Pau Peris
2016-May-20 20:06 UTC
[Samba] Suddenly Windows clients can't join Samba+ldap PDC anymore
Excuse me for the little flood please, i've just checked it again and now i see SRV1 as master for exedra.cat workgroup, i event can see in the logs Samba name server SRV1 is now a local master browser for workgroup EXEDRA.CAT on subnet 192.168.69.203 So i'll keep digging on how to fix the issue exposed on my first email, tomorrow i'll try to see wether it's an IPV6 issue or not. On Fri, May 20, 2016 at 9:59 PM, Pau Peris <pau at webeloping.es> wrote:> Right now i'm out of the office and i have no way to remotely work > with the Windows machines so i've been upgrading the server to Ubuntu > 16.04. Everything seems to be working as before but i'm wondering why > right now the Master value is blank for Workgroup exedra.cat Any idea? > > # smbclient -L localhost > WARNING: The "syslog" option is deprecated > Enter root's password: > Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] > > Sharename Type Comment > --------- ---- ------- > Dropbox Disk Dropbox content > public Disk Public Share > print$ Disk Printer Drivers Download Area > IPC$ IPC IPC Service (exedra.cat) > root Disk Home Directories > PLOTTER Printer PLOTTER > OfficeJetK850 Printer HP Officejet Pro K850 > HPDesignJet500 Printer HPDesignJet500 > RICOH Printer RICOH Aficio MP C2500 > Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] > > Server Comment > --------- ------- > SRV1 exedra.cat > > Workgroup Master > --------- ------- > EXEDRA.CAT > > On Fri, May 20, 2016 at 7:40 PM, Gaiseric Vandal > <gaiseric.vandal at gmail.com> wrote: >> You should be able to unbind ipv6 for the win 10 machine's network >> interface. >> >> >> >> does "nslookup SRV1" work? >> >> >> Also, you may want to try running tcpdump or ethereal or wireshark on our >> PDC and see what traffic is captres. >> >> >> On 05/20/16 13:24, Pau Peris wrote: >>> >>> I'm completely lost as i can ping SRV1 without issues but i'm starting >>> to think that maybe Windows tries to join the domain through IPV6. >>> ping -c6 SRV1 from this Windows 10 machine leads to host not found so >>> i'm working on this direction right now. >>> >>> Any help will be really appreciated >>> >>> On Fri, May 20, 2016 at 5:04 PM, Gaiseric Vandal >>> <gaiseric.vandal at gmail.com> wrote: >>>> >>>> I was trying to fix a problem on Windows 10 with Outlook 2013. Also >>>> running an NT4-style domain. The machine had already been joined to >>>> the >>>> domain and outlook had been working but recently not (probably after >>>> patch >>>> tuesday.) I also had had problems with Win 10 mail and RDP. >>>> I >>>> came across the following link. >>>> >>>> >>>> >>>> *http://superuser.com/questions/1019862/how-to-connect-windows-10-joined-to-samba-to-a-microsoft-account* >>>> >>>> >>>> >>>> "Open the registry editor (regedit.exe), navigate to >>>> >>>> |HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb| >>>> and add a new DWORD subkey |ProtectionPolicy| with the value |1|." >>>> >>>> >>>> >>>> >>>> Seemed to fix my e-mail and RDP issues. I don't know if I would have >>>> been >>>> unable to join the domain , since the machine was already joined. >>>> >>>> >>>> >>>> >>>> >>>> >>>> On 05/20/16 10:29, Pau Peris wrote: >>>>> >>>>> Hi, >>>>> >>>>> i've tried adding server max protocol = NT1 into /etc/samba/smb.conf >>>>> and restarting smbd and nmbd services but it didn't do the trick. >>>>> >>>>> I feel like Windows clients are not able to resolve SRV1 into the PDC >>>>> and so they can't event try to join the domain. >>>>> >>>>> On Fri, May 20, 2016 at 4:22 PM, Pau Peris <pau at webeloping.es> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> thanks a lot for the tips. I already did the first one, importing the >>>>>> following into the registry: >>>>>> >>>>>> Windows Registry Editor Version 5.00 >>>>>> >>>>>> >>>>>> >>>>>> [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] >>>>>> >>>>>> "DomainCompatibilityMode"=dword:00000001 >>>>>> "DNSNameResolutionRequired"=dword:00000000 >>>>>> >>>>>> I didn't do the second tip but it looks like it's not needed for >>>>>> Windows 7 OS and i also had the same issue on a Windows 7 VMWare >>>>>> machine. I'm going to try it and see what happens. >>>>>> >>>>>> Thank u! >>>>>> >>>>>> On Fri, May 20, 2016 at 3:07 PM, Denis Cardon >>>>>> <denis.cardon at tranquil-it-systems.fr> wrote: >>>>>>> >>>>>>> Hi Peris, >>>>>>> >>>>>>>> some years ago i configured a `Primary Domain Controller` through >>>>>>>> Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203 >>>>>>>> which should be accessible by the string/name `SRV1`. I must note i >>>>>>>> did not installed winbind. I've never had any issue and it looks like >>>>>>>> it's working fine as about 10 Windows machines joined the PDC and >>>>>>>> Windows users can login against PDC on daily basis. >>>>>>>> >>>>>>>> The method i always used to join the domain throgh Windows clients >>>>>>>> was >>>>>>>> right clicking on computer -> properties -> advanced system settings >>>>>>>> -> computer name -> change -> member of domain; and typing SRV1 in >>>>>>>> the >>>>>>>> input. >>>>>>>> >>>>>>>> But today i tried to join a Windows 10 Professional machine (i even >>>>>>>> tried on a virtualized Windows 7 Profesisonal and suffered the same >>>>>>>> issue) to the PDC and i'm always getting this error: >>>>>>> >>>>>>> >>>>>>> Did you make the required registry modification on the Windows >>>>>>> clients? >>>>>>> >>>>>>> >>>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains >>>>>>> >>>>>>> For Windows 10, you'll also need to limit SMB protocol to version 1 : >>>>>>> >>>>>>> >>>>>>> >>>>>>> https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request. >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Denis >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Note: This information is intended for a network administrator. If >>>>>>>> you are not your network’s administrator, notify the administrator >>>>>>>> that you received this information, which has been recorded in the >>>>>>>> file