I attempted to join a Windows 7 SP1 computer on the local network to the domain known (locally) as irishtown.localonly.rvcomerford.ie , in the manner shown in the first http://www.samba.org/tridge/Samba4Demo/s4demo1.ogv of the Samba4 video demonstrations http://wiki.samba.org/index.php/Samba4/videos . Ping requests, DNS requests, and SSH connections all go from this machine (currently assigned 10.37.55.20 by DHCP) to the server machine without problems, whether the server is identified as 10.37.55.20 or as blackbox.irishtown.localonly.rvcomerford.ie . But attemping to join the AD domain fails: instead of the "Computer Name/Domain Changes" username/password dialog (as seen at 3:41 on the video), an error dialog comes up. The error dialog's detail message is:
Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt. DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "irishtown.localonly.rvcomerford.ie": The query was for the SRV record for _ldap._tcp.dc._msdcs.irishtown.localonly.rvcomerford.ie The following domain controllers were identified by the query: blackbox.irishtown.localonly.rvcomerford.ie However no domain controllers could be contacted. Common causes of this error include: - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. I have attached an edited pcap file for the server's eth0 which (hopefully) shows the relevant packets sent during the failed domain change. (I have full pcaps from the server and a client-side netmon capture if anyone wants to see them.) It seems that after finishing with DNS, the client attempted to "LDAP ping" 10.37.55.20 on UDP port 389 but received a "Destination unreachable (Port unreachable)" response. And indeed it seems that there is nothing listening on UDP port 389 on the server, even though there are several samba processes running: leo@blackbox:~$ sudo nc -vvvzu 10.37.55.20 389 leo@blackbox:~$ sudo lsof | grep TCP sshd 1076 root 3r IPv4 8802 0t0 TCP *:ssh (LISTEN) sshd 1076 root 4u IPv6 8805 0t0 TCP *:ssh (LISTEN) named 1213 bind 20u IPv6 9260 0t0 TCP *:domain (LISTEN) named 1213 bind 21u IPv4 9272 0t0 TCP localhost:domain (LISTEN) named 1213 bind 22u IPv4 9274 0t0 TCP blackbox:domain (LISTEN) named 1213 bind 23u IPv4 9388 0t0 TCP localhost:953 (LISTEN) named 1213 bind 24u IPv6 9390 0t0 TCP ip6-localhost:953 (LISTEN) dnsmasq 1293 libvirt-dnsmasq 7u IPv4 7046 0t0 TCP 192.168.122.1:domain (LISTEN) samba 1296 root 22u IPv4 7062 0t0 TCP *:microsoft-ds (LISTEN) samba 1296 root 23u IPv4 7063 0t0 TCP *:netbios-ssn (LISTEN) samba 1296 root 24u IPv6 7064 0t0 TCP *:microsoft-ds (LISTEN) samba 1296 root 25u IPv6 7065 0t0 TCP *:netbios-ssn (LISTEN) samba 1297 root 36u IPv4 9370 0t0 TCP *:1024 (LISTEN) samba 1297 root 37u IPv6 9371 0t0 TCP *:1024 (LISTEN) samba 1297 root 40u IPv4 9379 0t0 TCP *:loc-srv (LISTEN) samba 1297 root 41u IPv6 9380 0t0 TCP *:loc-srv (LISTEN) samba 1300 root 23u IPv4 9812 0t0 TCP *:ldap (LISTEN) samba 1300 root 24u IPv4 9816 0t0 TCP *:ldaps (LISTEN) samba 1300 root 25u IPv4 9817 0t0 TCP *:3268 (LISTEN) samba 1300 root 26u IPv4 9818 0t0 TCP *:3269 (LISTEN) samba 1300 root 27u IPv6 9819 0t0 TCP *:ldap (LISTEN) samba 1300 root 28u IPv6 9820 0t0 TCP *:ldaps (LISTEN) samba 1300 root 29u IPv6 9821 0t0 TCP *:3268 (LISTEN) samba 1300 root 30u IPv6 9822 0t0 TCP *:3269 (LISTEN) sshd 1448 root 3r IPv4 10767 0t0 TCP blackbox:ssh->10.37.55.21:59729 (ESTABLISHED) sshd 1590 leo 3u IPv4 10767 0t0 TCP blackbox:ssh->10.37.55.21:59729 (ESTABLISHED) leo@blackbox:~$ sudo lsof | grep UDP named 1213 bind 512u IPv6 9259 0t0 UDP *:domain named 1213 bind 513u IPv4 9264 0t0 UDP localhost:domain named 1213 bind 514u IPv4 9273 0t0 UDP blackbox:domain named 1213 bind 515u IPv4 9392 0t0 UDP 192.168.122.1:domain dnsmasq 1293 libvirt-dnsmasq 5u IPv4 7039 0t0 UDP *:bootps dnsmasq 1293 libvirt-dnsmasq 6u IPv4 7045 0t0 UDP 192.168.122.1:domain samba 1298 root 22u IPv4 7073 0t0 UDP *:netbios-ns samba 1298 root 23u IPv4 7074 0t0 UDP *:netbios-dgm samba 1298 root 24u IPv4 7075 0t0 UDP 192.168.122.255:netbios-ns samba 1298 root 25u IPv4 7076 0t0 UDP 192.168.122.1:netbios-ns samba 1298 root 26u IPv4 7077 0t0 UDP 192.168.122.255:netbios-dgm samba 1298 root 27u IPv4 7078 0t0 UDP 192.168.122.1:netbios-dgm samba 1298 root 28u IPv4 7079 0t0 UDP 10.37.55.255:netbios-ns samba 1298 root 29u IPv4 7080 0t0 UDP blackbox:netbios-ns samba 1298 root 30u IPv4 7081 0t0 UDP 10.37.55.255:netbios-dgm samba 1298 root 31u IPv4 7082 0t0 UDP blackbox:netbios-dgm ** Attachment added: "eth0 server-side pcap edited down.pcap" https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/+attachment/3051925/+files/eth0%20server-side%20pcap%20edited%20down.pcap -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/976138 Title: kerberos setup fails, with broken krb5.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/976138/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
