samba - Jun 2024 - Member server: Failed to join domain: failed to find DC for

On Sat, 8 Jun 2024 18:07:55 +0100
Luis Peromarta <lperoma at icloud.com> wrote:
> 
> LP
> On Jun 8, 2024 at 17:56 +0100, samba at lists.samba.org
> <samba at lists.samba.org>, wrote:
> >
> > I have never run those commands like that, I normally run 'net ads
> > join -Uadministrator' or 'net ads leave -Uadministrator',
I have
> > never specified the domain.
> 
> I did specify domain out of frustration I think. More test as per
> your inputs: (net ads join fails)
> 
> 
> root at member:~# net ads join domain -Uadministrator
> Password for [MAD\administrator]:
> Failed to join domain: failed to find DC for domain domain - A domain
> controller for this domain was not found.
> 
> root at member:~# samba-tool domain join mad.mater.int MEMBER
> -Uadministrator WARNING: Using passwords on command line is insecure.
> Installing the setproctitle python module will hide these from
> shortly after program start. Password for [MAD\administrator]: DNS
> Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED DNS
> update failed: NT_STATUS_UNSUCCESSFUL Joined domain mad.mater.int
> (S-1-5-21-2152908145-95474353-1514027631)
> 
> 
> I leave domain again and then: (don?t specify MEMBER seems to work)
> 
> root at member:~# samba-tool domain join mad.mater.int -Uadministrator
> WARNING: Using passwords on command line is insecure. Installing the
> setproctitle python module will hide these from shortly after program
> start. Password for [MAD\administrator]: DNS Update for
> member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED DNS update
> failed: NT_STATUS_UNSUCCESSFUL Joined domain mad.mater.int
> (S-1-5-21-2152908145-95474353-1514027631)
> 
> 
> 
This all sounds dns related, can you post the contents of these files:

/etc/hostname
/etc/hosts
/etc/resolv.conf
/etc/krb5.conf

What OS is this ?

Rowland

Agree.

But I don?t think it is. See:

root at member:/# cat /etc/hostname
member

root at member:/# cat /etc/hosts
127.0.0.1 localhost
192.168.3.1 member.mad.mater.int member

root at member:/# cat /etc/resolv.conf
search mad.mater.int
nameserver 192.168.0.12 -> DC1
nameserver 192.168.0.13 -> DC2
nameserver 192.168.0.14 -> DC3
nameserver 192.168.0.62 -> DC4

root at member:/# cat /etc/krb5.conf
[libdefaults]
?default_realm = MAD.MATER.INT
?dns_lookup_realm = false
?dns_lookup_kdc = true


root at member:/# cat /etc/samba/smb.conf
# Global parameters
[global]
?security = ADS
?workgroup = MAD
?realm = MAD.MATER.INT
?netbios name = MEMBER
?server role = member server
?log file = /var/log/samba/%m.log


# Disable Netbios
?disable netbios = yes

# Enforce minimum protolo SMB3
# server min protocol = SMB3

# To enable Group Policy application in winbind,
?apply group policies = yes


# Default ID mapping configuration for local BUILTIN accounts
?idmap config * : backend = tdb
?idmap config * : range = 3000-7999


# idmap config for the MAD domain
?idmap config MAD : backend = ad
?idmap config MAD : schema_mode = rfc2307
?idmap config MAD : range = 10000-999999
?idmap config MAD : unix_nss_info = yes

# Read AD unix attributes to allow ssh login to server:
# winbind nss info = rfc2307


# winbind config:
?winbind use default domain = yes



# renew the kerberos ticket
?winbind refresh tickets = yes
?dedicated keytab file = /etc/krb5.keytab
?kerberos method = secrets and keytab

# Map Administrator to root
# username map = /etc/samba/user.map
# min domain uid = 0


# To configure shares using extended access control lists (ACL)
?vfs objects = acl_xattr
# map acl inherit = yes
?acl_xattr:ignore system acls = yes


[test]
?hide unreadable = Yes
?path = /test
?read only = No



root at member:/# host -t SRV _ldap._tcp.mad.mater.int
_ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.

root at member:/# host -t SRV _ldap._tcp.mad.mater.int
_ldap._tcp.mad.mater.int has SRV record 0 100 389 bwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 awing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 dwing.mad.mater.int.
_ldap._tcp.mad.mater.int has SRV record 0 100 389 cwing.mad.mater.int.

root at member:/# host -t SRV _kerberos._udp.mad.mater.int
_kerberos._udp.mad.mater.int has SRV record 0 100 88 bwing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 awing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 dwing.mad.mater.int.
_kerberos._udp.mad.mater.int has SRV record 0 100 88 cwing.mad.mater.int.


Tried again:

root at member:/# net ads leave domain -Uadministrator
Password for [MAD\administrator]:
Deleted account for 'MEMBER' in realm 'MAD.MATER.INT'

root at member:/# net ads join domain -Uadministrator
Password for [MAD\administrator]:
Failed to join domain: failed to find DC for domain domain - A domain controller
for this domain was not found.

root at member:/# samba-tool domain join MEMBER -Uadministrator
WARNING: Using passwords on command line is insecure. Installing the
setproctitle python module will hide these from shortly after program start.
Password for [MAD\administrator]:
ERROR(runtime): uncaught exception - (2453, 'failed to find DC for domain
MAD - The request is not supported.')
?File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
285, in _run
?return self.run(*args, **kwargs)
?^^^^^^^^^^^^^^^^^^^^^^^^^
?File "/usr/lib/python3/dist-packages/samba/netcmd/domain/join.py",
line 121, in run
?(sid, domain_name) = s3_net.join_member(netbios_name,


root at member:/# samba-tool domain join mad.mater.int MEMBER -Uadministrator
WARNING: Using passwords on command line is insecure. Installing the
setproctitle python module will hide these from shortly after program start.
Password for [MAD\administrator]:
DNS Update for member.mad.mater.int failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
Joined domain mad.mater.int (S-1-5-21-2152908145-95474353-1514027631)


I am a bit lost to be honest.

LP
On Jun 9, 2024 at 09:13 +0100, samba at lists.samba.org <samba at
lists.samba.org>, wrote:
>
> This all sounds dns related, can you post the contents of these files:
>
> /etc/hostname
> /etc/hosts
> /etc/resolv.conf
> /etc/krb5.conf
>
> What OS is this ?
>
> Rowland