C:\Windows\debug\dcdiag.txt. >>>>>>>> >>>>>>>> The following error occurred when DNS was queried for the service >>>>>>>> location (SRV) resource record used to locate an Active Directory >>>>>>>> Domain Controller for domain SRV1: >>>>>>>> The error was: “DNS name does not exist.” >>>>>>>> >>>>>>>> (error code 0x0000232B RCODE_NAME_ERROR) >>>>>>>> The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1 >>>>>>>> Common causes of this error include the following: >>>>>>>> >>>>>>>> - The DNS SRV records required to locate a AD DC for the domain are >>>>>>>> not registered in DNS. These records are registered with a DNS server >>>>>>>> automatically when a AD DC is added to a domain. They are updated by >>>>>>>> the AD DC at set intervals. This computer is configured to use DNS >>>>>>>> servers with the following >>>>>>>> >>>>>>>> IP addresses: >>>>>>>> x.y.w.z >>>>>>>> >>>>>>>> - One or more of the following zones do not include delegation to its >>>>>>>> child zone: >>>>>>>> SRV1 >>>>>>>> . (the root zone) >>>>>>>> For information about correcting this problem, click Help. >>>>>>>> >>>>>>>> >>>>>>>> As you can see it looks like it's not possible to reach the PDC >>>>>>>> service >>>>>>>> at >>>>>>>> SRV1. >>>>>>>> >>>>>>>> The above error happens when i try to join the PDC by right clicking >>>>>>>> on computer -> properties -> advanced system settings -> computer >>>>>>>> name >>>>>>>> -> change -> member of domain; and typing SRV1 in the input. >>>>>>>> >>>>>>>> I also can ping SRV1 and it replies fine: >>>>>>>> C:\Users\admin>ping SRV1 >>>>>>>> Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos: >>>>>>>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 >>>>>>>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 >>>>>>>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 >>>>>>>> Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 >>>>>>>> >>>>>>>> >>>>>>>> I can even run win+r and type \\SRV1 press enter and it asks for a >>>>>>>> LDAP user and password and then it show the right resources according >>>>>>>> to the user rights. >>>>>>>> >>>>>>>> I already tried to adding in 192.168.69.203 SRV1 in >>>>>>>> C:\Windows\System32\drivers\etc\hosts but it didn't help. >>>>>>>> >>>>>>>> The Windows client IP rtying to join the PDC is 192.168.69.49 so if i >>>>>>>> `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can >>>>>>>> see: >>>>>>>> [2016/05/20 11:50:50, 3] >>>>>>>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request) >>>>>>>> process_name_query_request: Name query from 192.168.69.52 on >>>>>>>> subnet >>>>>>>> 192.168.69.203 for name SRV1<20> >>>>>>>> [2016/05/20 11:50:50, 3] >>>>>>>> nmbd/nmbd_incomingrequests.c:571(process_name_query_request) >>>>>>>> OK >>>>>>>> [2016/05/20 11:50:54, 3] >>>>>>>> nmbd/nmbd_incomingrequests.c:456(process_name_query_request) >>>>>>>> process_name_query_request: Name query from 192.168.69.49 on >>>>>>>> subnet >>>>>>>> 192.168.69.203 for name SRV1<1c> >>>>>>>> >>>>>>>> Reading this doc https://support.microsoft.com/en-us/kb/163409 i see >>>>>>>> Netbios type 20 means File Server Service and Netbios type 1c means >>>>>>>> Domain Controllers but i doubt the latter is fine as i don't see the >>>>>>>> Ok response and the doc say <domain> instead of <computername>: >>>>>>>> >>>>>>>> Name Number(h) Type Usage >>>>>>>> >>>>>>>> >>>>>>>> -------------------------------------------------------------------------- >>>>>>>> <computername> 20 U File Server Service >>>>>>>> <domain> 1C G Domain Controllers >>>>>>>> >>>>>>>> >>>>>>>> This is the wins.dat file generated automatically by samba `cat >>>>>>>> /var/lib/samba/wins.dat`: >>>>>>>> VERSION 1 0 >>>>>>>> "EXEDRA72#20" 1464037217 192.168.69.58 64R >>>>>>>> "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R >>>>>>>> "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R >>>>>>>> "EXEDRA72#00" 1464037217 192.168.69.58 64R >>>>>>>> "SRV1#03" 1463997523 192.168.69.203 66R >>>>>>>> "SRV1#20" 1463997523 192.168.69.203 66R >>>>>>>> "SRV1#00" 1463997523 192.168.69.203 66R >>>>>>>> "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R >>>>>>>> "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R >>>>>>>> >>>>>>>> >>>>>>>> This is the output of `cat /etc/hosts`: >>>>>>>> # cat /etc/hosts >>>>>>>> 127.0.0.1 localhost localhost.localdomain srv1.exedra.cat srv1 >>>>>>>> exedra.dyndns.org exedra.cat >>>>>>>> 127.0.1.1 localhost localhost.localdomain srv1.exedra.cat srv1 >>>>>>>> exedra.dyndns.org exedra.cat >>>>>>>> 192.168.69.203 localhost localhost.localdomain srv1.exedra.cat srv1 >>>>>>>> exedra.dyndns.org exedra.cat >>>>>>>> # The following lines are desirable for IPv6 capable hosts >>>>>>>> ::1 ip6-localhost ip6-loopback >>>>>>>> fe00::0 ip6-localnet >>>>>>>> ff00::0 ip6-mcastprefix >>>>>>>> ff02::1 ip6-allnodes >>>>>>>> ff02::2 ip6-allrouters >>>>>>>> >>>>>>>> >>>>>>>> output of resolv.conf `cat /etc/resolv.conf`:> >>>>>>>> domain exedra.cat >>>>>>>> search exedra.cat >>>>>>>> nameserver 80.58.61.250 >>>>>>>> nameserver 80.58.61.254 >>>>>>>> >>>>>>>> >>>>>>>> hostname output `cat /etc/hostname`: srv1.exedra.cat >>>>>>>> >>>>>>>> >>>>>>>> Here i post the output of `testparm -v` >>>>>>>> https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f >>>>>>>> >>>>>>>> This is the output of running `smbclient -L localhost` ont the >>>>>>>> server >>>>>>>> (192.168.69.203): >>>>>>>> smbclient -L localhost >>>>>>>> Enter root's password: >>>>>>>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18] >>>>>>>> >>>>>>>> Sharename Type Comment >>>>>>>> --------- ---- ------- >>>>>>>> IPC$ IPC IPC Service (exedra.cat) >>>>>>>> print$ Disk Printer Drivers Download Area >>>>>>>> public Disk Public Share >>>>>>>> Dropbox Disk Dropbox content >>>>>>>> PLOTTER Printer PLOTTER >>>>>>>> OfficeJetK850 Printer HP Officejet Pro K850 >>>>>>>> HPDesignJet500 Printer HPDesignJet500 >>>>>>>> RICOH Printer RICOH Aficio MP C2500 >>>>>>>> root Disk Home Directories >>>>>>>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18] >>>>>>>> >>>>>>>> Server Comment >>>>>>>> --------- ------- >>>>>>>> EXEDRA101 