Rowland Penny
2024-Jun-09 08:13 UTC
[Samba] Member server: Failed to join domain: failed to find DC for
On Sat, 8 Jun 2024 18:07:55 +0100 Luis Peromarta <lperoma at icloud.com> wrote:> > LP > On Jun 8, 2024 at 17:56 +0100, samba at lists.samba.org > <samba at lists.samba.org>, wrote: > > > > I have never run those commands like that, I normally run 'net ads > > join -Uadministrator' or 'net ads leave -Uadministrator', I have > > never specified the domain. > > I did specify domain out of frustration I think. More test as per > your inputs: (net ads join fails) > > > root at member:~# net ads join domain -Uadministrator > Password for [MAD\administrator]: > Failed to join domain: failed to find DC for domain domain - A domain > controller for this domain was not found. > > root at member:~# samba-tool domain join mad.mater.int MEMBER > -Uadministrator WARNING: Using passwords on command line is insecure. > Installing the setproctitle python module will hide these from > shortly after program start. Password for [MAD\administrator]: DNS > Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED DNS > update failed: NT_STATUS_UNSUCCESSFUL Joined domain mad.mater.int > (S-1-5-21-2152908145-95474353-1514027631) > > > I leave domain again and then: (don?t specify MEMBER seems to work) > > root at member:~# samba-tool domain join mad.mater.int -Uadministrator > WARNING: Using passwords on command line is insecure. Installing the > setproctitle python module will hide these from shortly after program > start. Password for [MAD\administrator]: DNS Update for > member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED DNS update > failed: NT_STATUS_UNSUCCESSFUL Joined domain mad.mater.int > (S-1-5-21-2152908145-95474353-1514027631) > > >This all sounds dns related, can you post the contents of these files: /etc/hostname /etc/hosts /etc/resolv.conf /etc/krb5.conf What OS is this ? Rowland
Luis Peromarta
2024-Jun-09 09:20 UTC
[Samba] Member server: Failed to join domain: failed to find DC for
Agree. But I don?t think it is. See: root at member:/# cat /etc/hostname member root at member:/# cat /etc/hosts 127.0.0.1 localhost 192.168.3.1 member.mad.mater.int member root at member:/# cat /etc/resolv.conf search mad.mater.int nameserver 192.168.0.12 -> DC1 nameserver 192.168.0.13 -> DC2 nameserver 192.168.0.14 -> DC3 nameserver 192.168.0.62 -> DC4 root at member:/# cat /etc/krb5.conf [libdefaults] ?default_realm = MAD.MATER.INT ?dns_lookup_realm = false ?dns_lookup_kdc = true root at member:/# cat /etc/samba/smb.conf # Global parameters [global] ?security = ADS ?workgroup = MAD ?realm = MAD.MATER.INT ?netbios name = MEMBER ?server role = member server ?log file = /var/log/samba/%m.log # Disable Netbios ?disable netbios = yes # Enforce minimum protolo SMB3 # server min protocol = SMB3 # To enable Group Policy application in winbind, ?apply group policies = yes # Default ID mapping configuration for local BUILTIN accounts ?idmap config * : backend = tdb ?idmap config * : range = 3000-7999 # idmap config for the MAD domain ?idmap config MAD : backend = ad ?idmap config MAD : schema_mode = rfc2307 ?idmap config MAD : range = 10000-999999 ?idmap config MAD : unix_nss_info = yes # Read AD unix attributes to allow ssh login to server: # winbind nss info = rfc2307 # winbind config: ?winbind use default domain = yes # renew the kerberos ticket ?winbind refresh tickets = yes ?dedicated keytab file = /etc/krb5.keytab ?kerberos method = secrets and keytab # Map Administrator to root # username map = /etc/samba/user.map # min domain uid = 0 # To configure shares using extended access control lists (ACL) ?vfs objects = acl_xattr # map acl inherit = yes ?acl_xattr:ignore system acls = yes [test] ?hide unreadable = Yes ?path = /test ?read only = No root at member:/# host -t SRV _ldap._tcp.mad.mater.int _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int. root at member:/# host -t SRV _ldap._tcp.mad.mater.int _ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int. _ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int. root at member:/# host -t SRV _kerberos._udp.mad.mater.int _kerberos._udp.mad.mater.int has SRV record 0 100 88 bwing.mad.mater.int. _kerberos._udp.mad.mater.int has SRV record 0 100 88 awing.mad.mater.int. _kerberos._udp.mad.mater.int has SRV record 0 100 88 dwing.mad.mater.int. _kerberos._udp.mad.mater.int has SRV record 0 100 88 cwing.mad.mater.int. Tried again: root at member:/# net ads leave domain -Uadministrator Password for [MAD\administrator]: Deleted account for 'MEMBER' in realm 'MAD.MATER.INT' root at member:/# net ads join domain -Uadministrator Password for [MAD\administrator]: Failed to join domain: failed to find DC for domain domain - A domain controller for this domain was not found. root at member:/# samba-tool domain join MEMBER -Uadministrator WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start. Password for [MAD\administrator]: ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain MAD - The request is not supported.') ?File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 285, in _run ?return self.run(*args, **kwargs) ?^^^^^^^^^^^^^^^^^^^^^^^^^ ?File "/usr/lib/python3/dist-packages/samba/netcmd/domain/join.py", line 121, in run ?(sid, domain_name) = s3_net.join_member(netbios_name, root at member:/# samba-tool domain join mad.mater.int MEMBER -Uadministrator WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start. Password for [MAD\administrator]: DNS Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL Joined domain mad.mater.int (S-1-5-21-2152908145-95474353-1514027631) I am a bit lost to be honest. LP On Jun 9, 2024 at 09:13 +0100, samba at lists.samba.org <samba at lists.samba.org>, wrote:> > This all sounds dns related, can you post the contents of these files: > > /etc/hostname > /etc/hosts > /etc/resolv.conf > /etc/krb5.conf > > What OS is this ? > > Rowland
Reasonably Related Threads
- Member server: Failed to join domain: failed to find DC for
- Member server: Failed to join domain: failed to find DC for
- Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
- Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)
- Unable to "rejoin" existing DC after upgrade (infamous WERR_FILE_NOT_FOUND)