samba-tool domain join (W2k)

Dirk Gouders gouders at et.bocholt.fh-gelsenkirchen.de
Wed Sep 7 10:30:02 MDT 2011 

Hi,

I am trying to join a Domain following the description in

http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

but get errors and would like to ask about the current state of "domain
join" and if I probably might get it working with minor fixes.

So far, I tried to fix the first error but got only a few operations further:

$ samba-tool domain join swt-pool.test.lab DC -Uadministrator --realm=SWT-POOL.TEST.LAB
Finding a writeable DC for domain 'swt-pool.test.lab'
Found DC dcswt01.swt-pool.test.lab
Password for [WORKGROUP\administrator]:
workgroup is SWT-POOL
realm is swt-pool.test.lab
checking samaccountname
Adding CN=TANGO4,OU=Domain Controllers,DC=test,DC=lab
Adding CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
Adding CN=NTDS Settings,CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
Join failed - cleaning up
checking samaccountname
Deleted CN=TANGO4,OU=Domain Controllers,DC=test,DC=lab
Deleted CN=NTDS Settings,CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
Deleted CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'drsuapi.DsAddEntryCtr2' object has no attribute 'err_ver'
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 141, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 110, in run
    domain_critical_only=domain_critical_only)
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 601, in join_DC
    ctx.do_join()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 526, in do_join
    ctx.join_add_objects()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 375, in join_add_objects
    ctx.DsAddEntry(rec)
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 308, in DsAddEntry
    if ctr.err_ver != 1:


Then I tested a modification to join.py:

$ git diff
diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py
index 3d81a29..c9f529d 100644
--- a/source4/scripting/python/samba/join.py
+++ b/source4/scripting/python/samba/join.py
@@ -305,12 +305,13 @@ class dc_join(object):
         req2.first_object = first_object
 
         (level, ctr) = ctx.drsuapi.DsAddEntry(ctx.drsuapi_handle, 2, req2)
-        if ctr.err_ver != 1:
-            raise RuntimeError("expected err_ver 1, got %u" % ctr.err_ver)
-        if ctr.err_data.status != (0, 'WERR_OK'):
-            print("DsAddEntry failed with status %s info %s" % (ctr.err_data.status,
-                                                                ctr.err_data.info.extended_err))
-            raise RuntimeError("DsAddEntry failed")
+
+        if ctr.dir_err != 0:
+            raise RuntimeError("expected dir_err 0, got %u" % ctr.dir_err)
+        #if ctr.err_data.status != (0, 'WERR_OK'):
+        #    print("DsAddEntry failed with status %s info %s" % (ctr.err_data.status,
+        #                                                        ctr.err_data.info.extended_err))
+        #    raise RuntimeError("DsAddEntry failed")
 
     def join_add_objects(ctx):
         '''add the various objects needed for the join'''

But after that I get only a few steps further:

$ samba-tool domain join swt-pool.test.lab DC -Uadministrator --realm=SWT-POOL.TEST.LAB
Finding a writeable DC for domain 'swt-pool.test.lab'
Found DC dcswt01.swt-pool.test.lab
Password for [WORKGROUP\administrator]:
workgroup is SWT-POOL
realm is swt-pool.test.lab
checking samaccountname
Deleted CN=tango4,OU=Domain Controllers,DC=test,DC=lab
Adding CN=TANGO4,OU=Domain Controllers,DC=test,DC=lab
Adding CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
Adding CN=NTDS Settings,CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
0
hank
Adding SPNs to CN=TANGO4,OU=Domain Controllers,DC=test,DC=lab
Setting account password for TANGO4$
Join failed - cleaning up
checking samaccountname
Deleted CN=TANGO4,OU=Domain Controllers,DC=test,DC=lab
Deleted CN=NTDS Settings,CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
Deleted CN=TANGO4,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=test,DC=lab
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0
> <>
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 141, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 110, in run
    domain_critical_only=domain_critical_only)
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 603, in join_DC
    ctx.do_join()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 528, in do_join
    ctx.join_add_objects()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 416, in join_add_objects
    username=ctx.samname)
  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 447, in setpassword
    self.modify_ldif(setpw)
  File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line 233, in modify_ldif
    self.modify(msg, controls)

More information about the samba-technical mailing list