[Samba] Trouble joining DC Bind9_DLZ
Marcio Demetrio Bacci
marciobacci at gmail.com
Tue Sep 3 09:59:50 UTC 2019
Hi,
There is no record for the forest:
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
'CN=MicrosoftDNS,DC=ForestDnsZones,DC=empresa,DC=com,DC=br' -s sub
'(&(objectclass=dnsZone)(dc=_msdcs.empresa.com.br))'
# returned 0 records
# 0 entries
# 0 referrals
Can I fix this?
Regards,
Márcio Bacci
Em ter, 3 de set de 2019 às 06:40, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 03/09/2019 10:07, Marcio Demetrio Bacci via samba wrote:
> > Hi,
> >
> > I'm using Samba 4.10.7 with Bind9_DLZ (9.10.3-P4-Debian), but I'm not
> > getting to insert a new DC into the Domain. My SO is a VM Debian 9.9.
> >
> > Following is the command used and the error:
> >
> > root at samba4-dc3:/var/lib/samba/private# samba-tool domain join
> > empresa.com.br DC -k yes --server=samba4-dc1.empresa.com.br
> > --dns-backend=BIND9_DLZ -d 3
> > INFO 2019-09-02 15:50:33,684 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2291: Setting
> > up the privileges database
> > INFO 2019-09-02 15:50:34,188 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting
> > up idmap db
> > INFO 2019-09-02 15:50:34,549 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2301: Setting
> > up SAM db
> > INFO 2019-09-02 15:50:34,644 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #882: Setting
> up
> > sam.ldb partitions and settings
> > INFO 2019-09-02 15:50:34,645 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #894: Setting
> up
> > sam.ldb rootDSE
> > INFO 2019-09-02 15:50:34,724 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #1302:
> > Pre-loading the Samba 4 and AD schema
> > partition_metadata: Migrating partition metadata: open of metadata.tdb
> > gave: (null)
> > Unable to determine the DomainSID, can not enforce uniqueness constraint
> on
> > local domainSIDs
> >
> > INFO 2019-09-02 15:50:34,892 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2351: A
> > Kerberos configuration suitable for Samba AD has been generated at
> > /var/lib/samba/private/krb5.conf
> > INFO 2019-09-02 15:50:34,893 pid:6636
> > /usr/lib/python3/dist-packages/samba/provision/__init__.py #2352: Merge
> the
> > contents of this file with your system krb5.conf or replace it with this
> > one. Do not create a symlink!
> > Provision OK for domain DN empresa.com.br
> > Starting replication
> > Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > samba4-dc1.empresa.com.br<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > samba4-dc1.empresa.com.br<0x20>
> > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[402/1518]
> > linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[804/1518]
> > linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1206/1518]
> > linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1518/1518]
> > linked_values[0/0]
> > Analyze and apply schema objects
> > Replicated 1518 objects (0 linked attributes) for
> > CN=Schema,CN=Configuration,empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[402/2023]
> > linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[804/2023]
> > linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[1206/2023]
> > linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[1608/2023]
> > linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[2010/2023]
> > linked_values[0/20]
> > Replicated 402 objects (0 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Partition[CN=Configuration,empresa.com.br] objects[2023/2023]
> > linked_values[36/36]
> > Replicated 13 objects (36 linked attributes) for CN=Configuration,
> > empresa.com.br
> > Replicating critical objects from the base DN of the domain
> > Partition[empresa.com.br] objects[103/103] linked_values[45/45]
> > Replicated 103 objects (45 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[402/2296] linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[804/2296] linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[1206/2296] linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[1608/2296] linked_values[0/764]
> > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[2010/2296] linked_values[0/1066]
> > Replicated 402 objects (0 linked attributes) for empresa.com.br
> > Partition[empresa.com.br] objects[2296/2296] linked_values[1066/1066]
> > ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
> > CN=COMP0082,CN=Computers,empresa.com.br for index on
> servicePrincipalName,
> > duplicate of objectGUID 1c0cc09b-a4c2-4e2d-9544-d49f82b436f3 in
> > @INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0082.EMPRESA.COM.BR
> > ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
> > CN=COMP0013,CN=Computers,empresa.com.br for index on
> servicePrincipalName,
> > duplicate of objectGUID be74c1a9-d80b-4922-90f5-94a8c86632ad in
> > @INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0013.EMPRESA.COM.BR
> > Replicated 286 objects (1066 linked attributes) for empresa.com.br
> > Done with always replicated NC (base, config, schema)
> > Replicating DC=DomainDnsZones,empresa.com.br
> > Partition[DC=DomainDnsZones,empresa.com.br] objects[402/692]
> > linked_values[0/0]
> > Replicated 402 objects (0 linked attributes) for DC=DomainDnsZones,
> > empresa.com.br
> > Partition[DC=DomainDnsZones,empresa.com.br] objects[692/692]
> > linked_values[0/0]
> > Replicated 290 objects (0 linked attributes) for DC=DomainDnsZones,
> > empresa.com.br
> > Replicating DC=ForestDnsZones,empresa.com.br
> > Partition[DC=ForestDnsZones,empresa.com.br] objects[40/40]
> > linked_values[0/0]
> > Replicated 40 objects (0 linked attributes) for DC=ForestDnsZones,
> > empresa.com.br
> > Exop on[CN=RID Manager$,CN=System,empresa.com.br] objects[3]
> > linked_values[0]
> > Discarding older DRS attribute update to objectClass on CN=RID
> > Manager$,CN=System,empresa.com.br from
> 032a8fdc-a9b8-425a-88c3-5125986fc59d
> >
> > #### OMITTED #####
> >
> > INFO 2019-09-02 15:50:51,647 pid:6636
> > /usr/lib/python3/dist-packages/samba/join.py #1169: Adding DNS A record
> > SAMBA4-DC3.empresa.com.br for IPv4 IP: 172.30.1.19
> > INFO 2019-09-02 15:50:51,699 pid:6636
> > /usr/lib/python3/dist-packages/samba/join.py #1197: Adding DNS CNAME
> record
> > 956bafb9-4aa8-4f91-8615-6b5af36b91fa._msdcs.empresa.com.br for
> > SAMBA4-DC3.empresa.com.br
> > Join failed - cleaning up
> This is where the join failed, you can ignore anything after 'Join failed'
> > I have saw that there are duplicate objects in the base, but I believe
> this
> > is not the cause of the problem.
> Yes
> >
> > Also I have verified that I can only find my FQDN domain. The short name
> > does not respond. I don't know if that would be a problem.
> >
> > root at samba4-dc3:~# host -t A EMPRESA.COM.BR
> > EMPRESA.COM.BR has address 192.168.1.20
> > EMPRESA.COM.BR has address 192.168.1.22
> > root at samba4-dc3:~# host -t A EMPRESA
> > Host EMPRESA not found: 3(NXDOMAIN)
> That is because 'EMPRESA' is a NetBIOS name, not a a dns name.
>
> The join seems to be failing when it tries to add a CNAME record or when
> its ownership is changed, so does the forest dns zone exist ?
>
> try running this on an existing DC:
>
> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
> 'CN=MicrosoftDNS,DC=ForestDnsZones,DC=empresa,DC=com,DC=br' -s sub
> '(&(objectclass=dnsZone)(dc=_msdcs.empresa.com.br))'
>
> It should produce one AD object record.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list