exedra101 >>>>>>>> SRV1 exedra.cat >>>>>>>> >>>>>>>> Workgroup Master >>>>>>>> --------- ------- >>>>>>>> EXEDRA.CAT SRV1 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> As the last time i try adding a machine it was about a year ago i >>>>>>>> thought i might be wrong when typing SRV1 and instead i tried typing >>>>>>>> exedra.cat - but i'm 99% confident i just need to make sure Windows >>>>>>>> clients are capable of resolving SRV1 as 192.168.69.203 and then type >>>>>>>> SRV1 instead of exedra.cat - but it showed me the same error so i >>>>>>>> added the following records to the exedra.cat DNS zone (this is the >>>>>>>> first time i need to add SRV records to join the domain): >>>>>>>> >>>>>>>> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat. >>>>>>>> _ldap._tcp.dc._msdcs.srv1.exedra.cat SRV 0 0 exedra.cat. >>>>>>>> >>>>>>>> >>>>>>>> and by trying to join exedra.cat instead of SRV1 i get: >>>>>>>> Note: This information is intended for a network administrator. If >>>>>>>> you are not your network's administrator, notify the administrator >>>>>>>> that you received this information, which has been recorded in the >>>>>>>> file C:\Windows\debug\dcdiag.txt. >>>>>>>> >>>>>>>> DNS was successfully queried for the service location (SRV) resource >>>>>>>> record used to locate a domain controller for domain "exedra.cat": >>>>>>>> >>>>>>>> The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat >>>>>>>> >>>>>>>> The following domain controllers were identified by the query: >>>>>>>> srv1.exedra.cat >>>>>>>> >>>>>>>> >>>>>>>> However no domain controllers could be contacted. >>>>>>>> >>>>>>>> Common causes of this error include: >>>>>>>> >>>>>>>> - Host (A) or (AAAA) records that map the names of the domain >>>>>>>> controllers to their IP addresses are missing or contain incorrect >>>>>>>> addresses. >>>>>>>> >>>>>>>> - Domain controllers registered in DNS are not connected to the >>>>>>>> network or are not running. >>>>>>>> >>>>>>>> >>>>>>>> Note the following resolutions: >>>>>>>> ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat >>>>>>>> _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 >>>>>>>> srv1.exedra.cat. >>>>>>>> >>>>>>>> ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat >>>>>>>> _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 >>>>>>>> srv1.exedra.cat. >>>>>>>> >>>>>>>> ~ host -t A srv1.exedra.cat >>>>>>>> srv1.exedra.cat has address 192.168.69.203 >>>>>>>> >>>>>>>> ~ host -t A exedra.cat >>>>>>>> exedra.cat has address 66.96.147.160 >>>>>>>> >>>>>>>> >>>>>>>> The thing is i'm 99% sure i used to join the domain by supplying SRV1 >>>>>>>> string on "member of domain" input but now it looks like Windows >>>>>>>> clients are not able to resolve SRV1 to 192.168.69.203 which is the >>>>>>>> ubuntu machine which hosts the samba+ldap PDC. >>>>>>>> >>>>>>> -- >>>>>>> Denis Cardon >>>>>>> Tranquil IT Systems >>>>>>> Les Espaces Jules Verne, bâtiment A >>>>>>> 12 avenue Jules Verne >>>>>>> 44230 Saint Sébastien sur Loire >>>>>>> tel : +33 (0) 2.40.97.57.55 >>>>>>> http://www.tranquil-it-systems.fr >>>>>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >> >> >
Gaiseric Vandal
2016-May-20 20:45 UTC
[Samba] Suddenly Windows clients can't join Samba+ldap PDC anymore
Are you running a wins server (maybe you already mentioned this.) That
tends to help minimize some classic samba issues.
On my PDC
root at mypdc:~# testparm -v | more
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (256) to minimum Windows limit
(16384)
Processing section "[netlogon]"
WARNING: The "share modes" option is deprecated
Processing section "[config]"
WARNING: The "share modes" option is deprecated
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
[global]
dos charset = CP850
unix charset = UTF8
display charset = UTF8
workgroup = MYDOMAIN
realm netbios name = MYPDC
netbios aliases netbios scope
server string = mypdc
interfaces bind interfaces only = No
security = USER
...
smb ports = 445 139
...
wins server wins support = Yes
Make sure that on the windows clients, "ipconfig /all" shows a wins
server. Also make sure that you have NOT disable netbios-over-tcpip.
THis is enabled by default on Windows 7. I don't think it is disabled
on Windows 10 by default.
I ran into an issue this week where, even tho I don't use Ipv6, some
windows machines were attempting to resolve names via invalid DNS
servers specified in ipv6 settings.
On 05/20/16 16:06, Pau Peris wrote:> Excuse me for the little flood please, i've just checked it again and
> now i see SRV1 as master for exedra.cat workgroup, i event can see in
> the logs Samba name server SRV1 is now a local master browser for
> workgroup EXEDRA.CAT on subnet 192.168.69.203
>
> So i'll keep digging on how to fix the issue exposed on my first
> email, tomorrow i'll try to see wether it's an IPV6 issue or not.
>
> On Fri, May 20, 2016 at 9:59 PM, Pau Peris <pau at webeloping.es>
wrote:
>> Right now i'm out of the office and i have no way to remotely work
>> with the Windows machines so i've been upgrading the server to
Ubuntu
>> 16.04. Everything seems to be working as before but i'm wondering
why
>> right now the Master value is blank for Workgroup exedra.cat Any idea?
>>
>> # smbclient -L localhost
>> WARNING: The "syslog" option is deprecated
>> Enter root's password:
>> Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> Dropbox Disk Dropbox content
>> public Disk Public Share
>> print$ Disk Printer Drivers Download Area
>> IPC$ IPC IPC Service (exedra.cat)
>> root Disk Home Directories
>> PLOTTER Printer PLOTTER
>> OfficeJetK850 Printer HP Officejet Pro K850
>> HPDesignJet500 Printer HPDesignJet500
>> RICOH Printer RICOH Aficio MP C2500
>> Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu]
>>
>> Server Comment
>> --------- -------
>> SRV1 exedra.cat
>>
>> Workgroup Master
>> --------- -------
>> EXEDRA.CAT
>>
>> On Fri, May 20, 2016 at 7:40 PM, Gaiseric Vandal
>> <gaiseric.vandal at gmail.com> wrote:
>>> You should be able to unbind ipv6 for the win 10 machine's
network
>>> interface.
