Samba 4 to AD join fail, help

Juan Pablo Lorier jplorier at
Mon Jan 30 06:41:34 MST 2012

Hi Matthias,

First of all, thanks for your answer.
Next, srv-mm is a Windows 2003 server sp2. The other DC (the master and the one that samba is trying to join most of the tests) is, also a W2003 sp2 and the only difference is that ads1 is virtualized over xen-redhat.
Our domain is the migration of an nt domain to a w2k and then to 2003. I completed all missing data for users and computers at the time we stabilized on 2003 (because NT does not require most of the info needed by samba 3 "schema" and I wanted to be sure it won't make any inconsistency problems).
My intentions are to make samba4 a DC controller to get the domains tree and, after some testing, let samba 4 be the domain controller and leave windows.

If I can give you any other info you may need, please don't hesitate on asking.


Juan Pablo Lorier

 De: Matthias Dieter Wallnöfer <mdw at>
Para: Juan Pablo Lorier <jplorier at> 
CC: "samba-technical at" <samba-technical at> 
Enviado: viernes, 27 de enero de 2012 18:20
Asunto: Re: Samba 4 to AD join fail, help
Which Windows release runs on top of ""? Are 
there any other DCs (with possibly other Windows versions) on which you 
could try to join? I am asking you since it is known that for instance 
Windows 2000 is very problematic.

Matthias Wallnöfer

Juan Pablo Lorier schrieb:
> Hi there,
> I'm a newy at samba 4 and I'm trying to joing a samba 4
> alpha 17 box to our domain as a DC so I can "drain" the domain info and
> use the linux box to test samba without disturbing the domain itself.
> The thing is that I get an error when trying to join the server :
> [root at vpdc samba]# bin/samba-tool domain join DC -Uadministrador
> Finding a writeable DC for domain ''
> Found DC
> Password for [WORKGROUP\administrador]:
> workgroup is CANAL4
> realm is
> checking samaccountname
> Adding CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> Adding CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> Adding
> Settings,CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION')
> Join failed - cleaning up
> checking samaccountname
> Deleted CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> Deleted CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> ERROR(runtime): uncaught exception - DsAddEntry failed
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/", line 167, in _run
>      return*args, **kwargs)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/", line 162, in run
>      machinepass=machinepass)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/", line 949, in join_DC
>      ctx.do_join()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/", line 854, in do_join
>      ctx.join_add_objects()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/", line 467, in join_add_objects
>      ctx.join_add_ntdsdsa()
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/", line 416, in join_add_ntdsdsa
>      ctx.DsAddEntry([rec])
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/", line 379, in DsAddEntry
>      raise RuntimeError("DsAddEntry failed")
> The
> only thing that calls my atention is that instead of asking for
> CANAL4\administrador password is asking WORKGROUP\administrador.
> Any Ideas?
> Thanks,

More information about the samba-technical mailing list