I stood up a samba 4 (4.0.9) Active Directory domain controller on a Red Hat Enterprise Linux 6.3 server, configured in accordance with the Samba AD DC HOWTO <https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO> , and tailored to the domain name I want. I'm trying to join a Windows 7 Enterprise Edition client to the domain. Windows responds with "Your computer could not be joined to the domain because the following error has occurred: The network path was not found." The network between the Windows 7 box and the samba server is very simple, consisting of a single switch. The network itself is also very simple, consisting of 3 Red Hat servers, a NAS, and the workstation. The network is not connected to the Internet in any way.
I used wireshark to capture the message exchange. It looks to me like the DNS stuff is working right - as far as it gets - but something is misconfigured with the LDAP server, and I can't figure out what. I can't provide the pcap file, but here's a summary of the messages exchanged (C = Win 7 client, S = samba server, pretending client IP is 192.168.0.3, server IP is 192.168.0.4, server name is server, client name is client, and domain name is domain.name): 1. C->S: NBNS - Name Query NB domain 2. S->C: NBNS - Name Query response NB 192.168.0.4 3. C->S: DNS SRV _ldap._tcp.dc._msdcs.domain.name 4. S->C: DNS SRV 0 100 389 server.domain.name 5. C->S: DNS A server.domain.name 6. S->C: DNS A 192.168.0.4 7. C->S: CLDAP search request "<ROOT>" baseobject a. Filter: DnsDomain=domain.name && Host=CLIENT && NtVer=0x00000016 b. Attributes: netlogon 8. S->C: CLDAP searchresentry a. Type: netlogon b. Opcode: LOGON_SAM_LOGON_RESPONSE_EX c. Flags: GoodTimeServ, Writable, Closest, Timeserv, KDC, DS, LDAP, GC, PDC d. Forest: domain.name e. Domain: domain.name f. Hostname: CLIENT g. NetBIOS domain: DOMAIN h. NetBIOS Hostname: SERVER 9. C->S: DNS SRV _ldap._tcp.dc._msdcs.domain.name 10. S->C: DNS SRV 0 100 389 server.domain.name 11. C->S: CLDAP (same as message 7) 12. S->C: CLDAP (same as message 8) 13. C->S: CLDAP search request "<ROOT>" baseobject a. Filter: DnsDomain=domain.name && Host=CLIENT && User=CLIENT && AAC=80:01:00:00 && NtVer=0x20000016 b. Attributes: netlogon 14. S->C: CLDAP serchresentry a. Type: netlogon b. Opcode: LOGON_SAM_USER_UNKNOWN_EX Based on this exchange, it looks like the Win 7 client is trying to use the username CLIENT (message 13) rather than the "Administrator" username I put in when attempting to join the domain, and the server is rejecting that user because it doesn't know that user. Is it normal for the Win 7 client to use the computer name for the username, here? Did I miss something in the HOWTO? Am I supposed to add the client computer name to the Active Directory before trying to join the domain? Thanks for any light you can shed on this. Jared -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
