common causes for failure to find domain controller ?
in [Samba]
|
From: Mark Casey on 17 Feb 2010 10:20 On 2/17/2010 4:15 AM, Evan Ingram wrote: > Hi, > > are there any common causes for a windows machines failure to find a > samba domain controller? > > im trying to join a windows 2008 server to a samba[3.4.0] PDC and > debug/netsetup says "failed to find a DC in the specified domain". > > cheers > > Evan, Yes there are a few. A very common one is the DC and your server's clocks being too far out of sync but afaik that does not seem to be your issue. In your case it just says it can't find a DC to being with. You might try a few of these, some of which may not apply depending on whether you are listing your DCs explicitly or just letting them be found automatically. 1. Make sure you can ping between your hosts. Ping the DC from the smb box and the smb box from the DC; try both 'ping server' and 'ping server.domain.local'. 2. On the DC run netdiag and dcdiag. There is a dns only test in dcdiag too, I think the syntax is dcdiag /test:dns. My smb boxes use my DCs for DNS and the DNS are AD integrated, so you may need to tweak those suggestions if thats not your setup. Generally though, check out the health of the DNS. 3. In case you get nothing there (and you haven't done this already), try specifying your DCs explicity in the kerberos config and in smb.conf. I've never had my config reviewed by the experts, but it works for me: /etc/krb5.conf .... [realms] DOMAINNAME.COM = { kdc = dal-dc1.domainname.com kdc = den-dc1.domainname.com master_kdc = dal-dc1.domainname.com admin_server = dal-dc1.domainname.com } [domain_realm] .domainname.com = DOMAINNAME.COM .... /etc/samba/smb.conf .... [global] server string = Dallas File Server workgroup = DOMAINNAME realm = DOMAINNAME.COM security = ADS password server = * #password server = dal-dc1.domainname.com #password server = dal-dc1.domainname.com, den-dc1.domainname.com .... Note the password option especially. For awhile I had to list it explicitly. 4. Use kinit to make sure kerberos is working, and maybe search for your error more in the list archives (read: google). root(a)yourhost:~# kinit Administrator(a)DOMAINNAME.COM Password for Administrator(a)DOMAINNAME.COM: root(a)yourhost:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator(a)DOMAINNAME.COM Valid starting Expires Service principal 02/17/10 09:09:19 02/17/10 19:09:26 krbtgt/DOMAINNAME.COM(a)DOMAINNAME.COM renew until 02/18/10 09:09:19 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached root(a)yourhost:~# kdestroy root(a)yourhost:~# kdestroy kdestroy: No credentials cache found while destroying cache root(a)yourhost:~# HTH, Mark Casey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: [Samba] Samba4 clustering Next: [Samba] recycle touch error |