[Samba] Cannot Join Samba 4.1 to an existing Windows 2008 domain as a Backup DC

Andrew Bartlett abartlet at samba.org
Wed Feb 5 01:41:34 MST 2014 

On Thu, 2014-01-30 at 11:14 -0800, Lucas Burdick wrote:
> Hi Everybody,
>  
> I'm stumped. I'm pretty sure I've tried everything to get this to work.  I'm trying to join my CentOS 6 server to my Server 2008 AD Domain.  
>  
> I'm using SerNet's samba4 packages:
>  
> [root at files ~]# samba -V
> Version 4.1.4-SerNet-RedHat-7.el6
>  
> I've done the xattr and acl tests and they all come out just fine. So I don't think it has to do with ACLs but I have no idea.
>  
> I'm also getting LDB errors but I have no idea how to fix them.
>  
> [root at files ~]# samba-tool domain join MYDOMAIN DC -Uadministrator --realm=MYDOMAIN.COM
> Finding a writeable DC for domain 'MYDOMAIN'
> Found DC PSI2.mydomain.com
> Password for [MYDOMAIN\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.com
> checking sAMAccountName
> Adding CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
> Adding CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Adding CN=NTDS Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Adding SPNs to CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
> Setting account password for FILES$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> ldb: module schema_load initialization failed : No such object
> ldb: module rootdse initialization failed : No such object
> ldb: module samba_dsdb initialization failed : No such object
> ldb: Unable to load modules for /var/lib/samba/private/sam.ldb: (null)
> samdb_connect failed
> VFS connect failed!
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
> Deleted CN=NTDS Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Deleted CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.
>   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 552, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172, in join_DC
>     ctx.do_join()
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1076, in do_join
>     ctx.join_provision()
>   File "/usr/lib64/python2.6/site-packages/samba/join.py", line 727, in join_provision
>     use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend)
>   File "/usr/lib64/python2.6/site-packages/samba/provision/__init__.py", line 2052, in provision
>     raise ProvisioningError("Your filesystem or build does not support posix ACLs, which s3fs requires.  Try the mounting the filesystem with the 'acl' option.")
>  
> Here's what happens when I try to use ntvfs:
>  
> [root at files ~]# samba-tool domain join MYDOMAIN DC -Uadministrator --realm=MYDOMAIN.COM --use-ntvfs
> Finding a writeable DC for domain 'MYDOMAIN'
> Found DC PSI2.mydomain.com
> Password for [MYDOMAIN\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.com
> checking sAMAccountName
> Adding CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
> Adding CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Adding CN=NTDS Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Adding SPNs to CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
> Setting account password for FILES$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Bad talloc magic value - unknown value
> Aborted

If you could run that under gdb as 'gdb
--args /usr/bin/python /usr/bin/samba-tool domain join MYDOMAIN DC
-Uadministrator --realm=MYDOMAIN.COM --use-ntvfs' and get me the bt full
when it crashes, I would be most curious. 

> [root at files ~]# cat /etc/fstab
>  
> #
> # /etc/fstab
> # Created by anaconda on Wed Sep 25 08:59:45 2013
> #
> # Accessible filesystems, by reference, are maintained under '/dev/disk'
> # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
> #
> UUID=8db22947-18c7-4b32-880c-1b9349af0420 /                       ext4    defaults,user_xattr,acl,barrier=1        1 1
> UUID=acca5b8b-374f-47d8-bde5-28db11dc25e0 /boot                   ext4    defaults        1 2
> UUID=8df4a877-87c8-430d-b691-5a2d5445888f /files                  ext4    defaults        1 2
> UUID=6873769d-1c8b-41a2-8703-c14adb434920 swap                    swap    defaults        0 0
> tmpfs                   /dev/shm                tmpfs   defaults        0 0
> devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
> sysfs                   /sys                    sysfs   defaults        0 0
> proc                    /proc                   proc    defaults        0 0
>  
> 
> 
> Can somebody please point me in the right direction?

Remove the private directory and try again.  I think you tried once as
non-root, and it's got some files and not others owned by your normal
user, or is in some other half-way state.  Also, I now have patches in
master that should avoid this happening as often, should you be curious
to try that. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list