domain join as DC fails with beta5: 'WERR_DS_DRA_BAD_DN'

[Pekka L.J. Jalkanen]

I tried again with another test box that has a newer operating system
(Debian Wheezy instead of Squeeze), and thus newer Python.

I also tried upgrading to Samba 4.0.0beta6-GIT-d799b25, but to no avail:
still the same error.


Pekka L.J. Jalkanen

On 8.8.2012 18:17, Pekka L.J. Jalkanen wrote:
> I previously tried to use Debian packages (see my previous report at
> https://lists.samba.org/archive/samba-technical/2012-July/085301.html)
> to join a domain as a DC, but as they turned out to be buggy, and only
> supported ntvfs, I compiled beta5 by myself.
> 
> However with the Debian-distributed beta2 the join itself worked, but
> now it does not:
> 
> root at samba4dc:/usr/local/samba# bin/samba-tool domain join mydomain.site
> DC -Uadministrator at MYDOMAIN.SITE --realm=mydomain.site
> Finding a writeable DC for domain 'mydomain.site'
> Found DC win2003r2dc.mydomain.site
> Password for [administrator at MYDOMAIN.SITE]:
> workgroup is MYDOMAIN
> realm is mydomain.site
> checking sAMAccountName
> Adding CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site
> Adding
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> Adding CN=NTDS
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site
> Setting account password for SAMBA4DC$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Provision OK for domain DN DC=mydomain,DC=site
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site] objects[402]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site] objects[804]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site] objects[1206]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site] objects[1376]
> linked_values[0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=mydomain,DC=site] objects[402]
> linked_values[0]
> Partition[CN=Configuration,DC=mydomain,DC=site] objects[804]
> linked_values[0]
> Partition[CN=Configuration,DC=mydomain,DC=site] objects[1206]
> linked_values[0]
> Partition[CN=Configuration,DC=mydomain,DC=site] objects[1548]
> linked_values[0]
> Replicating critical objects from the base DN of the domain
> Partition[DC=mydomain,DC=site] objects[95] linked_values[0]
> Partition[DC=mydomain,DC=site] objects[396] linked_values[0]
> Partition[DC=mydomain,DC=site] objects[454] linked_values[0]
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site
> Deleted CN=NTDS
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> Deleted
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> ERROR(runtime): uncaught exception - (8439, 'WERR_DS_DRA_BAD_DN')
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> line 160, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py",
> line 256, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> line 1053, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> line 958, in do_join
>     ctx.join_replicate()
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> line 741, in join_replicate
>     replica_flags=ctx.replica_flags)
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/drs_utils.py", line
> 248, in replicate
>     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
> 
> Any help in resolving this would be greatly appreciated. I could try the
> latest version from git, if the more experienced people here suggest me
> to do that, but I would first like to confirm that I'm not having any
> fundamentals wrong.
> 
> 
> Pekka L.J. Jalkanen