[Samba] Joining samba4 as a DC to Windows Server 2012 active directory

James-Arthur Eaton Gonzalez eaton.james at gmail.com
Sun Apr 28 03:57:08 MDT 2013 

Hello all,

I am attempting to join samba4 to my current domain which is controlled by
a Windows 2012 Active Directory Server. When following the instructions on
the official WIKI:

http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

I am able to do a kinit administrator, which then gives me a ticket which I
can see via klist.

The problem is that once I run the command:


# bin/samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com


It does not work. I get the following error:
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')

Could this be because of the version of AD? I can't find much
around compatibility of this version of Windows. Any help is greatly
appreciated.

Here is the full debug:

   1. ./samba-tool domain join example.com DC -Uadministrator --realm=
   example.com
   2. Finding a writeable DC for domain 'example.com'
   3. Found DC dc01.example.com
   4. Password for [WORKGROUP\administrator]:
   5. workgroup is EXAMPLE
   6. realm is example.com
   7. checking sAMAccountName
   8. Deleted CN=DC02,CN=Computers,DC=example,DC=com
   9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com
   10. Adding
   CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
   11. Adding CN=NTDS
   Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
   12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
   'WERR_DS_INCOMPATIBLE_VERSION')
   13. Join failed - cleaning up
   14. checking sAMAccountName
   15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com
   16. Deleted
   CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
   17. ERROR(runtime): uncaught exception - DsAddEntry failed
   18.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
   line 175, in _run
   19.     return self.run(*args, **kwargs)
   20.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
   line 552, in run
   21.     machinepass=machinepass, use_ntvfs=use_ntvfs,
   dns_backend=dns_backend)
   22.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1104,
   in join_DC
   23.     ctx.do_join()
   24.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1007,
   in do_join
   25.     ctx.join_add_objects()
   26.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 525,
   in join_add_objects
   27.     ctx.join_add_ntdsdsa()
   28.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 458,
   in join_add_ntdsdsa
   29.     ctx.DsAddEntry([rec])
   30.   File
   "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 421,
   in DsAddEntry
   31.     raise RuntimeError("DsAddEntry failed")

More information about the samba mailing list