Joining 2008 R2 Domain fails with samba4

Kamen Mazdrashki kamenim at samba.org
Wed Jan 26 19:01:27 MST 2011


Ah, it is again this "schemaUpgradeInProgress" thing to do the job :)
Thank you for sharing Eric!

-- 
CU,
Kamen


On Thu, Jan 27, 2011 at 01:49, Eric Painley
<epainley at onestopshipping.com> wrote:
> Hello All,
>
> I am pleased to say that I finally got it working. It ended up being that
> blasted msExchBridgeheadedLocalConnectorsDNBL schema attribute after all.
> The hard part was actually changing the isSingleValued to false when it is a
> protected system attribute. Just for future reference of anyone else trying
> to do this I had to do the entire editing through the LDP.exe utility and
> not ADSIedit. The ADSIedit MMC snap-in will not allow you to change that
> attribute no matter what you do. Another thing I was doing wrong was I was
> not editing the schema on the FSMO schema master, I was editing it on
> another domain controller. You have to edit this on the schema master and
> then wait for the changes to replicate throughout your windows forest. I
> found the information on modifying a system owned object at
> http://blogs.technet.com/b/janelewis/archive/2009/12/11/how-to-modify-a-system-owned-object.aspx
>
> --Eric
>
>
> -----Original Message-----
> From: kamenim at gmail.com on behalf of Kamen Mazdrashki
> Sent: Wed 1/26/2011 9:07 AM
> To: Eric Painley
> Cc: samba-technical at lists.samba.org
> Subject: Re: Joining 2008 R2 Domain fails with samba4
>
> Hi Eric,
>
> Could you please use "ldbsearch" Samba's tool to check attribute values.
> It should print all values on a separate line and you'll know exactly how
> many values you have.
>
> I am not exactly sure how Stephan fixed the problem in his environment.
> I've left with impression he just deleted unnecessary attribute values
> for msExchBridgeheadedLocalConnectorsDNBL attribute.
> (But I might be wrong here)
> I guess there are values for this attribute somewhere in the
> Configuration partition.
>
> I hope this helps at least a little.
>
> --
> CU,
> Kamen
>
>
>
> On Wed, Jan 26, 2011 at 15:05, Eric Painley
> <epainley at onestopshipping.com> wrote:
>> Hi Kamen,
>>
>> I saw the directory entry you were talking about. It does appear to be
>> single valued but when I look at the attribute from ADSIedit it appears
>> there are values separated by semicolons. I realize that it might be a
>> problem but how do I go about fixing it? I don't think it will let me change
>> the isSingleValued from true to false in the schema as it is owned by
>> system.
>>
>> Thanks,
>> --Eric
>>
>> -----Original Message-----
>> From: kamenim at gmail.com [mailto:kamenim at gmail.com] On Behalf Of Kamen
>> Mazdrashki
>> Sent: Wednesday, January 26, 2011 7:10 AM
>> To: Eric Painley
>> Cc: samba-technical at lists.samba.org
>> Subject: Re: Joining 2008 R2 Domain fails with samba4
>>
>> Hi Eric,
>>
>> I think you are hitting an MS bug - attributes marked as "singe value"
>> actually hold multiple values.
>> Check Stephan Wolf's workaround here:
>> http://lists.samba.org/archive/samba-technical/2011-January/075515.html
>>
>>
>> --
>> CU,
>> Kamen Mazdrashki
>> Samba Team                                            http://samba.org
>> http://gitweb.samba.org/?p=kamenim/samba.git;a=summary
>>
>>
>>
>> On Wed, Jan 26, 2011 at 09:15, Eric Painley
>> <epainley at onestopshipping.com> wrote:
>>>
>>> Hello,
>>>
>>> I have a Windows Server 2008 R2 domain (running on 2003 native mode AD)
>>> with Exchange 2010 SP1. I would like to add a samba4 domain controller to my
>>> domain. I have the latest (as of 1/25/11) git of samba-master but I have
>>> been getting some wierd errors when trying to join it. At first I was
>>> getting an NT_STATUS_INTERNAL_ERROR then I saw a previous post by someone
>>> with the exact same problem at
>>> http://lists.samba.org/archive/samba-technical/2010-December/075431.html So
>>> I applied Kamen's patch
>>> (http://lists.samba.org/archive/samba-technical/2010-December/075479.html)
>>> and I was able to get much farther this time.
>>>
>>> Now I am getting this error:
>>> Finding a writeable DC for domain 'GTS.LOCAL'
>>> Found DC GTS-DC1.GTS.local
>>> Password for [GROUPTRANS\administrator]:
>>> workgroup is GROUPTRANS
>>> realm is GTS.local
>>> checking samaccountname
>>> Adding CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>>> Adding
>>> CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>>> Adding CN=NTDS
>>> Settings,CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>>> Adding SPNs to CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>>> Setting account password for GTS-LINUXAPP$
>>> Enabling account
>>> Calling bare provision
>>> Provision OK for domain DN DC=GTS,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[399]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[402]
>>> linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=GTS,DC=local] objects[328]
>>> linked_values[0]
>>> Analyze and apply schema objects
