Joining 2008 R2 Domain fails with samba4
Eric Painley
epainley at OneStopShipping.Com
Wed Jan 26 16:49:06 MST 2011
Hello All,
I am pleased to say that I finally got it working. It ended up being that blasted msExchBridgeheadedLocalConnectorsDNBL schema attribute after all. The hard part was actually changing the isSingleValued to false when it is a protected system attribute. Just for future reference of anyone else trying to do this I had to do the entire editing through the LDP.exe utility and not ADSIedit. The ADSIedit MMC snap-in will not allow you to change that attribute no matter what you do. Another thing I was doing wrong was I was not editing the schema on the FSMO schema master, I was editing it on another domain controller. You have to edit this on the schema master and then wait for the changes to replicate throughout your windows forest. I found the information on modifying a system owned object at http://blogs.technet.com/b/janelewis/archive/2009/12/11/how-to-modify-a-system-owned-object.aspx
--Eric
-----Original Message-----
From: kamenim at gmail.com on behalf of Kamen Mazdrashki
Sent: Wed 1/26/2011 9:07 AM
To: Eric Painley
Cc: samba-technical at lists.samba.org
Subject: Re: Joining 2008 R2 Domain fails with samba4
Hi Eric,
Could you please use "ldbsearch" Samba's tool to check attribute values.
It should print all values on a separate line and you'll know exactly how
many values you have.
I am not exactly sure how Stephan fixed the problem in his environment.
I've left with impression he just deleted unnecessary attribute values
for msExchBridgeheadedLocalConnectorsDNBL attribute.
(But I might be wrong here)
I guess there are values for this attribute somewhere in the
Configuration partition.
I hope this helps at least a little.
--
CU,
Kamen
On Wed, Jan 26, 2011 at 15:05, Eric Painley
<epainley at onestopshipping.com> wrote:
> Hi Kamen,
>
> I saw the directory entry you were talking about. It does appear to be single valued but when I look at the attribute from ADSIedit it appears there are values separated by semicolons. I realize that it might be a problem but how do I go about fixing it? I don't think it will let me change the isSingleValued from true to false in the schema as it is owned by system.
>
> Thanks,
> --Eric
>
> -----Original Message-----
> From: kamenim at gmail.com [mailto:kamenim at gmail.com] On Behalf Of Kamen Mazdrashki
> Sent: Wednesday, January 26, 2011 7:10 AM
> To: Eric Painley
> Cc: samba-technical at lists.samba.org
> Subject: Re: Joining 2008 R2 Domain fails with samba4
>
> Hi Eric,
>
> I think you are hitting an MS bug - attributes marked as "singe value"
> actually hold multiple values.
> Check Stephan Wolf's workaround here:
> http://lists.samba.org/archive/samba-technical/2011-January/075515.html
>
>
> --
> CU,
> Kamen Mazdrashki
> Samba Team http://samba.org http://gitweb.samba.org/?p=kamenim/samba.git;a=summary
>
>
>
> On Wed, Jan 26, 2011 at 09:15, Eric Painley
> <epainley at onestopshipping.com> wrote:
>>
>> Hello,
>>
>> I have a Windows Server 2008 R2 domain (running on 2003 native mode AD) with Exchange 2010 SP1. I would like to add a samba4 domain controller to my domain. I have the latest (as of 1/25/11) git of samba-master but I have been getting some wierd errors when trying to join it. At first I was getting an NT_STATUS_INTERNAL_ERROR then I saw a previous post by someone with the exact same problem at http://lists.samba.org/archive/samba-technical/2010-December/075431.html So I applied Kamen's patch (http://lists.samba.org/archive/samba-technical/2010-December/075479.html) and I was able to get much farther this time.
>>
>> Now I am getting this error:
>> Finding a writeable DC for domain 'GTS.LOCAL'
>> Found DC GTS-DC1.GTS.local
>> Password for [GROUPTRANS\administrator]:
>> workgroup is GROUPTRANS
>> realm is GTS.local
>> checking samaccountname
>> Adding CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>> Adding CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>> Adding CN=NTDS Settings,CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>> Adding SPNs to CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>> Setting account password for GTS-LINUXAPP$
>> Enabling account
>> Calling bare provision
>> Provision OK for domain DN DC=GTS,DC=local
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[399] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[328] linked_values[0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[186] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[348] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[508] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[668] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[826] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[983] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1140] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1295] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1449] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1599] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1755] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1908] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2061] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2211] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2361] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2518] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2674] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2828] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3025] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3427] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3829] linked_values[3]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4231] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4633] linked_values[1]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4742] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4835] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4929] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5023] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5119] linked_values[13]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5211] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5305] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5405] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5461] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5608] linked_values[247]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5773] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5939] linked_values[0]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[6046] linked_values[536]
>> Partition[CN=Configuration,DC=GTS,DC=local] objects[6098] linked_values[350]
>> Partition[DC=GTS,DC=local] objects[124] linked_values[0]
>> Partition[DC=GTS,DC=local] objects[198] linked_values[0]
>> Partition[DC=GTS,DC=local] objects[274] linked_values[0]
>> Partition[DC=GTS,DC=local] objects[373] linked_values[0]
>> Partition[DC=GTS,DC=local] objects[437] linked_values[150]
>> Partition[DC=GTS,DC=local] objects[493] linked_values[33]
>> Partition[DC=GTS,DC=local] objects[494] linked_values[0]
>> Committing SAM database
>> partition end transaction mismatch
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=GTS,DC=LOCAL.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=GTS,DC=LOCAL.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=GTS,DC=LOCAL.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb): tdb_transaction_commit: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb): tdb_transaction_cancel: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb): tdb_transaction_cancel: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=GTS,DC=LOCAL.ldb): tdb_transaction_cancel: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=GTS,DC=LOCAL.ldb): tdb_transaction_cancel: no transaction
>>
>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=GTS,DC=LOCAL.ldb): tdb_transaction_cancel: no transaction
>>
>> partition del transaction mismatch
>> Join failed - cleaning up
>> checking samaccountname
>> Deleted CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>> Deleted CN=NTDS Settings,CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>> Deleted CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>> ERROR(ldb): uncaught exception - operations error at ../dsdb/samdb/ldb_modules/partition.c:847
>> File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 134, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/join.py", line 64, in run
>> site=site, netbios_name=netbios_name)
>> File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line 584, in join_DC
>> ctx.do_join()
>> File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line 518, in do_join
>> ctx.join_replicate()
>> File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line 489, in join_replicate
>> ctx.local_samdb.transaction_commit()
>>
>>
>>
>> Note that this is the EXACT SAME ERROR as the poster had in http://lists.samba.org/archive/samba-technical/2010-December/075483.html Where he goes on to say that using the "net vampire" tool give a more verbose error report. However I don't have the net vampire tool anymore as this is a later git and it has apparently been removed and replaced with "samba-tool join".
>>
>> Sorry for posting all those links for from the old post but I believe our problems are very similar.
>>
>> Thanks,
>> --Eric
>>
>
More information about the samba-technical
mailing list