Samba 4 to AD join fail, help

Matthias Dieter Wallnöfer mdw at samba.org
Tue Jan 31 08:02:18 MST 2012 

Hi Juan,

do you have checked that both forest and domain function levels are 
native? That means no interim/NT4-mixed mode.

Thanks,
Matthias

Juan Pablo Lorier schrieb:
> Hi Matthias,
>
> First of all, thanks for your answer.
> Next, srv-mm is a Windows 2003 server sp2. The other DC (the master 
> and the one that samba is trying to join most of the tests) is 
> ads1.montecarlotv.com.uy, also a W2003 sp2 and the only difference is 
> that ads1 is virtualized over xen-redhat.
> Our domain is the migration of an nt domain to a w2k and then to 2003. 
> I completed all missing data for users and computers at the time we 
> stabilized on 2003 (because NT does not require most of the info 
> needed by samba 3 "schema" and I wanted to be sure it won't make any 
> inconsistency problems).
> My intentions are to make samba4 a DC controller to get the domains 
> tree and, after some testing, let samba 4 be the domain controller and 
> leave windows.
> If I can give you any other info you may need, please don't hesitate 
> on asking.
> Regards,
>
> Juan Pablo Lorier
> ------------------------------------------------------------------------
> *De:* Matthias Dieter Wallnöfer <mdw at samba.org>
> *Para:* Juan Pablo Lorier <jplorier at yahoo.com>
> *CC:* "samba-technical at samba.org" <samba-technical at samba.org>
> *Enviado:* viernes, 27 de enero de 2012 18:20
> *Asunto:* Re: Samba 4 to AD join fail, help
>
> Which Windows release runs on top of "srv-mm.montecarlotv.com.uy"? Are
> there any other DCs (with possibly other Windows versions) on which you
> could try to join? I am asking you since it is known that for instance
> Windows 2000 is very problematic.
>
> Thanks,
> Matthias Wallnöfer
>
> Juan Pablo Lorier schrieb:
> > Hi there,
> >
> > I'm a newy at samba 4 and I'm trying to joing a samba 4
> > alpha 17 box to our domain as a DC so I can "drain" the domain info and
> > use the linux box to test samba without disturbing the domain itself.
> > The thing is that I get an error when trying to join the server :
> >
> > [root at vpdc samba]# bin/samba-tool domain join montecarlotv.com.uy DC 
> -Uadministrador --realm=montecarlotv.com.uy
> > Finding a writeable DC for domain 'montecarlotv.com.uy'
> > Found DC srv-mm.montecarlotv.com.uy
> > Password for [WORKGROUP\administrador]:
> > workgroup is CANAL4
> > realm is montecarlotv.com.uy
> > checking samaccountname
> > Adding CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> > Adding 
> CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> > Adding
> > CN=NTDS
> > 
> Settings,CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> > DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 
> 'WERR_DS_INCOMPATIBLE_VERSION')
> > Join failed - cleaning up
> > checking samaccountname
> > Deleted CN=VPDC,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy
> > Deleted 
> CN=VPDC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy
> > ERROR(runtime): uncaught exception - DsAddEntry failed
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 167, in _run
> >      return self.run(*args, **kwargs)
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
> line 162, in run
> >      machinepass=machinepass)
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 949, in join_DC
> >      ctx.do_join()
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 854, in do_join
> >      ctx.join_add_objects()
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 467, in join_add_objects
> >      ctx.join_add_ntdsdsa()
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 416, in join_add_ntdsdsa
> >      ctx.DsAddEntry([rec])
> >    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 379, in DsAddEntry
> >      raise RuntimeError("DsAddEntry failed")
> >
> >
> > The
> > only thing that calls my atention is that instead of asking for
> > CANAL4\administrador password is asking WORKGROUP\administrador.
> > Any Ideas?
> > Thanks,
>
>
>

More information about the samba-technical mailing list