Reporting success this past year + new Issues Adding a new Samba 4 DC to existing Samba 4 AD

Aubrey Ekstrom aekstrom at proclivitysystems.com
Mon Nov 28 08:42:08 MST 2011 

Hi All,

>
> First let me report back that we are still running Samba 4 as our primary
> (i.e. 'only') ldap/AD authentication in our small (30-40 person, depending
> on the month) tech start up company. It has been over a year since you all
> helped me when I ran into trouble extending the Samba 4 schema to support
> Apple OS X extensions. We have been authenticating all our Windows and
> Apple computers against the Samba 4 AD, and it has been rock solid,
> including GPO for Windows and Apple's equivalent functionality through
> Workgroup Manager.
>
> That being said, I have been singing it's praises to our new IT Director,
> and while he prefers Windows to open source for such things as Active
> Directory, he is well versed in Linux and open source and so is willing to
> keep using Samba 4. In fact he wants to put not only all our developer
> Linux workstations on Samba 4, but our production Linux servers as well. As
> part of that effort he asked me to set up another Samba 4 DC in our
> production environment and then join it to the existing domain.
>
>
> _______________________________________________________________________________________________________________________________________________
>
> So I downloaded the latest and greatest from GIT, installed all the
> packages, configured it (./configure.developer) compiled it, tested it
> (make quicktest) and installed it. Then following the online instructions (
> http://wiki.samba.org/index.php/Samba4_joining_a_domain), joined it to
> our existing domain. All looked good. When I tried to test the replication
> however I started getting errors. Then I tested the local db and got more
> errors. Then it wouldn't talk to the pre-existing DC any more, so I blew it
> away and reinstalled (even rebooted both servers at one point, although I
> doubted that would fix anything, but just in case).
>
> Still won't talk directly to the existing DC. I get errors like this:
>
> [root at newdc bin]# ./samba-tool domain join not-our.domain DC -Uadmin
> --realm=NOT-OUR.DOMAIN
> Finding a writeable DC for domain 'not-our.domain'
> ERROR(exceptions.Exception): uncaught exception - Failed to find a
> writeable DC for domain 'not-our.domain'
>   File
> "/usr/local/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py",
> line 167, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.4/site-packages/samba/netcmd/domain.py", line
> 121, in run
>     domain_critical_only=domain_critical_only)
>   File "/usr/local/samba/lib/python2.4/site-packages/samba/join.py", line
> 913, in join_DC
>     ctx = dc_join(server, creds, lp, site, netbios_name, targetdir, domain)
>   File "/usr/local/samba/lib/python2.4/site-packages/samba/join.py", line
> 65, in __init__
>     ctx.server = ctx.find_dc(domain)
>   File "/usr/local/samba/lib/python2.4/site-packages/samba/join.py", line
> 200, in find_dc
>     raise Exception("Failed to find a writeable DC for domain '%s'" %
> domain)
>
> Now the new DC is a over a year newer than the existing version of Samba 4
> (I have been loath to touch the old one since it is our only DC and has
> been rock solid), AND we want to standardize on CENT OS now, so the new DC
> is also on CENT OS 5.6, while the existing Samba 4 is on Debian 5.x. I did
> have a lot more trouble getting all the packages for CENT OS 5 than I
> remember having for Debian. Some of them were only available in Yum as part
> of larger packages that had different names, but once they were all there
> it compiled, tested and installed without error.
>
> *Existing Samba 4:*
>
> Debian 5.x 64bit (don't remember subversion, used a 5.6 live CD, but then
> upgraded... was still 5 though)
>
> Samba Version 4.0.0alpha14-GIT-800a76d
>
>
> *New Samba 4:*
>
> CENT OS 5.6.1 32bit
>
> Samba Version 4.0.0alpha18-GIT-UNKNOWN
>
> It does see the other DC. I can ping both by name from each other, and
> kinit from the new DC resolves the existing DC and authenticates. Before I
> ran into trouble and blew it away, it said it joined and replicated...
>
> [root at newdc bin]# kinit admin
> Password for admin at NOT-OUR.DOMAIN:
> [root at newdc bin]#
>
>
> Not sure what to try next. Thanks in advance!
>
>
> Cheers,*
>
> Aubrey Ekstrom | *Systems Administrator
> Proclivity Systems
> 22 West 19th St., Ninth Floor
> New York, NY 10011
> p 646.380.2416
> aekstrom at proclivitysystems.com
> www.proclivitysystems.com
>
> *Proclivity® | We Value Your Customers™*
>
>
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
>
>
>
>
>

More information about the samba-technical mailing list