samba - Dec 2016 - Samba AD - "No logon servers available"

Hi guys,

I've migrated from Samba NT4 to Samba AD, joined other Windows DC's to
the domain and then demoted my Samba DC.

I am not being able to login from client computers with the error stated on the
subject. I've tried everything, from making sure replication is OK, client
DNS configuration also. Registry modifications from prior Samba NT4 domain were
reverted in the client.

Are there any hints on what to do next?

Thank you!

Cheers,

Bruno

Hello Bruno,

Am 29.12.2016 um 17:01 schrieb Bruno Miguel Martins via
samba:
> I've migrated from Samba NT4 to Samba AD, joined other Windows
> DC's to the domain and then demoted my Samba DC.
> 
> I am not being able to login from client computers with the
> error stated on the subject. I've tried everything, from making
> sure replication is OK, client DNS configuration also.
> Registry modifications from prior Samba NT4 domain were
> reverted in the client.
> 
> Are there any hints on what to do next?
You're only having Windows DCs left?

May I ask why you migrated from Samba AD to Windows?

It sounds like the _ldap DNS record is missing, Windows uses to locate
the DC. Can you please verify that all required _ldap/_kerberos records
exist in the correct zones. For some examples, see:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Verifying_DNS
or because you are no longer a Samba user: ;-)
https://technet.microsoft.com/en-us/library/cc961719.aspx

If all required records exist and logging in still fails, I continue
guessing that it is DNS related:
- At least one of the Windows DCs runs a DNS server?
- The clients are using the DNS on the Windows DC?
  Test by running on a client
  > ping Short_DC_Name

Regards,
Marc

On Thu, 29 Dec 2016 16:01:22 +0000
Bruno Miguel Martins via samba <samba at lists.samba.org> wrote:
> Hi guys,
> 
> I've migrated from Samba NT4 to Samba AD, joined other Windows DC's
> to the domain and then demoted my Samba DC.
> 
> I am not being able to login from client computers with the error
> stated on the subject. I've tried everything, from making sure
> replication is OK, client DNS configuration also. Registry
> modifications from prior Samba NT4 domain were reverted in the client.
> 
> Are there any hints on what to do next?
> 
> Thank you!
> 
> Cheers,
> 
> Bruno
> 
> 
What version of Samba ?
What OS ?
What version(s) are the windows DCs
What version is the client

Rowland

On Thu, 29 Dec 2016 17:21:19 +0100
Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
> Hello Bruno,
> 
> Am 29.12.2016 um 17:01 schrieb Bruno Miguel Martins via samba:
> > I've migrated from Samba NT4 to Samba AD, joined other Windows
> > DC's to the domain and then demoted my Samba DC.
> > 
> > I am not being able to login from client computers with the
> > error stated on the subject. I've tried everything, from making
> > sure replication is OK, client DNS configuration also.
> > Registry modifications from prior Samba NT4 domain were
> > reverted in the client.
> > 
> > Are there any hints on what to do next?
> 
> You're only having Windows DCs left?
> 
> May I ask why you migrated from Samba AD to Windows?
> 
> It sounds like the _ldap DNS record is missing, Windows uses to locate
> the DC. Can you please verify that all required _ldap/_kerberos
> records exist in the correct zones. For some examples, see:
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Verifying_DNS
> or because you are no longer a Samba user: ;-)
> https://technet.microsoft.com/en-us/library/cc961719.aspx
> 
> If all required records exist and logging in still fails, I continue
> guessing that it is DNS related:
> - At least one of the Windows DCs runs a DNS server?
> - The clients are using the DNS on the Windows DC?
>   Test by running on a client
>   > ping Short_DC_Name
> 
> Regards,
> Marc
> 
I mis-read that, I thought he had removed the old NT4-style PDC, but if
he now has (as Marc thinks) no Samba DCs and is only using windows DCs,
I fail to see how this can be a Samba problem or how it can be fixed
from Samba, or am I missing something ?

