[Samba] Unable to Join the Active Directory as a Domain Controller

Marc-Henri Pamiseux marc-henri.pamiseux at libricks.org
Wed Dec 20 21:55:44 UTC 2017


Hello,

I am trying to use Samba in version 4.7.0 as a replication of an Active
Directory running on Windows 2012-R2.

For that, I execute the process described on this page:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

When I run the command to join the domain controller, samba-tool returns
the following error:
DsAddEntry failed with status WERR_ACCESS_DENIED info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')

I read the documentation that specifies which version of Samba is
compatible with the version of the Active Directory schema:
https://wiki.samba.org/index.php/AD_Schema_Version_Support

I was able to check on the Windows 2012-R2 server that the Active
Directory schema is in version 69, so theoretically compatible with
Samba 4.7.

User "MYDOMAIN\marcori" is a domain admin.
Do you have a way to explore further?

Respectfully,

Marc-Henri Pamiseux

PS: Here is the command invoked and its error message:

# samba-tool domain join example.com DC -U"MYDOMAIN\marcori"
--dns-backend=SAMBA_INTERNAL --realm=EXAMPLE.COM -W MYDOMAIN
Finding a writeable DC for domain 'example.com'
Found DC SRV-ADM1.example.com
Password for [MYDOMAIN\marcori]:
workgroup is MYDOMAIN
realm is example.com
Adding CN=SRVSMB-DC1,OU=Domain Controllers,DC=example,DC=com
Adding
CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Adding CN=NTDS
Settings,CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DsAddEntry failed with status WERR_ACCESS_DENIED info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
Join failed - cleaning up
Deleted CN=SRVSMB-DC1,OU=Domain Controllers,DC=example,DC=com
Deleted
CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ERROR(runtime): uncaught exception - DsAddEntry failed
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 639, in
join_add_objects
    ctx.join_add_ntdsdsa()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 570, in
join_add_ntdsdsa
    ctx.DsAddEntry([rec])
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 521, in
DsAddEntry
    raise RuntimeError("DsAddEntry failed")

# samba -V
Version 4.7.0-Debian

-- 
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue LĂ©onard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97



More information about the samba mailing list