domain join as DC fails with beta5: 'WERR_DS_DRA_BAD_DN'
Pekka L.J. Jalkanen
pekka.jalkanen at vihreat.fi
Thu Aug 9 12:28:13 MDT 2012
Ha! Thank you very much for pushing me into right direction!
As we're not running our DNS as part of our AD, I hadn't been paying all
that great attention to the DRS work that the Samba Team had been doing
recently. That meant that I had completely overlooked the --dns-backend
option of the domain join.
With --dns-backend=NONE the join works now.
Pekka
On 9.8.2012 18:08, Ricky Nance wrote:
> If I remember right, the DNS partition started replicating on join
> around beta 2 or 3, so that could be the issue. Are you using bind9 dlz,
> internal, or any dns? As for beta3 not compiling, it looks like you are
> missing the LDB headers. Double check to see if libldb-dev is installed
> before you compile, (you might also want to make clean) you will need to
> ./configure again if that package is missing. It was also around one of
> those beta's that my Gentoo box complained about LDB not being new
> enough, my ubuntu boxes didn't seem to have an issue with it though. You
> can also see if adding a --local to the end of your join command helps.
> Just a couple of things to try.
>
> Ricky
>
> On Thu, Aug 9, 2012 at 8:58 AM, Pekka L.J. Jalkanen
> <pekka.jalkanen at vihreat.fi <mailto:pekka.jalkanen at vihreat.fi>> wrote:
>
> OK, beta2 does work, but beta4 doesn't, and interestingly enough, I
> can't compile beta3 at all:
>
> [ 825/3792] Compiling source4/dsdb/samdb/ldb_modules/linked_attributes.c
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c: In function
> ‘handle_verify_name_control’:
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:97:12: error:
> dereferencing pointer to incomplete type
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:97:40: error:
> dereferencing pointer to incomplete type
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:111:11: error:
> dereferencing pointer to incomplete type
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:112:44: error:
> dereferencing pointer to incomplete type
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c: In function
> ‘linked_attributes_add’:
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:258:41: error:
> ‘LDB_CONTROL_VERIFY_NAME_OID’ undeclared (first use in this function)
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:258:41: note: each
> undeclared identifier is reported only once for each function it
> appears in
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c: In function
> ‘linked_attributes_modify’:
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:495:41: error:
> ‘LDB_CONTROL_VERIFY_NAME_OID’ undeclared (first use in this function)
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c: In function
> ‘linked_attributes_ldb_init’:
> ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:1168:41: error:
> ‘LDB_CONTROL_VERIFY_NAME_OID’ undeclared (first use in this function)
> Waf: Leaving directory `/home/pekkajal/src/samba-master/bin'
> Build failed: -> task failed (err #1):
> {task: cc linked_attributes.c -> linked_attributes_57.o}
> make: *** [all] Error 1
>
> So the problem lies somewhere between beta2 and beta4.
>
>
> Pekka
>
> On 9.8.2012 15:57, Pekka L.J. Jalkanen wrote:
> > I doubt. I just finished testing with self-compiled beta2 (I was just
> > about to post to the list about that), just to compare it to the
> > pre-compiled version... and surprise surprise, with beta2 sources
> domain
> > join works, other things equal.
> >
> > Also, I'm pretty certain that I'm not just meeting but even exceeding
> > the software requirements stated in the wiki.
> >
> > I think that I'm trying beta4 next. If that doesn't work, then beta3.
> > I'll report back when I'll see.
> >
> >
> > Pekka
> >
> > On 9.8.2012 15:46, Ricky Nance wrote:
> >> The pre-compiled version likely had all the headers it needed
> already,
> >> so there is a chance you don't have something you need on the git
> >> version. Please check
> >>
> https://wiki.samba.org/index.php/Samba_4_OS_Requirements#Debian_or_Ubuntu
> and
> >> make sure all the packages listed there are installed, redo
> ./configure
> >> make and make install if any are missing and then retry the join.
> >>
> >> Ricky
> >>
> >> On Thu, Aug 9, 2012 at 6:34 AM, Pekka L.J. Jalkanen
> >> <pekka.jalkanen at vihreat.fi <mailto:pekka.jalkanen at vihreat.fi>
> <mailto:pekka.jalkanen at vihreat.fi
> <mailto:pekka.jalkanen at vihreat.fi>>> wrote:
> >>
> >> I tried again with another test box that has a newer
> operating system
> >> (Debian Wheezy instead of Squeeze), and thus newer Python.
> >>
> >> I also tried upgrading to Samba 4.0.0beta6-GIT-d799b25, but
> to no avail:
> >> still the same error.
