lists at zxt10d.de
2024-Jan-04 12:28 UTC
[Samba] Fresh ad installation - Win2022 can't join
Am 04.01.2024 um 12:36 schrieb Rowland Penny via samba:> On Thu, 4 Jan 2024 12:12:57 +0100 > lists--- via samba <samba at lists.samba.org> wrote: > >> Am 04.01.2024 um 11:55 schrieb Rowland Penny via samba: >>> On Thu, 4 Jan 2024 11:19:17 +0100 >>> lists--- via samba <samba at lists.samba.org> wrote: >>> >>>> Am 04.01.2024 um 10:37 schrieb Rowland Penny via samba: >>> >>>>> Lets start with the obvious, does the record exist, running the >>>>> following command should produce a record for every DC: >>>>> >>>>> host -t SRV _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>> >>>> root at dc:/home/torsten# host -t SRV >>>> _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>> _ldap._tcp.dc._msdcs.augusta.domain.tld has SRV record 0 100 389 >>>> dc.augusta.domain.tld. >>> >>> That shows the 'missing' record does exist. >>> >>>> >>>>> How are you trying to join the 2022 machine ? As a DC or a domain >>>>> member ? >>>> >>>> As a domain member >>> >>> Then it should work. >>> >>>> >>>>> The Latter should work, but there is this bug report: >>>>> >>>>> https://bugzilla.samba.org/show_bug.cgi?id=15495 >>>> >>>> But its a bug report regarding "joining a *nix machine to an >>>> existing MS-based AD", isn't it? >>>> >>> >>> That doesn't preclude it also not working in the reverse direction. >>> >>> The problem seems to be that the Windows server cannot find a record >>> that you have now proved exists, so is the windows server using the >>> DC as its nameserver ? >> >> Yes. The first nameserver is the ip-address of the samba-ad-dc, the >> second is the routers ip-address. > > I would remove the routers IP. > > Are you trying to join using Administrator ?Yes!> I take it you are trying to join using the GUI, perhaps using > powershell might work, see here: > > https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer?view=powershell-5.1I'll test that later ... thanks a lot ;)> You could then specify which DC to use during the join. > > RowlandCheers, Torsten
lists at zxt10d.de
2024-Jan-04 19:17 UTC
[Samba] Fresh ad installation - Win2022 can't join
Am 04.01.2024 um 13:28 schrieb lists--- via samba:> Am 04.01.2024 um 12:36 schrieb Rowland Penny via samba: >> On Thu, 4 Jan 2024 12:12:57 +0100 >> lists--- via samba <samba at lists.samba.org> wrote: >> >>> Am 04.01.2024 um 11:55 schrieb Rowland Penny via samba: >>>> On Thu, 4 Jan 2024 11:19:17 +0100 >>>> lists--- via samba <samba at lists.samba.org> wrote: >>>> >>>>> Am 04.01.2024 um 10:37 schrieb Rowland Penny via samba: >>>> >>>>>> Lets start with the obvious, does the record exist, running the >>>>>> following command should produce a record for every DC: >>>>>> >>>>>> host -t SRV _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>> >>>>> root at dc:/home/torsten# host -t SRV >>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld. >>>>> _ldap._tcp.dc._msdcs.augusta.domain.tld has SRV record 0 100 389 >>>>> dc.augusta.domain.tld. >>>> >>>> That shows the 'missing' record does exist. >>>> >>>>> >>>>>> How are you trying to join the 2022 machine ? As a DC or a domain >>>>>> member ? >>>>> >>>>> As a domain member >>>> >>>> Then it should work. >>>> >>>>> >>>>>> The Latter should work, but there is this bug report: >>>>>> >>>>>> https://bugzilla.samba.org/show_bug.cgi?id=15495 >>>>> >>>>> But its a bug report regarding "joining a *nix machine to an >>>>> existing MS-based AD", isn't it? >>>>> >>>> >>>> That doesn't preclude it also not working in the reverse direction. >>>> >>>> The problem seems to be that the Windows server cannot find a record >>>> that you have now proved exists, so is the windows server using the >>>> DC as its nameserver ? >>> >>> Yes. The first nameserver is the ip-address of the samba-ad-dc, the >>> second is the routers ip-address. >> >> I would remove the routers IP. >> >> Are you trying to join using Administrator ? > > Yes! > >> I take it you are trying to join using the GUI, perhaps using >> powershell might work, see here: >> >> https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/add-computer?view=powershell-5.1 > > I'll test that later ... thanks a lot ;) > >> You could then specify which DC to use during the join. >> >> Rowland > > Cheers, > TorstenThat does not work, too ... PS C:\Users\Administrator> Add-Computer -ComputerName PCNAME -DomainName augusta.domain.tld -Server DC -Credential augusta.domain.tld\Administrator -PassThru -Verbose AUSF?HRLICH: Ausf?hren des Vorgangs "Dom?ne "augusta.domain.tld\DC" beitreten" f?r das Ziel "PCNAME". Add-Computer : Fehler beim Beitreten des Computers "PCNAME" aus seiner aktuellen Arbeitsgruppe "BOX" zur Dom?ne "augusta.domain.tld\DC". Fehlermeldung: Der angegebene Server kann den angeforderten Vorgang nicht ausf?hren. In Zeile:1 Zeichen:1 + Add-Computer -ComputerName PCNAME -DomainName augusta.domain.tld ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (PCNAME:String) [Add-Computer], InvalidOperationException + FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand HasSucceeded ComputerName ------------ ------------ False NAME PS C:\Users\Administrator> The NAME has 4 letters and 2 number, domain has 3 letters, a - and some more letters, tld is de ... so there aren't any strange things in it ... Cheers, Torsten