>>>
>>>
>>>
>>> does "nslookup SRV1" work?
>>>
>>>
>>> Also, you may want to try running tcpdump or ethereal or wireshark
on our
>>> PDC and see what traffic is captres.
>>>
>>>
>>> On 05/20/16 13:24, Pau Peris wrote:
>>>> I'm completely lost as i can ping SRV1 without issues but
i'm starting
>>>> to think that maybe Windows tries to join the domain through
IPV6.
>>>> ping -c6 SRV1 from this Windows 10 machine leads to host not
found so
>>>> i'm working on this direction right now.
>>>>
>>>> Any help will be really appreciated
>>>>
>>>> On Fri, May 20, 2016 at 5:04 PM, Gaiseric Vandal
>>>> <gaiseric.vandal at gmail.com> wrote:
>>>>> I was trying to fix a problem on Windows 10 with Outlook
2013. Also
>>>>> running an NT4-style domain. The machine had already
been joined to
>>>>> the
>>>>> domain and outlook had been working but recently not
(probably after
>>>>> patch
>>>>> tuesday.) I also had had problems with Win 10 mail
and RDP.
>>>>> I
>>>>> came across the following link.
>>>>>
>>>>>
>>>>>
>>>>>
*http://superuser.com/questions/1019862/how-to-connect-windows-10-joined-to-samba-to-a-microsoft-account*
>>>>>
>>>>>
>>>>>
>>>>> "Open the registry editor (regedit.exe), navigate to
>>>>>
>>>>>
|HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb|
>>>>> and add a new DWORD subkey |ProtectionPolicy| with the
value |1|."
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Seemed to fix my e-mail and RDP issues. I don't know
if I would have
>>>>> been
>>>>> unable to join the domain , since the machine was already
joined.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 05/20/16 10:29, Pau Peris wrote:
>>>>>> Hi,
>>>>>>
>>>>>> i've tried adding server max protocol = NT1 into
/etc/samba/smb.conf
>>>>>> and restarting smbd and nmbd services but it didn't
do the trick.
>>>>>>
>>>>>> I feel like Windows clients are not able to resolve
SRV1 into the PDC
>>>>>> and so they can't event try to join the domain.
>>>>>>
>>>>>> On Fri, May 20, 2016 at 4:22 PM, Pau Peris <pau at
webeloping.es> wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> thanks a lot for the tips. I already did the first
one, importing the
>>>>>>> following into the registry:
>>>>>>>
>>>>>>> Windows Registry Editor Version 5.00
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
>>>>>>>
>>>>>>> "DomainCompatibilityMode"=dword:00000001
>>>>>>>
"DNSNameResolutionRequired"=dword:00000000
>>>>>>>
>>>>>>> I didn't do the second tip but it looks like
it's not needed for
>>>>>>> Windows 7 OS and i also had the same issue on a
Windows 7 VMWare
>>>>>>> machine. I'm going to try it and see what
happens.
>>>>>>>
>>>>>>> Thank u!
>>>>>>>
>>>>>>> On Fri, May 20, 2016 at 3:07 PM, Denis Cardon
>>>>>>> <denis.cardon at tranquil-it-systems.fr>
wrote:
>>>>>>>> Hi Peris,
>>>>>>>>
>>>>>>>>> some years ago i configured a `Primary
Domain Controller` through
>>>>>>>>> Samba and LDAP (slapd) on an Ubuntu machine
(13.10) at 192.168.69.203
>>>>>>>>> which should be accessible by the
string/name `SRV1`. I must note i
>>>>>>>>> did not installed winbind. I've never
had any issue and it looks like
>>>>>>>>> it's working fine as about 10 Windows
machines joined the PDC and
>>>>>>>>> Windows users can login against PDC on
daily basis.
>>>>>>>>>
>>>>>>>>> The method i always used to join the domain
throgh Windows clients
>>>>>>>>> was
>>>>>>>>> right clicking on computer -> properties
-> advanced system settings
>>>>>>>>> -> computer name -> change ->
member of domain; and typing SRV1 in
>>>>>>>>> the
>>>>>>>>> input.
>>>>>>>>>
>>>>>>>>> But today i tried to join a Windows 10
Professional machine (i even
>>>>>>>>> tried on a virtualized Windows 7
Profesisonal and suffered the same
>>>>>>>>> issue) to the PDC and i'm always
getting this error:
>>>>>>>>
>>>>>>>> Did you make the required registry modification
on the Windows
>>>>>>>> clients?
>>>>>>>>
>>>>>>>>
>>>>>>>>
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains
>>>>>>>>
>>>>>>>> For Windows 10, you'll also need to limit
SMB protocol to version 1 :
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request.
>>>>>>>>
>>>>>>>> Cheers,
>>>>>>>>
>>>>>>>> Denis
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Note: This information is intended for a
network administrator. If
>>>>>>>>> you are not your network’s administrator,
notify the administrator
>>>>>>>>> that you received this information, which
has been recorded in the
>>>>>>>>> file C:\Windows\debug\dcdiag.txt.
>>>>>>>>>
>>>>>>>>> The following error occurred when DNS was
queried for the service
>>>>>>>>> location (SRV) resource record used to
locate an Active Directory
>>>>>>>>> Domain Controller for domain SRV1:
>>>>>>>>> The error was: “DNS name does not exist.”
>>>>>>>>>
>>>>>>>>> (error code 0x0000232B RCODE_NAME_ERROR)
>>>>>>>>> The query was for the SRV record for
_ldap._tcp.dc._msdcs.SRV1
>>>>>>>>> Common causes of this error include the
following:
>>>>>>>>>
>>>>>>>>> - The DNS SRV records required to locate a
AD DC for the domain are
>>>>>>>>> not registered in DNS. These records are
registered with a DNS server
>>>>>>>>> automatically when a AD DC is added to a
domain. They are updated by
>>>>>>>>> the AD DC at set intervals. This computer
is configured to use DNS
>>>>>>>>> servers with the following
>>>>>>>>>
>>>>>>>>> IP addresses:
>>>>>>>>> x.y.w.z
>>>>>>>>>
>>>>>>>>> - One or more of the following zones do not
include delegation to its
>>>>>>>>> child zone:
>>>>>>>>> SRV1
>>>>>>>>> . (the root zone)
>>>>>>>>> For information about correcting this
problem, click Help.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> As you can see it looks like it's not
possible to reach the PDC
>>>>>>>>> service
>>>>>>>>> at
>>>>>>>>> SRV1.
>>>>>>>>>
>>>>>>>>> The above error happens when i try to join
the PDC by right clicking
>>>>>>>>> on computer -> properties -> advanced
system settings -> computer
>>>>>>>>> name
>>>>>>>>> -> change -> member of domain; and
typing SRV1 in the input.
>>>>>>>>>
>>>>>>>>> I also can ping SRV1 and it replies fine:
>>>>>>>>> C:\Users\admin>ping SRV1
>>>>>>>>> Haciendo ping a SRV1 [192.168.69.203] con
32 bytes de datos:
>>>>>>>>> Respuesta desde 192.168.69.203: bytes=32
tiempo<1m TTL=64
>>>>>>>>> Respuesta desde 192.168.69.203: bytes=32
tiempo<1m TTL=64
>>>>>>>>> Respuesta desde 192.168.69.203: bytes=32
tiempo<1m TTL=64
>>>>>>>>> Respuesta desde 192.168.69.203: bytes=32
tiempo<1m TTL=64
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I can even run win+r and type \\SRV1 press
enter and it asks for a
>>>>>>>>> LDAP user and password and then it show the
right resources according
>>>>>>>>> to the user rights.
>>>>>>>>>
>>>>>>>>> I already tried to adding in 192.168.69.203
SRV1 in
>>>>>>>>> C:\Windows\System32\drivers\etc\hosts but
it didn't help.
>>>>>>>>>
>>>>>>>>> The Windows client IP rtying to join the
PDC is 192.168.69.49 so if i
>>>>>>>>> `tailf /var/log/samba/log.nmbd` while
trying to join the PDC i can
>>>>>>>>> see:
>>>>>>>>> [2016/05/20 11:50:50, 3]
>>>>>>>>>
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>>>>>>>> process_name_query_request: Name
query from 192.168.69.52 on
>>>>>>>>> subnet
>>>>>>>>> 192.168.69.203 for name SRV1<20>
>>>>>>>>> [2016/05/20 11:50:50, 3]
>>>>>>>>>
nmbd/nmbd_incomingrequests.c:571(process_name_query_request)
>>>>>>>>> OK
>>>>>>>>> [2016/05/20 11:50:54, 3]
>>>>>>>>>
nmbd/nmbd_incomingrequests.c:456(process_name_query_request)
>>>>>>>>> process_name_query_request: Name
query from 192.168.69.49 on
>>>>>>>>> subnet
>>>>>>>>> 192.168.69.203 for name SRV1<1c>
>>>>>>>>>
>>>>>>>>> Reading this doc
https://support.microsoft.com/en-us/kb/163409 i see
>>>>>>>>> Netbios type 20 means File Server Service
and Netbios type 1c means
>>>>>>>>> Domain Controllers but i doubt the latter
is fine as i don't see the
>>>>>>>>> Ok response and the doc say <domain>
instead of <computername>:
>>>>>>>>>
>>>>>>>>> Name Number(h) Type Usage
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
--------------------------------------------------------------------------
>>>>>>>>> <computername> 20 U
File Server Service
>>>>>>>>> <domain> 1C G
Domain Controllers
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This is the wins.dat file generated
automatically by samba `cat
>>>>>>>>> /var/lib/samba/wins.dat`:
>>>>>>>>> VERSION 1 0
>>>>>>>>> "EXEDRA72#20" 1464037217
192.168.69.58 64R
>>>>>>>>> "EXEDRA.CAT#1c" 1463997523
192.168.69.203 e4R
>>>>>>>>> "EXEDRA.CAT#1e" 1463997523
0.0.0.0 e4R
>>>>>>>>> "EXEDRA72#00" 1464037217
192.168.69.58 64R
>>>>>>>>> "SRV1#03" 1463997523
192.168.69.203 66R
>>>>>>>>> "SRV1#20" 1463997523
192.168.69.203 66R
>>>>>>>>> "SRV1#00" 1463997523
192.168.69.203 66R
>>>>>>>>> "EXEDRA.CAT#1b" 1463997523
192.168.69.203 64R
>>>>>>>>> "EXEDRA.CAT#00" 1463997523
0.0.0.0 e4R
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> This is the output of `cat /etc/hosts`:
>>>>>>>>> # cat /etc/hosts
>>>>>>>>> 127.0.0.1 localhost
localhost.localdomain srv1.exedra.cat srv1
>>>>>>>>> exedra.dyndns.org exedra.cat
>>>>>>>>> 127.0.1.1 localhost
localhost.localdomain srv1.exedra.cat srv1
>>>>>>>>> exedra.dyndns.org exedra.cat
>>>>>>>>> 192.168.69.203 localhost
localhost.localdomain srv1.exedra.cat srv1
>>>>>>>>> exedra.dyndns.org exedra.cat
>>>>>>>>> # The following lines are desirable for
IPv6 capable hosts
>>>>>>>>> ::1 ip6-localhost ip6-loopback
>>>>>>>>> fe00::0 ip6-localnet
>>>>>>>>> ff00::0 ip6-mcastprefix
>>>>>>>>> ff02::1 ip6-allnodes
>>>>>>>>> ff02::2 ip6-allrouters
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> output of resolv.conf `cat
/etc/resolv.conf`:>
>>>>>>>>> domain exedra.cat
>>>>>>>>> search exedra.cat
>>>>>>>>> nameserver 80.58.61.250
>>>>>>>>> nameserver 80.58.61.254
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> hostname output `cat /etc/hostname`:
srv1.exedra.cat
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Here i post the output of `testparm -v`
>>>>>>>>>
https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f
>>>>>>>>>
>>>>>>>>> This is the output of running `smbclient
-L localhost` ont the
>>>>>>>>> server
>>>>>>>>> (192.168.69.203):
>>>>>>>>> smbclient -L localhost
>>>>>>>>> Enter root's password:
>>>>>>>>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba
3.6.18]
>>>>>>>>>
>>>>>>>>> Sharename Type
Comment
>>>>>>>>> --------- ----
-------
>>>>>>>>> IPC$ IPC IPC
Service (exedra.cat)
>>>>>>>>> print$ Disk
Printer Drivers Download Area
>>>>>>>>> public Disk
Public Share
>>>>>>>>> Dropbox Disk
Dropbox content
>>>>>>>>> PLOTTER Printer
PLOTTER
>>>>>>>>> OfficeJetK850 Printer HP
Officejet Pro K850
>>>>>>>>> HPDesignJet500 Printer
HPDesignJet500
>>>>>>>>> RICOH Printer RICOH
Aficio MP C2500
>>>>>>>>> root Disk Home
Directories
>>>>>>>>> Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba
3.6.18]
>>>>>>>>>
>>>>>>>>> Server Comment
>>>>>>>>> --------- -------
>>>>>>>>> EXEDRA101 exedra101
>>>>>>>>> SRV1 exedra.cat
>>>>>>>>>
>>>>>>>>> Workgroup Master
>>>>>>>>> --------- -------
>>>>>>>>> EXEDRA.CAT SRV1
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> As the last time i try adding a machine it
was about a year ago i
>>>>>>>>> thought i might be wrong when typing SRV1
and instead i tried typing
>>>>>>>>> exedra.cat - but i'm 99% confident i
just need to make sure Windows
>>>>>>>>> clients are capable of resolving SRV1 as
192.168.69.203 and then type
>>>>>>>>> SRV1 instead of exedra.cat - but it showed
me the same error so i
>>>>>>>>> added the following records to the
exedra.cat DNS zone (this is the
>>>>>>>>> first time i need to add SRV records to
join the domain):
>>>>>>>>>
>>>>>>>>> _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0
exedra.cat.
>>>>>>>>> _ldap._tcp.dc._msdcs.srv1.exedra.cat SRV 0
0 exedra.cat.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> and by trying to join exedra.cat instead of
SRV1 i get:
>>>>>>>>> Note: This information is intended for a
network administrator. If
>>>>>>>>> you are not your network's
administrator, notify the administrator
>>>>>>>>> that you received this information, which
has been recorded in the
>>>>>>>>> file C:\Windows\debug\dcdiag.txt.
>>>>>>>>>
>>>>>>>>> DNS was successfully queried for the
service location (SRV) resource
>>>>>>>>> record used to locate a domain controller
for domain "exedra.cat":
>>>>>>>>>
>>>>>>>>> The query was for the SRV record for
_ldap._tcp.dc._msdcs.exedra.cat
>>>>>>>>>
>>>>>>>>> The following domain controllers were
identified by the query:
>>>>>>>>> srv1.exedra.cat
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> However no domain controllers could be
contacted.
>>>>>>>>>
>>>>>>>>> Common causes of this error include:
>>>>>>>>>
>>>>>>>>> - Host (A) or (AAAA) records that map the
names of the domain
>>>>>>>>> controllers to their IP addresses are
missing or contain incorrect
>>>>>>>>> addresses.
>>>>>>>>>
>>>>>>>>> - Domain controllers registered in DNS are
not connected to the
>>>>>>>>> network or are not running.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Note the following resolutions:
>>>>>>>>> ~ host -t SRV
_ldap._tcp.dc._msdcs.exedra.cat
>>>>>>>>> _ldap._tcp.dc._msdcs.exedra.cat has SRV
record 0 0 389
>>>>>>>>> srv1.exedra.cat.
>>>>>>>>>
>>>>>>>>> ~ host -t SRV
_ldap._tcp.dc._msdcs.srv1.exedra.cat
>>>>>>>>> _ldap._tcp.dc._msdcs.srv1.exedra.cat has
SRV record 0 0 389
>>>>>>>>> srv1.exedra.cat.
>>>>>>>>>
>>>>>>>>> ~ host -t A srv1.exedra.cat
>>>>>>>>> srv1.exedra.cat has address 192.168.69.203
>>>>>>>>>
>>>>>>>>> ~ host -t A exedra.cat
>>>>>>>>> exedra.cat has address 66.96.147.160
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The thing is i'm 99% sure i used to
join the domain by supplying SRV1
>>>>>>>>> string on "member of domain"
input but now it looks like Windows
>>>>>>>>> clients are not able to resolve SRV1 to
192.168.69.203 which is the
>>>>>>>>> ubuntu machine which hosts the samba+ldap
PDC.
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Denis Cardon
>>>>>>>> Tranquil IT Systems
>>>>>>>> Les Espaces Jules Verne, bâtiment A
>>>>>>>> 12 avenue Jules Verne
>>>>>>>> 44230 Saint Sébastien sur Loire
>>>>>>>> tel : +33 (0) 2.40.97.57.55
>>>>>>>> http://www.tranquil-it-systems.fr
>>>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and
read the
>>>>> instructions:
https://lists.samba.org/mailman/options/samba
>>>
Pau Peris
2016-May-20 21:31 UTC
[Samba] Suddenly Windows clients can't join Samba+ldap PDC anymore
Hi, thanks a lot for your reply. Yes, i enabled wins through "wins support = yes", i also enabled lmhosts lookup and wins on all clients but will check it as you proposed. Tomorrow will try to disable ipv6 on Windows clients following this link https://support.microsoft.com/en-us/kb/929852 Which process did you follow to disable IPV6? I'm also wondering if it's really necessary to setup the Windows client to use only 192.168.69.203 as DNS server, which is the IP address of the PDC server. On Fri, May 20, 2016 at 10:45 PM, Gaiseric Vandal <gaiseric.vandal at gmail.com> wrote:> Are you running a wins server (maybe you already mentioned this.) That > tends to help minimize some classic samba issues. > > On my PDC > > root at mypdc:~# testparm -v | more > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384) > Processing section "[netlogon]" > WARNING: The "share modes" option is deprecated > Processing section "[config]" > WARNING: The "share modes" option is deprecated > Processing section "[printers]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > [global] > dos charset = CP850 > unix charset = UTF8 > display charset = UTF8 > workgroup = MYDOMAIN > realm > netbios name = MYPDC > netbios aliases > netbios scope > server string = mypdc > interfaces > bind interfaces only = No > security = USER > ... > smb ports = 445 139 > ... > wins server > wins support = Yes > > > > > Make sure that on the windows clients, "ipconfig /all" shows a wins server. > Also make sure that you have NOT disable netbios-over-tcpip. THis is > enabled by default on Windows 7. I don't think it is disabled on Windows 10 > by default. > > > > I ran into an issue this week where, even tho I don't use Ipv6, some windows > machines were attempting to resolve names via invalid DNS servers specified > in ipv6 settings. > > > > On 05/20/16 16:06, Pau Peris wrote: > > Excuse me for the little flood please, i've just checked it again and > now i see SRV1 as master for exedra.cat workgroup, i event can see in > the logs Samba name server SRV1 is now a local master browser for > workgroup EXEDRA.CAT on subnet 192.168.69.203 > > So i'll keep digging on how to fix the issue exposed on my first > email, tomorrow i'll try to see wether it's an IPV6 issue or not. > > On Fri, May 20, 2016 at 9:59 PM, Pau Peris <pau at webeloping.es> wrote: > > Right now i'm out of the office and i have no way to remotely work > with the Windows machines so i've been upgrading the server to Ubuntu > 16.04. Everything seems to be working as before but i'm wondering why > right now the Master value is blank for Workgroup exedra.cat Any idea? > > # smbclient -L localhost > WARNING: The "syslog" option is deprecated > Enter root's password: > Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] > > Sharename Type Comment > --------- ---- ------- > Dropbox Disk Dropbox content > public Disk Public Share > print$ Disk Printer Drivers Download Area > IPC$ IPC IPC Service (exedra.cat) > root Disk Home Directories > PLOTTER Printer PLOTTER > OfficeJetK850 Printer HP Officejet Pro K850 > HPDesignJet500 Printer HPDesignJet500 > RICOH Printer RICOH Aficio MP C2500 > Domain=[EXEDRA.CAT] OS=[Windows 6.1] Server=[Samba 4.3.9-Ubuntu] > > Server Comment > --------- ------- > SRV1 