error with configuring subdomain

Sergey Leschenko ser at aska.com.ua
Thu Oct 4 01:21:41 MDT 2012 

Hello, I want to get the configuration of the central tree, the branches 
of which are replicated in the Multi-master mode with his subordinates 
DCs and back. For example:
There is a central dc.domain.local, which is the main DCs for the 
company (realm DOMAIN.LOCAL).
There dc.kiev.domain.local (realm KIEV.DOMAIN.LOCAL), 
dc.lviv.domain.local (realm LVIV.DOMAIN.LOCAL), which are the DCs for 
its branches.

I want that when changes are made to kiev.domain.local, so they 
replicated to DN: dc=kiev,dc=domain,dc=local on the main DC dc.domain.local.

I thought that this should be used:
samba-tool domain join domain.local SUBDOMAIN -Uadministrator 
-realm=DOMAIN.LOCAL -parent-domain=domain.local

but got an error:

lpcfg_load: refreshing parameters from /opt/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file 
"/opt/samba/etc/smb.conf"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding 
ncacn_ip_tcp:195834b8-42cb-45f3-97af-5a311a82736d._msdcs.domain.local[,sign]
Server 
host/195834B8-42CB-45F3-97AF-5A311A82736D._MSDCS.DOMAIN.LOCAL at DOMAIN.LOCAL 
is not registered with our KDC:  Miscellaneous failure (see text): 
Server 
(host/195834B8-42CB-45F3-97AF-5A311A82736D._MSDCS.DOMAIN.LOCAL at DOMAIN.LOCAL) 
unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: 
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Using binding 
ncacn_ip_tcp:195834b8-42cb-45f3-97af-5a311a82736d._msdcs.domain.local[,sign]
Server 
host/195834B8-42CB-45F3-97AF-5A311A82736D._MSDCS.DOMAIN.LOCAL at DOMAIN.LOCAL 
is not registered with our KDC:  Miscellaneous failure (see text): 
Server 
(host/195834B8-42CB-45F3-97AF-5A311A82736D._MSDCS.DOMAIN.LOCAL at DOMAIN.LOCAL) 
unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: 
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS 
-  <Entry 
CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local 
already exists> <>
   File 
"/opt/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 
160, in _run
     return self.run(*args, **kwargs)
   File "/opt/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", 
line 270, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/opt/samba/lib/python2.6/site-packages/samba/join.py", line 
1122, in join_subdomain
     ctx.do_join()
   File "/opt/samba/lib/python2.6/site-packages/samba/join.py", line 
982, in do_join
     ctx.join_add_objects()
   File "/opt/samba/lib/python2.6/site-packages/samba/join.py", line 
506, in join_add_objects
     ctx.samdb.add(rec)
Finding a writeable DC for domain 'domain.local'
Found DC dc.domain.local
Reconnecting to naming master 
195834b8-42cb-45f3-97af-5a311a82736d._msdcs.domain.local
checking sAMAccountName
Adding 
CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Join failed - cleaning up
checking sAMAccountName

Say configuration I want to get possible?

More information about the samba-technical mailing list