hi all
I have a DC used to manage user authentication to nextcloud app installed on the
same server.
I moved NC to a new server leaving samba-ad-dc on the old one ( appropriate
firewall rules exits )
Now I want to move samba to new VM so I can shutdown the old one.
To do so ,I'm trying to join a second DC installed to the new machine and
then , after move all roles , I can demote and switch off the old VM.
BUT : when I try to join the second DC
I got this :
root at grants-dc:~# samba-tool domain join s4ad.domain.org DC -U administrator
--realm=S4AD.CESVI.ORG -W S4AD
INFO 2025-10-08 22:29:30,946 pid:3292
/usr/lib/python3/dist-packages/samba/join.py #106: Finding a writeable DC for
domain 's4ad.domain.org'
ERROR: Failed to find a writeable DC for domain 's4ad.domain.org': The
object was not found.
Here my config files:
* Actual (unique) DC : Ubuntu 20.04 , samba 4.15.13
hosts:
xx.xx.xx.xx grants.s4ad.domain.org
krb5.conf:
[libdefaults]
default_realm = S4AD.DOMAIN.ORG
dns_lookup_kdc = true
dns_lookup_realm = false
smb.conf
[global]
dns forwarder = 127.0.0.1
netbios name = GRANTS
realm = S4AD.DOMAIN.ORG
server role = active directory domain controller
workgroup = S4AD
server services = -dns
interfaces = eth0 lo
bind interfaces only = yes
* New DC Ubuntu 24.04 samba 4.23
hosts:
yy.yy.yy.yy grants-dc.s4ad.domain.org
/etc/netplan/
network:
version: 2
ethernets:
ens18:
addresses:
- "yy.yy.yy.yy/24"
nameservers:
addresses:
- xx.xx.xx.xx
search: []
* dig grants.s4ad.domain.org
grants.s4ad.domain.org. 0 IN A xx.xx.xx.xx
* root at grants-dc:~# host -t SRV _ldap._tcp.dc._msdcs.s4ad.domain.org
_ldap._tcp.dc._msdcs.s4ad.domain.org has SRV record 0 100 389
grants.s4ad.domain.org.
* root at grants-dc:~# ping grants.s4ad.domain.org
PING grants.s4ad.domain.org (89.116.29.118) 56(84) bytes of data.
64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=1 ttl=53 time=280
ms
64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=2 ttl=53 time=290
ms
^C
any hints ?
thank's
rf
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us
at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary
-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene
informazioni confidenziali, ivi compresi gli allegati.E' vietata la
diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La
invitiamo a eliminarlo immediatamente e a informarci tempestivamente. Grazie.
-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016
--------
This message is intended for the recipient only and may contain confidential
information, including attachments. Unauthorized disclosure, copy or use is
prohibited. If received in error, please delete immediately and notify us.
Thank you.
could be a version incompatibility issue?
thank's
rf
----- Messaggio originale -----
Da: "Fabrizio Rompani via samba" <samba at lists.samba.org>
A: "samba" <samba at lists.samba.org>
Inviato: Mercoled?, 8 ottobre 2025 22:44:19
Oggetto: [Samba] Failed to find a writeable DC
hi all
I have a DC used to manage user authentication to nextcloud app installed on the
same server.
I moved NC to a new server leaving samba-ad-dc on the old one ( appropriate
firewall rules exits )
Now I want to move samba to new VM so I can shutdown the old one.
To do so ,I'm trying to join a second DC installed to the new machine and
then , after move all roles , I can demote and switch off the old VM.
BUT : when I try to join the second DC
I got this :
root at grants-dc:~# samba-tool domain join s4ad.domain.org DC -U administrator
--realm=S4AD.CESVI.ORG -W S4AD
INFO 2025-10-08 22:29:30,946 pid:3292
/usr/lib/python3/dist-packages/samba/join.py #106: Finding a writeable DC for
domain 's4ad.domain.org'
ERROR: Failed to find a writeable DC for domain 's4ad.domain.org': The
object was not found.
Here my config files:
* Actual (unique) DC : Ubuntu 20.04 , samba 4.15.13
hosts:
xx.xx.xx.xx grants.s4ad.domain.org
krb5.conf:
[libdefaults]
default_realm = S4AD.DOMAIN.ORG
dns_lookup_kdc = true
dns_lookup_realm = false
smb.conf
[global]
dns forwarder = 127.0.0.1
netbios name = GRANTS
realm = S4AD.DOMAIN.ORG
server role = active directory domain controller
workgroup = S4AD
server services = -dns
interfaces = eth0 lo
bind interfaces only = yes
* New DC Ubuntu 24.04 samba 4.23
hosts:
yy.yy.yy.yy grants-dc.s4ad.domain.org
/etc/netplan/
network:
version: 2
ethernets:
ens18:
addresses:
- "yy.yy.yy.yy/24"
nameservers:
addresses:
- xx.xx.xx.xx
search: []
* dig grants.s4ad.domain.org
grants.s4ad.domain.org. 0 IN A xx.xx.xx.xx
* root at grants-dc:~# host -t SRV _ldap._tcp.dc._msdcs.s4ad.domain.org
_ldap._tcp.dc._msdcs.s4ad.domain.org has SRV record 0 100 389
grants.s4ad.domain.org.
