this 
transmission is confidential, proprietary or privileged and may be subject 
to protection under the law, including the Health Insurance Portability and 
Accountability Act (HIPAA). The message is intended for the sole use of the 
individual or entity to whom it is addressed. If you are not the intended 
recipient, you are notified that any use, distribution or copying of the 
message is strictly prohibited and may subject you to criminal or civil 
penalties. If you received this transmission in error, please contact the 
sender immediately by replying to this email and delete the material from 
any computer.