Samba 4 to AD join fail, help

Juan Pablo Lorier jplorier at yahoo.com
Mon Jan 30 06:41:34 MST 2012


Hi Matthias,

First of all, thanks for your answer.
Next, srv-mm is a Windows 2003 server sp2. The other DC (the master and the one that samba is trying to join most of the tests) is ads1.montecarlotv.com.uy, also a W2003 sp2 and the only difference is that ads1 is virtualized over xen-redhat.
Our domain is the migration of an nt domain to a w2k and then to 2003. I completed all missing data for users and computers at the time we stabilized on 2003 (because NT does not require most of the info needed by samba 3 "schema" and I wanted to be sure it won't make any inconsistency problems).
My intentions are to make samba4 a DC controller to get the domains tree and, after some testing, let samba 4 be the domain controller and leave windows.

If I can give you any other info you may need, please don't hesitate on asking.

Regards,

Juan Pablo Lorier


________________________________
 De: Matthias Dieter Wallnöfer <mdw at samba.org>
Para: Juan Pablo Lorier <jplorier at yahoo.com> 
CC: "samba-technical at samba.org" <samba-technical at samba.org> 
Enviado: viernes, 27 de enero de 2012 18:20
Asunto: Re: Samba 4 to AD join fail, help
 
Which Windows release runs on top of "srv-mm.montecarlotv.com.uy"? Are 
there any other DCs (with possibly other Windows versions) on which you 
could try to join? I am asking you since it is known that for instance 
Windows 2000 is very problematic.

Thanks,
Matthias Wallnöfer

Juan Pablo Lorier schrieb:
> Hi there,
>
> I'm a newy at samba 4 and I'm trying to joing a samba 4
> alpha 17 box to our domain as a DC so I can "drain" the domain info and
> use the linux box to test samba without disturbing the domain itself.
> The thing is that I get an error when trying to join the server :
>
> [root at vpdc samba]# bin/samba-tool domain join montecarlotv.com.uy DC -Uadministrador --realm=montecarlotv.com.uy
> Finding a writeable DC for domain 'montecarlotv.com.uy'
> Found DC srv-mm.montecarlotv.com.uy
> Password for [WORKGROUP\administrador]:
> workgroup is CANAL4
> realm is montecarlotv.com.uy
> checking samaccountname
> Adding CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> Adding CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Adding
> CN=NTDS
> Settings,CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION')
> Join failed - cleaning up
> checking samaccountname
> Deleted CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> Deleted CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> ERROR(runtime): uncaught exception - DsAddEntry failed
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 167, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 162, in run
>      machinepass=machinepass)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 949, in join_DC
>      ctx.do_join()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 854, in do_join
>      ctx.join_add_objects()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 467, in join_add_objects
>      ctx.join_add_ntdsdsa()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 416, in join_add_ntdsdsa
>      ctx.DsAddEntry([rec])
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 379, in DsAddEntry
>      raise RuntimeError("DsAddEntry failed")
>
>
> The
> only thing that calls my atention is that instead of asking for
> CANAL4\administrador password is asking WORKGROUP\administrador.
> Any Ideas?
> Thanks,


More information about the samba-technical mailing list