* root at grants-dc:~# ping grants.s4ad.domain.org
PING grants.s4ad.domain.org (89.116.29.118) 56(84) bytes of data.
64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=1 ttl=53 time=280
ms
64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=2 ttl=53 time=290
ms
^C
any hints ?
thank's
rf
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us
at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary
-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene
informazioni confidenziali, ivi compresi gli allegati.E' vietata la
diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La
invitiamo a eliminarlo immediatamente e a informarci tempestivamente. Grazie.
-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016
--------
This message is intended for the recipient only and may contain confidential
information, including attachments. Unauthorized disclosure, copy or use is
prohibited. If received in error, please delete immediately and notify us.
Thank you.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us
at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary
-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene
informazioni confidenziali, ivi compresi gli allegati.E' vietata la
diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La
invitiamo a eliminarlo immediatamente e a informarci tempestivamente. Grazie.
-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016
--------
This message is intended for the recipient only and may contain confidential
information, including attachments. Unauthorized disclosure, copy or use is
prohibited. If received in error, please delete immediately and notify us.
Thank you.
On Wed, 8 Oct 2025 22:44:19 +0200 (CEST) Fabrizio Rompani via samba <samba at lists.samba.org> wrote:> hi all > I have a DC used to manage user authentication to nextcloud app > installed on the same server. I moved NC to a new server leaving > samba-ad-dc on the old one ( appropriate firewall rules exits ) Now I > want to move samba to new VM so I can shutdown the old one. > > To do so ,I'm trying to join a second DC installed to the new machine > and then , after move all roles , I can demote and switch off the old > VM. > > BUT : when I try to join the second DC > I got this : > root at grants-dc:~# samba-tool domain join s4ad.domain.org DC -U > administrator --realm=S4AD.CESVI.ORG -W S4AD INFO 2025-10-08Either that is bad sanitisation or that is your problem there, 's4ad.domain.org' != S4AD.CESVI.ORG' (and I am discounting the case) You also do not need the '-W' switch> 22:29:30,946 pid:3292 /usr/lib/python3/dist-packages/samba/join.py > #106: Finding a writeable DC for domain 's4ad.domain.org' ERROR: > Failed to find a writeable DC for domain 's4ad.domain.org': The > object was not found. > > > Here my config files: > > > > * Actual (unique) DC : Ubuntu 20.04 , samba 4.15.13 > > hosts: > xx.xx.xx.xx grants.s4ad.domain.org > > krb5.conf: > [libdefaults] > default_realm = S4AD.DOMAIN.ORG > dns_lookup_kdc = true > dns_lookup_realm = false > > smb.conf > [global] > dns forwarder = 127.0.0.1That dns forwarder isn't going to work, you are forwarding the DC to itself.> netbios name = GRANTS > realm = S4AD.DOMAIN.ORG > server role = active directory domain controller > workgroup = S4AD > server services = -dns > interfaces = eth0 lo > bind interfaces only = yes > > > > * New DC Ubuntu 24.04 samba 4.23 > > hosts: > yy.yy.yy.yy grants-dc.s4ad.domain.org > > /etc/netplan/ > > network: > version: 2 > ethernets: > ens18: > addresses: > - "yy.yy.yy.yy/24" > nameservers: > addresses: > - xx.xx.xx.xx > search: [] > > > > > > > * dig grants.s4ad.domain.org > > grants.s4ad.domain.org. 0 IN A xx.xx.xx.xx > > > > > > * root at grants-dc:~# host -t SRV > _ldap._tcp.dc._msdcs.s4ad.domain.org > > _ldap._tcp.dc._msdcs.s4ad.domain.org has SRV record 0 100 389 > grants.s4ad.domain.org. > > > > > * root at grants-dc:~# ping grants.s4ad.domain.org > > PING grants.s4ad.domain.org (89.116.29.118) 56(84) bytes of data. > 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): icmp_seq=1 ttl=53 > time=280 ms 64 bytes from grants.s4ad.domain.org (xx.xx.xx.xx): > icmp_seq=2 ttl=53 time=290 ms ^CWhat is in the /etc/resolv.conf on the new DC ? Rowland