Rowland

Marc Muehlfeld via samba wrote:
> Hello Bruno,
>
> Am 29.12.2016 um 17:01 schrieb Bruno Miguel Martins via samba:
>   
>> I've migrated from Samba NT4 to Samba AD, joined other Windows
>> DC's to the domain and then demoted my Samba DC.
>>
>> I am not being able to login from client computers with the
>> error stated on the subject. I've tried everything, from making
>> sure replication is OK, client DNS configuration also.
>> Registry modifications from prior Samba NT4 domain were
>> reverted in the client.
>>
>> Are there any hints on what to do next?
>>     
>
> You're only having Windows DCs left?
>   
----
    That might be the case -- but they seemed to have been there
before.  What seems to be the case is that he replaced his old
Samba NT4-DC with Samba AD.  The windows DC's seemed to join to
the Samba AD "ok", but "clients" (win or lin, or whatever)
are
complaining about not being able to find any login servers.

    *AT least*, that's how I read it.  Sounds like the
WinDC's might have served as login servers under the Samba-NT4-DC,
but that's no longer working w/the new Samba AD.

    I don't think he's replacing any Samba machines w/Win machines
from what I read, but then I could be totally misreading it --
I have before! ;-)

> May I ask why you migrated from Samba AD to Windows?
>   
---
    Not sure that's what he did...but maybe he'll clarify?...

Hello Marc,

Yeah, only Windows DC's left. Customer wanted this way.

I can resolve all those records using nslookup. However, when pointing clients
to the new DNS server, they just don't "re-map" to new domain
controllers. New client PC's domain join work OK.

Cheers,

-----Original Message-----
From: Marc Muehlfeld [mailto:mmuehlfeld at samba.org] 
Sent: 29 de dezembro de 2016 16:21
To: Bruno Miguel Martins <bruno.miguel.martins at iten.pt>; samba at
lists.samba.org
Subject: Re: [Samba] Samba AD - "No logon servers available"

Hello Bruno,

Am 29.12.2016 um 17:01 schrieb Bruno Miguel Martins via
samba:
> I've migrated from Samba NT4 to Samba AD, joined other Windows DC's
to
> the domain and then demoted my Samba DC.
> 
> I am not being able to login from client computers with the error 
> stated on the subject. I've tried everything, from making sure 
> replication is OK, client DNS configuration also.
> Registry modifications from prior Samba NT4 domain were reverted in 
> the client.
> 
> Are there any hints on what to do next?
You're only having Windows DCs left?

May I ask why you migrated from Samba AD to Windows?

It sounds like the _ldap DNS record is missing, Windows uses to locate the DC.
Can you please verify that all required _ldap/_kerberos records exist in the
correct zones. For some examples, see:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Verifying_DNS
or because you are no longer a Samba user: ;-)
https://technet.microsoft.com/en-us/library/cc961719.aspx

If all required records exist and logging in still fails, I continue guessing
that it is DNS related:
- At least one of the Windows DCs runs a DNS server?
- The clients are using the DNS on the Windows DC?
  Test by running on a client
  > ping Short_DC_Name

Regards,
Marc

Hi Rowland,

Samba server was demoted, but it was 4.5.x. Latest one from Ubuntu 16.04 repos.

Windows DC's are 2012 R2 and clients vary from 7 to 10, still same problem.

Thanks!

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
via samba
Sent: 29 de dezembro de 2016 16:25
To: samba at lists.samba.org
Subject: Re: [Samba] Samba AD - "No logon servers available"

On Thu, 29 Dec 2016 16:01:22 +0000
Bruno Miguel Martins via samba <samba at lists.samba.org> wrote:
> Hi guys,
> 
> I've migrated from Samba NT4 to Samba AD, joined other Windows DC's
to
> the domain and then demoted my Samba DC.
> 
> I am not being able to login from client computers with the error 
> stated on the subject. I've tried everything, from making sure 
> replication is OK, client DNS configuration also. Registry 
> modifications from prior Samba NT4 domain were reverted in the client.
> 
> Are there any hints on what to do next?
> 
> Thank you!
> 
> Cheers,
> 
> Bruno
> 
> 
What version of Samba ?
What OS ?
What version(s) are the windows DCs
What version is the client

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba