[Samba] DC join failed

Epsilon Minus theepsilonminus at gmail.com
Fri May 31 18:50:05 UTC 2019


Dears,

I have a problem to join a Version 4.7.6-Ubuntu to a Domain 2008 R2
how Domain Controller.

if i add a Windows server how domain controller i wasn't a problem.
but is not de samba case.

the samba join  output :

samba-tool domain join example.local DC -U example\\administrator
Finding a writeable DC for domain 'example.local'
Found DC AD01.example.local
Password for [CONYLEC\administrator]:
workgroup is CONYLEC
realm is example.local
Adding CN=DC02,OU=Domain Controllers,DC=example,DC=local
Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
Adding SPNs to CN=DC02,OU=Domain Controllers,DC=example,DC=local
Setting account password for DC02$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=example,DC=local
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[402/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[804/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[1206/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[1608/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[2010/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[2412/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[2814/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[3216/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[3618/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[4020/2921] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
objects[4198/2921] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=example,DC=local] objects[402/4617]
linked_values[0/67]
Partition[CN=Configuration,DC=example,DC=local] objects[804/4617]
linked_values[0/67]
Partition[CN=Configuration,DC=example,DC=local] objects[1206/4617]
linked_values[0/67]
Partition[CN=Configuration,DC=example,DC=local] objects[1597/4617]
linked_values[0/67]
Partition[CN=Configuration,DC=example,DC=local] objects[1910/4617]
linked_values[16/67]
Partition[CN=Configuration,DC=example,DC=local] objects[1992/4617]
linked_values[51/67]
Replicating critical objects from the base DN of the domain
Partition[DC=example,DC=local] objects[110/190] linked_values[11/50]
Partition[DC=example,DC=local] objects[254/6103] linked_values[11/50]
Partition[DC=example,DC=local] objects[384/6103] linked_values[0/50]
Partition[DC=example,DC=local] objects[493/6103] linked_values[0/50]
Partition[DC=example,DC=local] objects[605/6103] linked_values[0/50]
Partition[DC=example,DC=local] objects[735/6103] linked_values[34/50]
Partition[DC=example,DC=local] objects[862/6103] linked_values[5/50]
Partition[DC=example,DC=local] objects[944/6103] linked_values[0/50]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=example,DC=local
Partition[DC=DomainDnsZones,DC=example,DC=local] objects[61/61]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=example,DC=local
Partition[DC=ForestDnsZones,DC=example,DC=local] objects[22/22]
linked_values[0/0]
Join failed - cleaning up
Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=local
Deleted CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
Deleted CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
ERROR(runtime): uncaught exception - (8453, 'WERR_DS_DRA_ACCESS_DENIED')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in do_join
    ctx.join_replicate()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 961, in
join_replicate
    exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
291, in replicate
    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)


I look for the error, but don't find a solution.

Thanks!



More information about the samba mailing list