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[186] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[348] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[508] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[668] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[826] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[983] linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1140]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1295]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1449]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1599]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1755]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[1908]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2061]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2211]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2361]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2518]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2674]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[2828]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3025]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3427]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[3829]
>>> linked_values[3]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4231]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4633]
>>> linked_values[1]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4742]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4835]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[4929]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5023]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5119]
>>> linked_values[13]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5211]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5305]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5405]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5461]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5608]
>>> linked_values[247]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5773]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[5939]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[6046]
>>> linked_values[536]
>>> Partition[CN=Configuration,DC=GTS,DC=local] objects[6098]
>>> linked_values[350]
>>> Partition[DC=GTS,DC=local] objects[124] linked_values[0]
>>> Partition[DC=GTS,DC=local] objects[198] linked_values[0]
>>> Partition[DC=GTS,DC=local] objects[274] linked_values[0]
>>> Partition[DC=GTS,DC=local] objects[373] linked_values[0]
>>> Partition[DC=GTS,DC=local] objects[437] linked_values[150]
>>> Partition[DC=GTS,DC=local] objects[493] linked_values[33]
>>> Partition[DC=GTS,DC=local] objects[494] linked_values[0]
>>> Committing SAM database
>>> partition end transaction mismatch
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_commit: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_commit: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_commit: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_commit: no transaction
>>>
>>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_commit: no transaction
>>>
>>> ltdb: tdb(/usr/local/samba/private/sam.ldb): tdb_transaction_commit: no
>>> transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_cancel: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_cancel: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_cancel: no transaction
>>>
>>> ltdb:
>>> tdb(/usr/local/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_cancel: no transaction
>>>
>>> ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=GTS,DC=LOCAL.ldb):
>>> tdb_transaction_cancel: no transaction
>>>
>>> partition del transaction mismatch
>>> Join failed - cleaning up
>>> checking samaccountname
>>> Deleted CN=GTS-LINUXAPP,OU=Domain Controllers,DC=GTS,DC=local
>>> Deleted CN=NTDS
>>> Settings,CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>>> Deleted
>>> CN=GTS-LINUXAPP,CN=Servers,CN=Hudson-Office,CN=Sites,CN=Configuration,DC=GTS,DC=local
>>> ERROR(ldb): uncaught exception - operations error at
>>> ../dsdb/samdb/ldb_modules/partition.c:847
>>>  File
>>> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
>>> line 134, in _run
>>>    return self.run(*args, **kwargs)
>>>  File
>>> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/join.py", line
>>> 64, in run
>>>    site=site, netbios_name=netbios_name)
>>>  File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>>> 584, in join_DC
>>>    ctx.do_join()
>>>  File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>>> 518, in do_join
>>>    ctx.join_replicate()
>>>  File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", line
>>> 489, in join_replicate
>>>    ctx.local_samdb.transaction_commit()
>>>
>>>
>>>
>>> Note that this is the EXACT SAME ERROR as the poster had in
>>> http://lists.samba.org/archive/samba-technical/2010-December/075483.html
>>> Where he goes on to say that using the "net vampire" tool give a more
>>> verbose error report. However I don't have the net vampire tool anymore as
>>> this is a later git and it has apparently been removed and replaced with
>>> "samba-tool join".
>>>
>>> Sorry for posting all those links for from the old post but I believe our
>>> problems are very similar.
>>>
>>> Thanks,
>>> --Eric
>>>
>>
>
>


More information about the samba-technical mailing list