exedra.cat > > Workgroup Master > --------- ------- > EXEDRA.CAT > > On Fri, May 20, 2016 at 7:40 PM, Gaiseric Vandal > <gaiseric.vandal at gmail.com> wrote: > > You should be able to unbind ipv6 for the win 10 machine's network > interface. > > > > does "nslookup SRV1" work? > > > Also, you may want to try running tcpdump or ethereal or wireshark on our > PDC and see what traffic is captres. > > > On 05/20/16 13:24, Pau Peris wrote: > > I'm completely lost as i can ping SRV1 without issues but i'm starting > to think that maybe Windows tries to join the domain through IPV6. > ping -c6 SRV1 from this Windows 10 machine leads to host not found so > i'm working on this direction right now. > > Any help will be really appreciated > > On Fri, May 20, 2016 at 5:04 PM, Gaiseric Vandal > <gaiseric.vandal at gmail.com> wrote: > > I was trying to fix a problem on Windows 10 with Outlook 2013. Also > running an NT4-style domain. The machine had already been joined to > the > domain and outlook had been working but recently not (probably after > patch > tuesday.) I also had had problems with Win 10 mail and RDP. > I > came across the following link. > > > > *http://superuser.com/questions/1019862/how-to-connect-windows-10-joined-to-samba-to-a-microsoft-account* > > > > "Open the registry editor (regedit.exe), navigate to > > |HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb| > and add a new DWORD subkey |ProtectionPolicy| with the value |1|." > > > > > Seemed to fix my e-mail and RDP issues. I don't know if I would have > been > unable to join the domain , since the machine was already joined. > > > > > > > On 05/20/16 10:29, Pau Peris wrote: > > Hi, > > i've tried adding server max protocol = NT1 into /etc/samba/smb.conf > and restarting smbd and nmbd services but it didn't do the trick. > > I feel like Windows clients are not able to resolve SRV1 into the PDC > and so they can't event try to join the domain. > > On Fri, May 20, 2016 at 4:22 PM, Pau Peris <pau at webeloping.es> wrote: > > Hi, > > thanks a lot for the tips. I already did the first one, importing the > following into the registry: > > Windows Registry Editor Version 5.00 > > > > [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] > > "DomainCompatibilityMode"=dword:00000001 > "DNSNameResolutionRequired"=dword:00000000 > > I didn't do the second tip but it looks like it's not needed for > Windows 7 OS and i also had the same issue on a Windows 7 VMWare > machine. I'm going to try it and see what happens. > > Thank u! > > On Fri, May 20, 2016 at 3:07 PM, Denis Cardon > <denis.cardon at tranquil-it-systems.fr> wrote: > > Hi Peris, > > some years ago i configured a `Primary Domain Controller` through > Samba and LDAP (slapd) on an Ubuntu machine (13.10) at 192.168.69.203 > which should be accessible by the string/name `SRV1`. I must note i > did not installed winbind. I've never had any issue and it looks like > it's working fine as about 10 Windows machines joined the PDC and > Windows users can login against PDC on daily basis. > > The method i always used to join the domain throgh Windows clients > was > right clicking on computer -> properties -> advanced system settings > -> computer name -> change -> member of domain; and typing SRV1 in > the > input. > > But today i tried to join a Windows 10 Professional machine (i even > tried on a virtualized Windows 7 Profesisonal and suffered the same > issue) to the PDC and i'm always getting this error: > > Did you make the required registry modification on the Windows > clients? > > > https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains > > For Windows 10, you'll also need to limit SMB protocol to version 1 : > > > > https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_are_currently_no_logon_servers_available_to_service_the_logon_request. > > Cheers, > > Denis > > > > Note: This information is intended for a network administrator. If > you are not your network’s administrator, notify the administrator > that you received this information, which has been recorded in the > file C:\Windows\debug\dcdiag.txt. > > The following error occurred when DNS was queried for the service > location (SRV) resource record used to locate an Active Directory > Domain Controller for domain SRV1: > The error was: “DNS name does not exist.” > > (error code 0x0000232B RCODE_NAME_ERROR) > The query was for the SRV record for _ldap._tcp.dc._msdcs.SRV1 > Common causes of this error include the following: > > - The DNS SRV records required to locate a AD DC for the domain are > not registered in DNS. These records are registered with a DNS server > automatically when a AD DC is added to a domain. They are updated by > the AD DC at set intervals. This computer is configured to use DNS > servers with the following > > IP addresses: > x.y.w.z > > - One or more of the following zones do not include delegation to its > child zone: > SRV1 > . (the root zone) > For information about correcting this problem, click Help. > > > As you can see it looks like it's not possible to reach the PDC > service > at > SRV1. > > The above error happens when i try to join the PDC by right clicking > on computer -> properties -> advanced system settings -> computer > name > -> change -> member of domain; and typing SRV1 in the input. > > I also can ping SRV1 and it replies fine: > C:\Users\admin>ping SRV1 > Haciendo ping a SRV1 [192.168.69.203] con 32 bytes de datos: > Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 > Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 > Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 > Respuesta desde 192.168.69.203: bytes=32 tiempo<1m TTL=64 > > > I can even run win+r and type \\SRV1 press enter and it asks for a > LDAP user and password and then it show the right resources according > to the user rights. > > I already tried to adding in 192.168.69.203 SRV1 in > C:\Windows\System32\drivers\etc\hosts but it didn't help. > > The Windows client