> >>
> >>
> >> Pekka L.J. Jalkanen
> >>
> >> On 8.8.2012 18:17, Pekka L.J. Jalkanen wrote:
> >> > I previously tried to use Debian packages (see my previous
> report at
> >> >
> https://lists.samba.org/archive/samba-technical/2012-July/085301.html)
> >> > to join a domain as a DC, but as they turned out to be
> buggy, and only
> >> > supported ntvfs, I compiled beta5 by myself.
> >> >
> >> > However with the Debian-distributed beta2 the join itself
> worked, but
> >> > now it does not:
> >> >
> >> > root at samba4dc:/usr/local/samba# bin/samba-tool domain join
> >> mydomain.site
> >> > DC -Uadministrator at MYDOMAIN.SITE --realm=mydomain.site
> >> > Finding a writeable DC for domain 'mydomain.site'
> >> > Found DC win2003r2dc.mydomain.site
> >> > Password for [administrator at MYDOMAIN.SITE]:
> >> > workgroup is MYDOMAIN
> >> > realm is mydomain.site
> >> > checking sAMAccountName
> >> > Adding CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site
> >> > Adding
> >> >
> >>
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> >> > Adding CN=NTDS
> >> >
> >>
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> >> > Adding SPNs to CN=SAMBA4DC,OU=Domain
> Controllers,DC=mydomain,DC=site
> >> > Setting account password for SAMBA4DC$
> >> > Enabling account
> >> > Calling bare provision
> >> > No IPv6 address will be assigned
> >> > Provision OK for domain DN DC=mydomain,DC=site
> >> > Starting replication
> >> > Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site]
> objects[402]
> >> > linked_values[0]
> >> > Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site]
> objects[804]
> >> > linked_values[0]
> >> > Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site]
> >> objects[1206]
> >> > linked_values[0]
> >> > Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=site]
> >> objects[1376]
> >> > linked_values[0]
> >> > Analyze and apply schema objects
> >> > Partition[CN=Configuration,DC=mydomain,DC=site] objects[402]
> >> > linked_values[0]
> >> > Partition[CN=Configuration,DC=mydomain,DC=site] objects[804]
> >> > linked_values[0]
> >> > Partition[CN=Configuration,DC=mydomain,DC=site] objects[1206]
> >> > linked_values[0]
> >> > Partition[CN=Configuration,DC=mydomain,DC=site] objects[1548]
> >> > linked_values[0]
> >> > Replicating critical objects from the base DN of the domain
> >> > Partition[DC=mydomain,DC=site] objects[95] linked_values[0]
> >> > Partition[DC=mydomain,DC=site] objects[396] linked_values[0]
> >> > Partition[DC=mydomain,DC=site] objects[454] linked_values[0]
> >> > Join failed - cleaning up
> >> > checking sAMAccountName
> >> > Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=mydomain,DC=site
> >> > Deleted CN=NTDS
> >> >
> >>
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> >> > Deleted
> >> >
> >>
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=site
> >> > ERROR(runtime): uncaught exception - (8439,
> 'WERR_DS_DRA_BAD_DN')
> >> > File
> >> >
> >>
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> >> > line 160, in _run
> >> > return self.run(*args, **kwargs)
> >> > File
> >> >
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py",
> >> > line 256, in run
> >> > machinepass=machinepass, use_ntvfs=use_ntvfs,
> >> dns_backend=dns_backend)
> >> > File
> "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> >> > line 1053, in join_DC
> >> > ctx.do_join()
> >> > File
> "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> >> > line 958, in do_join
> >> > ctx.join_replicate()
> >> > File
> "/usr/local/samba/lib/python2.6/site-packages/samba/join.py",
> >> > line 741, in join_replicate
> >> > replica_flags=ctx.replica_flags)
> >> > File
> >> >
> "/usr/local/samba/lib/python2.6/site-packages/samba/drs_utils.py",
> >> line
> >> > 248, in replicate
> >> > (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
> >> req_level, req)
> >> >
> >> > Any help in resolving this would be greatly appreciated. I
> could
> >> try the
> >> > latest version from git, if the more experienced people here
> >> suggest me
> >> > to do that, but I would first like to confirm that I'm not
> having any
> >> > fundamentals wrong.
> >> >
> >> >
> >> > Pekka L.J. Jalkanen
> >>
> >>
> >>
> >>
> >>
> >> --
> >>
> >>
> >
> >
>
>
> --
> Pekka L.J. Jalkanen, pekka.jalkanen at vihreat.fi
> <mailto:pekka.jalkanen at vihreat.fi>, +358-44-5510534
> Vihreät / De Gröna, http://www.vihreat.fi/
>
>
>
>
> --
>
>
--
Pekka L.J. Jalkanen, pekka.jalkanen at vihreat.fi, +358-44-5510534
Vihreät / De Gröna, http://www.vihreat.fi/
More information about the samba-technical
mailing list