net rpc join fails in Ubuntu 16.04

Also tested with:

client ipc signing = auto
client ipc signing = disabled
client ipc signing = mandatory

in smb.conf and nothing worked.

No realm has been specified! Do you really want to join an Active Directory server?
smb_signing_good: BAD SIG: seq 1
Failed to join domain: failed to lookup DC info for domain 'DOMAIN' over rpc: Access denied

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1585111/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

Status changed to 'Confirmed' because the bug affects multiple users.

This bug is affecting me after upgrading 14.04 to 16.04. Cannot login to AD after upgrade

Does anyone have temprory solution to fix that?

Adding the line

client ipc signing = auto

on the Ubuntu 16.04 client fixes the problem for recent server versions of samba. Tested successfully with

samba 2:3.6.6-6+deb7u6

on the server.

For earlier samba versions (ex: 3.5.x) the extra client does not help. Don't know from which version on the samba server starts to work with this extra line.

What is the server controlling the domain you are trying to join? Another samba? Or some version of windows?

I don’t now if this can help

1) On a Xubuntu 12,04 the samba shares became inaccessible after update to Xubuntu 14.04 (Access denied for Windows an Samba clients). About one year latter they became accessible again. Probably due to a samba upgrade.

2) The shares became inaccessible again after upgrade to Xubuntu 16,04. I tried all combinations of client use spnego = no, client NTLMv2 auth = no, allow nt4 crypto = yes, require strong key = no without success. I removed the machine from the domain (Using Windows NT4 server manager).
The machine can’t join the NT4 domain :
No realm has been specified! Do you really want to join an Active Directory server?
Failed to join domain: failed to lookup DC info for domain xxxxxx over rpc: Access denied

(The smb.conf is for a NT4 domain, not for Active Directory. I tried all the cripto settings again.)

3) New machines with Xubuntu 16.04 and Ubuntu server 16.04.2 have never been able to join the domain : same message.

Primary an backup domain controller are Winndows NT4,0 Service pack 6.

As temporary solution, I moved the shares to Windows running in VirtualBox with bridged network access.

@andre-bacao, what is running on this domain controller that you can't join?

@hh68300 sorry, but I don't have access to NT4 to test your scenario. Maybe you can get some help in the samba mailing list at https://lists.samba.org/mailman/listinfo/samba ?

[Expired for samba (Ubuntu) because there has been no activity for 60 days.]

The fix proposed in comment #6 works. Shouldn't this bug be closed now?

For the moment, it is still impossible to join an NT4 domain. (PDC and BDC are Windows NT4.0 Service Pack 6.) This since Ubuntu 16.04 (before there was no problem).
My last attempt: 31/10/2017 with a Ubuntu server 16.04.3

I tested against NT4SP6a with this options:

       workgroup = NT4DOM193
       security = domain
       require strong key = no
       client use spnego = no
       client ipc signing = auto

Thanks for your config, @metze.

@hh68300, could you please try with the config options from @metze's comment #13?

I tried with the parameters indicated by @metze in # 13. I made a second attempt by adding allow nt4 crypto = Yes. Both attempts failed. Attached is the copy of the testparm and net rpc join outputs of the first attempt. The outputs for the second attempt are similar.