IP rtying to join the PDC is 192.168.69.49 so if i > `tailf /var/log/samba/log.nmbd` while trying to join the PDC i can > see: > [2016/05/20 11:50:50, 3] > nmbd/nmbd_incomingrequests.c:456(process_name_query_request) > process_name_query_request: Name query from 192.168.69.52 on > subnet > 192.168.69.203 for name SRV1<20> > [2016/05/20 11:50:50, 3] > nmbd/nmbd_incomingrequests.c:571(process_name_query_request) > OK > [2016/05/20 11:50:54, 3] > nmbd/nmbd_incomingrequests.c:456(process_name_query_request) > process_name_query_request: Name query from 192.168.69.49 on > subnet > 192.168.69.203 for name SRV1<1c> > > Reading this doc https://support.microsoft.com/en-us/kb/163409 i see > Netbios type 20 means File Server Service and Netbios type 1c means > Domain Controllers but i doubt the latter is fine as i don't see the > Ok response and the doc say <domain> instead of <computername>: > > Name Number(h) Type Usage > > > -------------------------------------------------------------------------- > <computername> 20 U File Server Service > <domain> 1C G Domain Controllers > > > This is the wins.dat file generated automatically by samba `cat > /var/lib/samba/wins.dat`: > VERSION 1 0 > "EXEDRA72#20" 1464037217 192.168.69.58 64R > "EXEDRA.CAT#1c" 1463997523 192.168.69.203 e4R > "EXEDRA.CAT#1e" 1463997523 0.0.0.0 e4R > "EXEDRA72#00" 1464037217 192.168.69.58 64R > "SRV1#03" 1463997523 192.168.69.203 66R > "SRV1#20" 1463997523 192.168.69.203 66R > "SRV1#00" 1463997523 192.168.69.203 66R > "EXEDRA.CAT#1b" 1463997523 192.168.69.203 64R > "EXEDRA.CAT#00" 1463997523 0.0.0.0 e4R > > > This is the output of `cat /etc/hosts`: > # cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain srv1.exedra.cat srv1 > exedra.dyndns.org exedra.cat > 127.0.1.1 localhost localhost.localdomain srv1.exedra.cat srv1 > exedra.dyndns.org exedra.cat > 192.168.69.203 localhost localhost.localdomain srv1.exedra.cat srv1 > exedra.dyndns.org exedra.cat > # The following lines are desirable for IPv6 capable hosts > ::1 ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > > output of resolv.conf `cat /etc/resolv.conf`:> > domain exedra.cat > search exedra.cat > nameserver 80.58.61.250 > nameserver 80.58.61.254 > > > hostname output `cat /etc/hostname`: srv1.exedra.cat > > > Here i post the output of `testparm -v` > https://gist.github.com/sibok/2e5ec48bc4030e64984d4ed1cbebad1f > > This is the output of running `smbclient -L localhost` ont the > server > (192.168.69.203): > smbclient -L localhost > Enter root's password: > Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18] > > Sharename Type Comment > --------- ---- ------- > IPC$ IPC IPC Service (exedra.cat) > print$ Disk Printer Drivers Download Area > public Disk Public Share > Dropbox Disk Dropbox content > PLOTTER Printer PLOTTER > OfficeJetK850 Printer HP Officejet Pro K850 > HPDesignJet500 Printer HPDesignJet500 > RICOH Printer RICOH Aficio MP C2500 > root Disk Home Directories > Domain=[EXEDRA.CAT] OS=[Unix] Server=[Samba 3.6.18] > > Server Comment > --------- ------- > EXEDRA101 exedra101 > SRV1 exedra.cat > > Workgroup Master > --------- ------- > EXEDRA.CAT SRV1 > > > > As the last time i try adding a machine it was about a year ago i > thought i might be wrong when typing SRV1 and instead i tried typing > exedra.cat - but i'm 99% confident i just need to make sure Windows > clients are capable of resolving SRV1 as 192.168.69.203 and then type > SRV1 instead of exedra.cat - but it showed me the same error so i > added the following records to the exedra.cat DNS zone (this is the > first time i need to add SRV records to join the domain): > > _ldap._tcp.dc._msdcs.exedra.cat SRV 0 0 exedra.cat. > _ldap._tcp.dc._msdcs.srv1.exedra.cat SRV 0 0 exedra.cat. > > > and by trying to join exedra.cat instead of SRV1 i get: > Note: This information is intended for a network administrator. If > you are not your network's administrator, notify the administrator > that you received this information, which has been recorded in the > file C:\Windows\debug\dcdiag.txt. > > DNS was successfully queried for the service location (SRV) resource > record used to locate a domain controller for domain "exedra.cat": > > The query was for the SRV record for _ldap._tcp.dc._msdcs.exedra.cat > > The following domain controllers were identified by the query: > srv1.exedra.cat > > > However no domain controllers could be contacted. > > Common causes of this error include: > > - Host (A) or (AAAA) records that map the names of the domain > controllers to their IP addresses are missing or contain incorrect > addresses. > > - Domain controllers registered in DNS are not connected to the > network or are not running. > > > Note the following resolutions: > ~ host -t SRV _ldap._tcp.dc._msdcs.exedra.cat > _ldap._tcp.dc._msdcs.exedra.cat has SRV record 0 0 389 > srv1.exedra.cat. > > ~ host -t SRV _ldap._tcp.dc._msdcs.srv1.exedra.cat > _ldap._tcp.dc._msdcs.srv1.exedra.cat has SRV record 0 0 389 > srv1.exedra.cat. > > ~ host -t A srv1.exedra.cat > srv1.exedra.cat has address 192.168.69.203 > > ~ host -t A exedra.cat > exedra.cat has address 66.96.147.160 > > > The thing is i'm 99% sure i used to join the domain by supplying SRV1 > string on "member of domain" input but now it looks like Windows > clients are not able to resolve SRV1 to 192.168.69.203 which is the > ubuntu machine which hosts the samba+ldap PDC. > > -- > Denis Cardon > Tranquil IT Systems > Les Espaces Jules Verne, bâtiment A > 12 avenue Jules Verne > 44230 Saint Sébastien sur Loire > tel : +33 (0) 2.40.97.57.55 > http://www.tranquil-it-systems.fr > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Reasonably Related Threads
- Suddenly Windows clients can't join Samba+ldap PDC anymore
- Suddenly Windows clients can't join Samba+ldap PDC anymore
- Suddenly Windows clients can't join Samba+ldap PDC anymore
- Suddenly Windows clients can't join Samba+ldap PDC anymore
- Suddenly Windows clients can't join Samba+ldap PDC anymore