Finally, is everything in the same subnet e.g. 192.168.1.2/24
NO , the 2 hosts have public ips , exposed on internet .
is just a momentary configuration to "transfer " the domain from one
host to another.
the other questions are all yes.
thank's
rf
----- Messaggio originale -----
Da: "Rowland Penny via samba" <samba at lists.samba.org>
A: "samba" <samba at lists.samba.org>
Cc: "Rowland Penny" <rpenny at samba.org>
Inviato: Venerd?, 10 ottobre 2025 19:02:28
Oggetto: Re: [Samba] Failed to find a writeable DC
On Fri, 10 Oct 2025 18:04:32 +0200 (CEST)
Fabrizio Rompani <fabrizio.rompani at yetopen.com> wrote:
> temporaly stopped firewall ( both )
> increased debug .
> Same error:
>
> thank's
> f
>
>
>
> root at grants-dc:/var/lib/samba# samba-tool domain join s4ad.domain.org
> DC -U administrator --realm=S4AD.domain.ORG --debug=15 INFO: Current
>
SNIP> 00 org...). ....... Addrs = xx.xx.xx.xx at 389/grants finddcs: DNS
> SRV response 0 at 'xx.xx.xx.xx' ERROR: Failed to find a writeable
DC
> for domain 's4ad.domain.org': The object was not found. File
> "/usr/lib/python3/dist-packages/samba/join.py", line 352, in
find_dc
> ctx.cldap_ret = ctx.net.finddc(domain=domain,
> flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS |
> nbt.NBT_SERVER_WRITABLE)
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
It seems to be saying that it cannot find a DC in the 's4ad.domain.org'
dns domain, so, and these may probably be stupid questions, is there a
dns domain called 's4ad.domain.org', is there at least one RWDC in that
dns domain and can you ping the dns domain from the computer that you
are trying to join as a DC.
yes there is :
from yy.yy.yy.yy
root at grants-dc:/etc/samba# dig _ldap._tcp.dc._msdcs.s4ad.domain.org SRV
; <<>> DiG 9.18.39-0ubuntu0.24.04.1-Ubuntu <<>>
_ldap._tcp.dc._msdcs.s4ad.domain.org SRV
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47562
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: cb48b0face8897a20100000068efa75247b0b17ee34fd4d3 (good)
;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.s4ad.domain.org. IN SRV
;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.s4ad.domain.org. 900 IN SRV 0 100 389
grants.s4ad.domain.org.
;; Query time: 18 msec
;; SERVER: xx.xx.xx.xx#53(xx.xx.xx.xx) (UDP)
;; WHEN: Wed Oct 15 15:53:22 CEST 2025
;; MSG SIZE rcvd: 133
Does /etc/hostname contain the computers short hostname.
yes it does:
cat /etc/hostname
grants
cat /etc/hostname
grants-dc
Does /etc/hosts have a line like this:
192.168.1.15 dc1.s4ad.domain.org dc1
Where: 192.168.1.15 is the computers ipaddress
dc1 is the computers short hostname
yes it does :
yy.yy.yy.yy grants-dc.s4ad.domain.org grants-dc nextcloud.domain.org
xx.xx.xx.xx grants.s4ad.domain.org grants
Does /etc/resolv.conf look like this:
search s4ad.domain.org
nameserver 192.168.1.2
Where 192.168.1.2 is a DC in the s4ad.domain.org dns domain
yes it does:
search s4ad.domain.org
nameserver xx.xx.xx.xx
Does /etc/krb5.conf have this as minimum:
[libdefaults]
default_realm = S4AD.DOMAIN.ORG
dns_lookup_realm = false
dns_lookup_kdc = true
yes
Finally, is everything in the same subnet e.g. 192.168.1.2/24
NO , the 2 hosts have public ips , exposed on internet .
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
YetOpen SB
Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood
Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com | Phone +1 919-817-8106 - info.us
at yetopen.com
Think green - Non stampare questa e-mail se non necessario / Don't print
this email unless necessary
-------- Riservatezza D.Lgs. 196/2003 e GDPR 679/2016 --------
Questo messaggio e' riservato ai destinatari indicati e contiene
informazioni confidenziali, ivi compresi gli allegati.E' vietata la
diffusione, copia o utilizzo non autorizzato. Se lo ha ricevuto per errore, La
invitiamo a eliminarlo immediatamente e a informarci tempestivamente. Grazie.
-------- Confidentiality Legislative Decree 196/2003 & GDPR 679/2016
--------
This message is intended for the recipient only and may contain confidential
information, including attachments. Unauthorized disclosure, copy or use is
prohibited. If received in error, please delete immediately and notify us.
Thank you.